Please read this page instead Occupy.net_CRM_Use#Set_up_Groups_.28for_administrators.29
CiviCRM used with Drupal allows you to develop complex permissions to meet the needs of your organization or community. For OWS, many working groups can use CiviCRM for their contact management needs while maintaining privacy of emails across groups. To setup your permission needs, there are two parts, one in the Drupal permissions and the other in CiviCRM Access Control Levels (ACLs).
Each working group will correspond to at least two sets of people in CiviCRM - admins and people who are just on the contacts list. The following instructions describe how to create one admin group. In some cases it may be desirable to have two admin groups: a Group Admin role and Group Team role. The main difference for these is to provide group admins with a few more options like creating groups, campaigns, surveys or petitions and provide some support to the working group. The Team role is for those who will access contacts for mailings, interviews and the like. You will have to adapt the instructions below if you want separate Admin and Team roles.
 Setting up Groups
The CiviCRM ACLs are linked to a Group, so you will have to start by creating two groups for each working group. One for access control, so named something like "<working group name> Admin", and the other for email lists or newsletters, which could be "<working group name> Email Updates" or similar. You create groups by going to Contacts > New Group/Manage Groups. There would be one group as admin for the Working Group and you can create as many newsletter or mailings list within the group as needed. So for example you would have Direct Action Admins, which is an admin only list, and Direct Action Email Updates, which could be a public list people could subscribe to.
The "<working group name> Admin" group should be checked as an Access Control group, and the "<working group name> Email Updates" group should be checked as a Mailing List group.
After you create the groups you then have to assign ACLs to the admin groups. You do this by going to Administer > Users and Permissions > Access Control.
- Create the role under Manage Roles, one ACL Role is created for each working group admin group (easier if you keep the same name as you used for the group name, "<working group name> Admin"). After you create the ACL Role, go back to Access Control main page.
- Go to Assign Users to CiviCRM ACL Roles. Assign your new ACL Role to the CiviCRM group of the same name ("<working group name> Admin"). Go back to Access Control main page.
- Go to Manage ACLs and add two ACLs, one to View "<working group name> Email Updates" Contacts and the other to Edit "<working group name> Email Updates" Contacts. Each ACL should have the Role "<working group name> Admin" and the Group "<working group name> Email Updates".
 Add group to OWS Newsletter Recipients
Normally you will want members of your email list to also receive the OWS Newsletter, in which case you need to add the Email Updates group to the OWS Newsletter Recipients smart group. To do that:
- Find the OWS Newsletter Recipients group under Manager Groups and click "Contacts" (not settings).
- Click "Edit Search Criteria", and move the new Email Updates group over to the included groups.
- Click "Search".
- Select "Update Smart Group" from the dropdown below the Edit Smart Group Criteria section, and click "Go".
 Adding admins
Users will need permissions under both Drupal (the web framework) and CiviCRM (which is a Drupal module).
Once you have your CiviCRM Groups set up, the working group admins will need to register as Drupal users. Once they have registered as users, the Drupal & CiviCRM admin must go in and set the Drupal user to Working Group Admin. You do this in the "People" Drupal menu option by editing the user role settings. After this, you go into the CiviCRM contacts, search for this user and, under Tags and Groups, assign the user to the CiviCRM "<working group name> Admin" group. Now when they login, they will see on the contacts from their group with the menu permissions assigned through Drupal roles.