When it comes to permission management there are two separate areas to look at:
General permission setup for all users, groups and tenants/markets/etc. This should be a predefined hierarchy that is designed by your project-specific authorization matrix, implemented by your development team and rolled-out through your regular deployment process to create groups and assign ACLs. I recommend to leverage the Netcentric ACL Tool  for this.
The "Private Folder" feature auf AEM Assets This is a different use case where regular AEM users (content authors) can create protected folders and authorize other users to access these private folders. See  for a documentation of this feature. In this case AEM will take care of creating groups and setting permissions on a lower (CRX) level when the content author adds users for collaboration to his private folder. AEM will also delete the according groups once access is revoked or the folder is deleted.
While 1 is the basis for your projects overall authorization concept, 2 is a collaboration feature of AEM Assets that sits on top of 1.