A, X and D are working perfect everywhere. It is working for access in the boards and it is working for the group permissions about functions. A, X and D are "advanced settings", they need to be enabled, if an admin wants to use them.
The "normal settings" show just a single column of checkboxes. If you check one of them, the access (or the permission) will be allowed. If you dont check it, then it will be not allowed. If you enable the "advanced settings", which are adding the possibillity to "deny" something, then you will see this 3 columns A, X and D. Checking this X in the middle (in the advanced settings) is almost the same like an unchecked checkbox (in the normal settings).
If you have chosen a very simple system about member groups, group permissions and board permission profiles, you wont need those "advanced settings", you can leave them not enabled. But if you have created a more difficult system, with a lot of very different groups and permissions, the advanced settings can help you.
There might be always some "conflicts", when you are setting permissions. One group shall be able to do or to see something, another group should not be able. Problems start, if you have members, which belong to more than one group. Then you need to check, if your system about the settings for access/permissions is really working for all of your members, they way it is intended.
In the "normal settings" most times it will be enough, to check a checkbox for one member group and to leave it unchecked for another. Group 1 is able, group 2 is not able. If a member belongs to group 1 and to group 2, he will be able.
In the "advanced settings" A and X will do the same: Group 1 has an A, group 2 has a X. Group 1 is able, group 2 is not able. If a member belongs to group 1 and to group 2, he will be able.
This is the meaning of "Disallow, on the other hand, denies unless otherwise granted": The X (for disallow) is only working, if there is no A (for allow) in another group the same member belongs to. The reason for this behavior is the fact, that in the system permissions always are added.
If you dont like it at all, that a member of group 2 will be able to do or to see something, because he is also in group 1, then you could use the D in the advanced settings for group 2. The D will deny this permission or the access for each person that belongs to group 2 and it will overwrite the A this person has got from group 1.
The D is very "mighty", "powerful" and "dangerous", it will always overwrite an A, which comes from another group, if a member is in both groups. D needs to be checked and controlled very well and you mostly wont need to deny something. There are better solutions.
I just translated and tried to understand your post here, Steeley: https://www.elkarte.net/community/index.php?topic=6225.msg44948#msg44948
It seems to me, that you are just confused about this pretty old english language string, which is telling about permissions and ignore in the boards, if the advanced settings are enabled for the boards. In this language string (I think, it had been already there in SMF) some wrong words are used. It is nonsense, what this string is telling: It is not possible for an admin to set member permissions or group access on "ignore". In a board it is only possible to select various "permission profiles", which will work in this board and to give access to a board. With the advanced settings the access can also become "forbidden", denied.
Allowing members "to ignore boards" is another, generell function/feature and it is not given in a certain board by the admin. If this ignore-function is enabled, then members are able to select in their profiles which contents of certain boards they want to ignore. But they still will see all the boards, they are allowed to access.
In my eyes this string on line 90 in ManageBoards.english.php for board access has to be edited.
It is wrong and it is leading to confusion:
$txt['boardsaccess_option_desc'] = 'For each permission you can choose \'Allow\' (A), \'Ignore\' (X), or <span class="alert">\'Deny\' (D)</span>.<br /><br />If you deny access, any member - (including moderators) - in that group will be denied access.<br />For this reason, you should set deny carefully, only when <strong>necessary</strong>. Ignore, on the other hand, denies unless otherwise granted.';
It should be this way:
$txt['boardsaccess_option_desc'] = 'For each group you can choose \'Allow\' (A), \'Disallow\' (X), or <span class="alert">\'Deny\' (D)</span>.<br /><br />If you deny access, any member - (including moderators) - in that group will be denied access.<br />For this reason, you should set deny carefully, only when <strong>necessary</strong>. Disallow, on the other hand, denies unless otherwise granted.';
Just for comparing, this is the string for the advanced settings about permissions on line 74 in ManagePermissions.english.php:
$txt['permissions_option_desc'] = 'For each permission you can pick either \'Allow\' (A), \'Disallow\' (X), or <span class="alert">\'Deny\' (D)</span>.<br /><br />Remember that if you deny a permission, any member - whether moderator or otherwise - that is in that group will be denied that as well.<br />For this reason, you should use deny carefully, only when <strong>necessary</strong>. Disallow, on the other hand, denies unless otherwise granted.';
Someone mixed this up once (by copy and paste?) and made an additional mess with including the word "ignore" in the language string on line 90 in ManageBoards.english.php. I think, this mistake has maybe never been noticed, because almost noone is using the advanced settings for board access.