I am not a guy with much experience in designing a system. But i can give you some advices of what i followed in one of the applications i did.
Make the following tables
Create some user and group tables ...
1) User (id,Firstname,lastname,email...)
2) Group (id,groupname,description...)
3) UserGroup (UserID,GroupID)
Create roles and permission tables ...
4) Menu (id,name,link,isActive,isSubMenuOf) here isSubMenuOf is the id of the parent menu, its null for parent menu
5) Role (id,name,description)
6) Permissions (id,menuID,permittedRoleID)
Assign a Role to either an Individual User or a group of Users..
7) UserGroupRoles (id,isGroup,UserID,GroupID,RoleID)
Now for a particular Menu item to be displayed
1) get the permittedRoleID for the menu item from Permissions table
2) get the UserID,GroupID and check against the UserGroupRoles table for the matching RoleID
3) If rows returned , then he has the permission to that link, else no
Let me know if you find anything better in the future.