Prohibiting Inclusion on Project Lists
If a group is prohibited from inclusion in a project list, its rights are not accrued. For example, assume again that file X's ACL includes two entries: one that permits group A read access to file X and one that permits group B write access to file X. Assume that the project list inclusion property is set to disallow group B from project lists. A principal who is a member of both groups A and B who tries to access file X is allowed only read permissions, not write permissions. If the project list inclusion property allows group B to be on project lists, a member of groups A and B receives both read and write access.
You may decide to prohibit some groups from inclusion on the list. You may, for example, want to prohibit any reserved groups with access rights similar to root from inclusion on any project lists.