I have a question about windows authentication.

when one domain user belong to multiple windows domain group, say grp1 and grp2, and both groups are granted access to database and given different permissions. when this user logon to sqlserver, which path he got? through grp1 or grp2? how does sqlserver decide on taking which SID to authenticate the user?

thanks,

jiulu