There are for example the project level permission (bigquery.dataOwner) and then one may assign bigquery.dataEditor to a specific dataset for the same group. What permission with be considered?
This documentation should help you: https://cloud.google.com/iam/docs/overview#policy_hierarchy
What this mean is that the upper permission will automatically be inherrited by a resource it manages. For example if you have viewer permission on the project level, even if someone tries to restrict you to not be able to see compute engine, you will still be able to view them as the compute engine will inherit the projects rights.