If a conflicting policy is assigned to a user vs user group, which will take precedence?

As part of IAM lab, I assigned restrictive S3 access policy to a user and a more relaxed S3 all allowed policy to the user group, to which the user  is a member. I was expecting the restrictive policy assigned to the user will take precedence over the relaxed policy of the user group. But on the contrary, the moment I assigned relaxed policy to the user group, the user is able to access the S3, which overwise restricted.  Which one will take precedence, when we have such conflicting policies ?