In the Adobe Admin Console, I removed user ABC from the profile "secGroup1", but they are still in the profile "secGroup2". I asked them to log in to Adobe Campaign Standard, as this, according to this post should propagate the changes to ACS. But in ACS they are still part of both security groups (secGroup1 and secGroup2).
We have this problem with a lot of former employees. They are not Users anymore in the Adobe Admin Console, but still have a user profile in ACS and are part of the security groups. We sent out a testing mail to all users of "secGroup1", triggered by a failed workflow. Users that were in the security group in ACS, but don't have access to Adobe anymore through the Admin Console have gotten the mail. Why is this the case? According to the information I found, they an be lingering in the Users in ACS, but if they don't have access to Adobe anymore they shouldn't receive a mail.