You create an organizational view (OV), e.g. 'Department View,' under which you group resources into organizational groups (OGs). You could then place each computer in the Marketing or Accounting group, etc., in that view. You then assign people to roles. The roles have permissions. And the roles are assigned to groups. By connection, you're basically giving people (in roles) permissions (to groups) to computers (in those groups).
Computers can exist in only one group in that view. BILL-PC cannot exist in the Department View within both Accounting and Marketing. But it can exist in the Department View within Marketing, and within the Regional View within United States.
If the multiple view thing confuses you, you can always use just one view.
Does this answer your question?