I think you're on the right track. The only purpose that I saw for 'Groups' was to limit what permissions a person may have.
The "Group Permissions" trump the user permissions in my experience.
If you're hoping to create groups with the idea that the groups would act like teams that users can be a part of, then you'll be mistaken (as I was).
Instead the groups are levels of access ie. Administrators, Standard Users, Read Only Users.. etc.
If you're trying to go the team set up route, you're better off creating a company contact for each team and assigning your Users to that company. (In theory, I havn't tried it out yet, but I will)