in the example below mike=user, staff=group, mike/user has rw, staff/group has read only

ls -altr 

…

-rw-r--r--@  1 mike  staff       6148 Mar  1 21:42 .DS_Store
-rwxr--r--@  1 mike  staff       6148 Mar  1 21:42 myScript.bash
-rw-r--r--@  1 mike  staff      47528 Mar 18 10:42 Statement for Feb 29, 2024.pdf

ignore the 1st dash “-“, it’s the “sticky” bit

Three groups – each group is represented by 3 characters in the permissions string in this order user, group, other 

or said another way, permission go on objects like the files above, with three sets of permissions, 1st rwx=user, 2nd rwx=group, 3rd rwx group is all others

so rw- means read, and write but NO execute cuz ita dash

so r– means read, no write and no execute

the 3rd position is the execute position so it is either x or -, so you might see rwx – meaning read write and execute

the reality is these are octals, so sometimes you will see 700 which is -rwx——

users are sometimes (they can be elsewhere too) stored in /etc/passwd, and groups are sometimes stored in /etc/groups

hope this helps