When configuring geolocation detection, the most restrictive options will always apply. For instance, if you deny registration/authentication from the UK (Country), and then allow registration/authentication from Sheffield (a City within the UK) then any registration or authentication requests from Sheffield will still be denied.