No. The user can't see the SA2 because the highest level security applied.
Are you setting permissions on subject areas in the RPD?
If yes and you set AR1 "read" permission on SA1 and SA2 and AR2 "read" permission on SA1 and "no access" on SA2.
Your user with both AR1 and AR2 will be allowed to use SA2 (thanks to AR1).
If you are hiding the subject areas with the privileges page on the front-end and you set the subject area SA2 as "denied" for AR2, your user with both roles will not see the subject area when creating a new analysis (the "deny" for AR2 is stronger than the grant of AR1).
So in the RPD the "read" is stronger than "no access", in the front-end the "deny" is stronger than "grant".
ok thanks a lot for both remarks.
i am talking about subject areas in RPD.
Can you also tell me what happens if i define no rule about one subject area?
Is no rule like no permission?
By default a new subject area in the RPD has "read" for "Authenticated User" and "default" for any other app role.
So they all inherit the "read" (the default rule is everybody has access).
If you want to avoid access except for a specific app role you need to change the "authenticated user" to "no access" and leave everything else on "default" except the one you want to set to "read".