This has been a re-occuring issue here for some time - in Win7, CC7.1.2.x environment:
Many of our users are members of > 32 active directory domain groups.
Only a portion of those groups are actually required for our CC VOB access/security model.
Seems this known issue with Windows, ClearCase, and group list truncation after 32 groups still exists.
I have been using the "CLEARCASE_GROUPS" env variable workaround for a few years now with some of our users (where necessary), which for the most part 'fixes' the issue of users getting a 'access denied' for a VOB that they do in fact have access to (as I ensure they are in the necessary groups beforehand).
In rare cases, this does not fix the issue, and the user still can't access a given VOB (ie. in these cases, "creds" shows the proper groups, but still not allowing them access).
I believe past experience showed that re-creating their Windows profile resolved the issue - but I want to check for your experiences or thoughts (or, a better solution).