The first "trick" to managing groups is to figure out what they should be doing. You should organize them into groups based on access or desired functions. Some possible examples are:

 

Once you have that figured out you are ready to add your groups. Click on the "security-->groups" item

 

---

Group permissions are aggregate permissions. That means if a user has permissions to an item or script because he or she belongs to a particular group he or she will be able to access that item even if another group to which he or she is a member does not have access.  In Security terms this is known as "optimistic" security. A user get's the broadest group of permissions allows by his or her group membership.