diff --git a/redash/permissions.py b/redash/permissions.py
index d5a393940..def4a00af 100644
--- a/redash/permissions.py
+++ b/redash/permissions.py
@@ -17,7 +17,8 @@ def has_access(object_groups, user, need_view_only):
         return False
 
     required_level = 1 if need_view_only else 2
-    group_level = 1 if any(flatten([object_groups[group] for group in matching_groups])) else 2
+
+    group_level = 1 if all(flatten([object_groups[group] for group in matching_groups])) else 2
 
     return required_level <= group_level
 
diff --git a/tests/test_permissions.py b/tests/test_permissions.py
index 170b9b9f3..7ed70e594 100644
--- a/tests/test_permissions.py
+++ b/tests/test_permissions.py
@@ -24,6 +24,14 @@ class TestHasAccess(TestCase):
 
         self.assertTrue(has_access({1: not view_only}, user, not view_only))
 
+    def test_allows_if_user_member_in_multiple_groups(self):
+        user = MockUser([], [1, 2, 3])
+
+        self.assertTrue(has_access({1: not view_only, 2: view_only}, user, not view_only))
+        self.assertFalse(has_access({1: view_only, 2: view_only}, user, not view_only))
+        self.assertTrue(has_access({1: view_only, 2: view_only}, user, view_only))
+        self.assertTrue(has_access({1: not view_only, 2: not view_only}, user, view_only))
+
     def test_not_allows_if_not_enough_permission(self):
         user = MockUser([], [1])