Per the Planning admin guide:
>>Planning checks access permissions at each level, first by user, then by group, based on the memberís access permissions inheritance relationship. If multiple access permissions exist, the least restrictive access permission is applied (for example, Write access takes precedence over Read access).
Of course the above is assuming that there isn't a conflict between group-assigned and individual planner-assigned security. See: http://docs.oracle.com/cd/E17236_01/epm.1112/hp_admin_11122/ch03s03.html
Per that section of the Planning admin guide:
>>You can specify access permission for individual users and each group. When you assign a user to a group, that user acquires the group's access permissions. If an individual's access permissions conflict with those of a group the user belongs to, user access permissions take precedence.
If you are doing this for a specific user, give him (temporarily) Essbase Write Access to the application and then refresh his filters. You should see exactly how the security is being resolved.
Alternatively, you could query the security directly from Planning:
Scoring disabled. You must be logged in to score posts.