Instead of sorting permissions by group, you can define who can see each object. In this way, you could create documentation in which you can “hide” certain servers from others and don't have to create a funny construct from groups.