Say you are part of two groups. Group A has full rights on the vCenter. Group B has limited rights on a cluster.
You would imagine that since you are a member of Group A and that has full rights on vCenter itself, your rights on the cluster in question won’t be limited. But nope, you are wrong. Since you are a member of Group B and that has limited rights on the cluster, your rights too are restricted. Bummer if you are a member of multiple groups and some of these groups have limited rights on child objects! :o)
Workaround is to add yourself or Group A explicitly on that cluster, with full rights. Then the permissions become cumulative.