Groups are sets of users, sets of other groups, or both. Groups are created in the portal either by adding them individually as portal objects, or by synchronizing with authentication sources (user/group repositories such as LDAP or Active Directory).
Membership to a group is determined in two ways:
Members are explicitly defined as specific users and/or other groups on the Group Memberships page.
Members are dynamically determined based on rules you set up on the Dynamic Membership Rules page.
The set of activities a user can perform in the portal is based on activity rights given to a group to which the user belongs.
Access to a portal object is based on which users and groups are added to the security page of that object, and the level of access granted (such as Read or Edit).