See the REST documentation on [User Groups](http://devcenter.kinvey.com/rest/guides/users#usergroups "User Groups").
In the future, we plan to have console support for groups.
You can set the [collection permissions](http://devcenter.kinvey.com/rest/guides/security#collectionpermissions "collection permissions") via the settings in the console.
You can update the ACL attribute of any entity directly by either by using the [collection access module](http://devcenter.kinvey.com/ios/reference/business-logic/reference.html#collection-access-module "collection access module") in Business Logic or by using the REST API.
**Collection Access Module**
This gives you an API to perform raw data operations like saving and fetching. You can use it to save the entity which has _acl already set to the right value.
For exact _acl syntax, see [Entity and User Permissions](http://devcenter.kinvey.com/rest/guides/security#entityanduserpermissions "Entity and User Permissions"). In the future we plan to provide helper methods, or to make the same syntax as JS library available in BL.
_Example: Caroline wants to create an entity that belongs to an administrative group. She creates a before-save collection hook, in which she modifies request.body._acl to allow access to the administrative group and calls response.continue(). Please look at the business logic guide part on [collection hooks](http://devcenter.kinvey.com/ios/guides/business-logic#collection-hooks "collection hooks")._
See documentation on saving via the [REST API](http://devcenter.kinvey.com/rest/guides/datastore#Saving "REST API").