In apstrata, data read and write permissions are controlled using ACLs (from wikipedia: Access Control Lists). Each read or write ACL contains a list of Users and/or Groups specifying who can read or write the data for which the ACL is defined.
Users with the same privileges are set as members of the same Group. A user can belong to one or more Groups or no Group at all. Once a Group is created, it can be used in ACLs to define access permissions for more than one user at the same time.
For specific details on the creation of a Group, please check the SaveGroup API.
For specific details on adding Users to a Group, please check the SaveUser API.