Groups can be used to group together a set of users who must have similar access rights for a particular organisation. These users are called members of the group.
Groups can be divided into sub-groups that have their own specific access rights.
Access rights are allocated to a group by adding Access Control Lists (or ACLs) to that group. Sub-groups inherit all of the access rights of their parent groups unless they have specific ACLs that override those rights.