The User ID is for logging in, and determining the user’s Site Role: Viewer, Explorer, Site Admin. Groups are simply a list of Users identified together in a group. A user can be a member multiple groups. You can apply permissions on an individual user basis, but it is more common to apply the permissions to the group.
Your Group structure should align with your project & permissions strategy. Do you organize data by business department, business role, geography, cross functional teams…? Every organizational strategy will have it’s exceptions. You want a structure that minimizes the exceptions.
It is generally preferable to assign permissions to Groups rather than individual users. If you’ve ever had someone leave and had to search through every data-source, project, workbook, view to remove that user’s permissions, then you know why I say that. It is much easier to remove the user from all groups and be done.
A common strategy is to create Groups with the same name as the Projects they apply to. This one-to-one correlation is simpler to manage.