You can set different permissions on a single Content for users/groups/organizational units using the sensenet Permission System. There are a number of different permission types that can be used to control different types of access - access like see, open, save, etc. These permission types are related to each other and setting a specific permission type may result in automatic setting of another.
These constraints are implemented both on the UI and on the backend, there is no way to circumvent them.
The different permission types fall into one of the four permission groups:
Except: Preview without watermark and Preview without redaction are independent from each other so these permissions are on the same level.
E.g. allowing Publish allows See, Open, OpenMinor:
Exception: Preview without watermark and Preview without redaction do not clear or deny each other.
E.g. denying Restricted preview denies Preview without watermark, Preview without redaction, OpenMinor, every write permissions: Save, Publish, ForceCheckin, AddNew, Approve, Delete, RecallOldVersion, DeleteOldVersion and Manage lists and workspaces.
Allowing SetPermissions allows SeePermissions. Clearing/denying SeePermissions clears/denies SetPermissions.
Allowing Manage List and workspaces allows all permissions in the open group, Save, Add new and Delete permissions. Clearing or denying any of the mentioned permission clears or denies the Manage List and workspaces.
Is something missing? See something that needs fixing? Propose a change here.