I have found this question to be trickier than expected, so I wanted to put together my favorites links.
Let's start with oficial published information:
- Plan site security (Office SharePoint Server)
- Plan for software boundaries (Office SharePoint Server) [people objects table]
- Best practices for Search in Office SharePoint Server [Manage access by using Windows security groups section]
- How to add lots of users to a site, to a list, or to a document library in Windows SharePoint Services 3.0 and in SharePoint Server 2007
Although those articles seem a good starting point, there may be ambiguous general guidance when a customer tries to implement it. Overall I will simplify with: use Active Directory Groups, take into account boundaries, do not target max limits and understand manageability vs business requirements.
Finally, it is very important to be able to manage this security configuration efficiently, and here the main recommendation is to complement SharePoint with third parties or published tools as:
- Universal SharePoint Manager
- Security Explorer
- Site Administrator for SharePoint
- SharePoint Administration Toolkit (Office SharePoint Server) [Permissions Reporting Tool]
- User Clustering WebPart
- Others community tools: