two options
- restructure your item group as tree with sub node e.g
All Item Group
Generic Group
Group A
Group B
Group C
Special Group
Group D
Now you can assign end node e.g Group A or group node e.g General Group to users.
option2: create custom doctype to maintain user( or role) vs item group mapping, add one more field to mark the item group as inclusive or exclusive. then create permission query python script, like this How to give permissions to User on Tasks in Projects based on Department? - #2 by szufisher