If I set the password restrictions at the organization level, and there
were users that had restrictions set at the user level, which one takes
precedence? TIA.