Once you understand how to manage permissions for individual users (as described in the previous section) working with groups is straightforward.
When permissions on tables, views, and procedures are granted to or revoked from a group, all members of the group inherit those changes. The DBA, RESOURCE, and GROUP permissions are not inherited: they must be assigned individually to each individual user ID requiring them.
A group is simply a user ID with special permissions. Granting permissions to a group and revoking permissions from a group are done in exactly the same manner as any other user.
A group can also be a member of a group. A hierarchy of groups can be constructed, each inheriting permissions from its parent group.
A user ID may be granted membership in more than one group, so the user-to-group relationship is many-to-many.