As the MSDN Article about GetEffectiveRightsFromAcl reads, you can determine which rights a user has on a given access control list (ACL). The function also includes the groups the user belongs to into its calculation.
It is used in the Windows ACL Editor “Effective Permission” tab as you can see in the image:

JWSCL implements this function in TJwSecurityAccessControlList.GetEffectiveRights and also in the TJwSecurityDescriptorDialog class.

However there is a problem with entries in the given ACL. If a access control entry cannot be resolved to a name, the function fails with ERROR_NONE_MAPPED(1332) (the JWSCL method will raise EJwsclWinCallFailedException and you can get the error result from its LastError property). The error actually comes from LookupAccountSid which cannot map a SID (S-1-X-Y…) to a user’s name (seldom, but it happens). To solve this problem you must make sure that there are no such problematic entries in the ACL. As a solution you can just delete them as shown in the following code. However this solution may change the result!

uses
  JwaWindows,
  JwsclExceptions,
  JwsclACL,
  JwsclSID,
  JwsclConstant;

var
  tempDACL, DACL: TJwDAccessControlList;
  SID: TJwSecurityID;

  EffectiveAccess: TJwAccessMask;
begin
  //a DACL and SID from anywhere
  …

  try
    EffectiveAccess := DACL.GetEffectiveRights(SID);
  except
    on E: EJwsclWinCallFailedException do
    begin
      if E.LastError = ERROR_NONE_MAPPED then
      begin
        tempDACL := TJwDAccessControlList.Create;
        try
          tempDACL.Assign(DACL); //copy ACL

          for i := tempDACL.Count1 downto 0 do
          begin
            try
              //we check only
              tempDACL.Items[i].SID.AccountName[];
            except
              tempDACL.Remove(i);
            end;
          end;

          EffectiveAccess := tempDACL.GetEffectiveRights(SID);
        finally
          tempDACL.Free;
        end;
      end;
    end
    else
      raise;
  end;

  {for example we map the AccessMask to File/Folder access rights.
  You can use other mappings from JwsclConstants.
  }
  Writeln(JwFormatAccessRights(EffectiveAccess,
    {e.g. JwsclConstants.}FileFolderMapping));
  …

Links

MSDN Limitations of the GetEffectiveRightsFromAcl API

GetEffectiveRightsFromACL returns ERROR_INVALID_ACL