How can assets in a portal be accessed by only certain group of end users?

@jennifer_zp , i assume when you portal, you meant in AEM Author? You can create the user groups in AEM and assign the selected set of users to the group. User Group can have the permissions as you need. In your case , you can allow read/write/activate permission for your user group. By default you need to deny read for everyone else. 

Your use case seems good fit for collections [0] and CUGs [1]. Not sure if you have a multi tenancy factor too; so that if a user logs in from group X, he/ she sees assets only provided read permission to the group. Multi-tenancy [2] is suitable for authoring environment where as publish tier use cases can easily be implemented using collections and CUGs.  A multi tenancy implementation has to consider many aspects of isolating assets and controlling what options could they see. Theoretically needs a bigger planning and of course a grand implementation. These are few options but the overall solution depends on your use case and the scale you want to achieve. 

[0]- https://experienceleague.adobe.com/docs/experience-manager-cloud-service/content/assets/manage/manage-collections.html?lang=en 

[1]- https://experienceleague.adobe.com/docs/experience-manager-learn/assets/advanced/closed-user-groups.html?lang=en 

[2]- https://experienceleague.adobe.com/docs/experience-manager-learn/assets/deployment/multitenancy-concurrent-article-understand.html 

@jennifer_zp 

It can be done by creating groups and assigning users to them.

Please find below an Adobe document for your reference.

https://experienceleague.adobe.com/docs/experience-manager-learn/cloud-service/accessing/aem-users-groups-and-permissions.html?lang=en