A department had the following folder setup, the www, ma, and phd folders have a .htaccess file specifying which netlink ids are allowed in, the docs folder does not:
www
ma
phd
docs

Example case: htaccess in ma folder allows user1 in, htaccess in www folder does not.
If user1 browses to ~account, they are challenged and can not successfully authenticate.
If user1 browses to ~account/ma, they are challenged and can successfully authenticate
If user1 browses to ~account/docs, they are challenged and can not successfully authenticate because docs is a subfolder of www, so under the control of the htaccess file in www.
Here's the catch, if user1 browses to ~account/ma and authenticates successfully, and if on the page there is a link to a file in the docs folder, then user1 will be challenged by the htaccess file in the www folder to authenticate and can not successfully authenticate.

So, in general, htaccess file in folder X controls access to all child folders, unless the child folder has an htaccess file. The child-folder's htaccess file over-rules the parent-folder's htaccess rule, but of course the scope of that authentication is the child folder.