as an entity, rather than a collection of individuals. You can grant permissions on a server to a workgroup, allowing all members to read and write to files, or simply to read them etc.
On a Windows server, anyone trying to access the shared resources will be challenged (in my office we call it the NT challenge) for a username and password. Without a correct login these people will not get in, and will not be able to access the group's resources.
That is a wild over-simplification, but am I on the right track - is that what you wanted to know?