I use OperationAccount(say, op1 ) and tried to change an user attribute.
op1 is member of AccountOperator and it has full controll of target user.
But op1 do no have any allow,deny permission of target user and I coud not change target user attribute.
security permission is not simple union of ACE ?