You can create groups (folders) to these groups. Both in the jobs area and in the computers area. I have set up a helpdesk group with the tasks that they can run. This way I can prevent them from running un-approved jobs that are in development or have been retired. I also restrict them to not being able to drag and drop a task to a group of computers (prevents the accidental deployment of software company wide scenario). I also prevent them from changing the computer names as I have had many issues with dislexia and fat fingering of computer names. I require an admin to assist with that.
You can set global premissions in "Tools --> Security". You can even import AD users and groups. You can also do what I indicated above by setting permissions on individual objects or folders.
Hope this helps.