You must have missed a spot. You should be able to rename the session variable for one or the other, and then create two separate rules in the helpergroupsrules.php file for SecurityAssist. Then you can refer to the two separate rules when restricting access to the two groups.