For a given node at a given level, grant records are examined until one gives a user or group permission to perform an operation or until all the grant records have been examined without finding one that gives permission. If membership in one group does not allow a user to perform an operation but membership in a second group does, the user can perform the operation. However, if a deny record for that node forbids the user from performing an operation, the user cannot perform that operation. The application disregards any grant records for the same node that allowed the user to perform the operation.
Deny records are rarely used. However, they do allow you to create exceptions to the current access rights. Keep these considerations in mind:
Before deleting a project from StarTeam, you may consider hiding it from the users. Creating one deny record at the project level for the All Users group (or for another umbrella group of users accessing the project) denies those users the access rights to see the project. It is essentially hidden from view and cannot be accessed for the group that has been denied.