A user's account entry in /etc/passwd solely determines which group the user is part of on logging in, while the groups a user is named in within the /etc/group file solely determine the groups the user may switch to after logging in (see the newgrp utility). As with user names and IDs, the numeric effective group ID of a running program determines its access to resources.
For example, if you have a team of people that require access to /home/projects on the system, but you don't want the other users to have access to it, do the following:
chgrp -R projects /home/projects chmod -R g+rw /home/projects
chmod -R o-rwx /home/projects
For more details on permissions, see File ownership and permissions in Working with Files.