Policy conflict handling mechanism
Currently if a user is part of two user-groups and a policy setting conflicts, the setting is not applied.
For example:- A user is a part of group 'All Company' which allows camera and is also a part of group 'project ABC' which restricts use of camera.
The more restrictive setting should be applied irrespective whether these two groups have parent-child relationship or not.
Alexander Martin commented
Another possibility would be a way to "rank," "inherit," or otherwise structure profiles so that they have a particular order of application.
Alternatively flagging a policy as "No Override" or similar would be a useful way to resolve this.