I have 3 nested groups of users:
Group | --> Sub Group | --> Sub Sub Group
The top group is also in posession of administration rights on the system.
From my understanding, whenever a user in the "Sub Sub Group" enters any sort of data (i.e. new accounts and such), the users in the "Sub Group" should be able to edit that data since they are the supervising group. However, when a user of the "Sub Group" edits anything that is owned by a user in the "Sub Sub Group", the user will be kicked out of the system, with a HTTP 500 returned via browser. The administration group (top level) is able to edit all entries from all sub-groups without problems.