I think you need to clarify, for yourself mostly, what it is you are trying to do here.

...i need to give access to some users in some groups....

1. First what kind of access?

   Read, Write, Execute, Delete, Change permissions, Ownership.

2. If your concerned with giving permissions to users, you should either:
   1. deal with the users as individuals and ignore the group(s) they belong to and give each individual explicit rights on a per file/directory basis.

      This allows very fine grain control, but rapidly becomes a nightmare to administer.

      When you add a new file or directory, you then need to track down all the users that need to have access by backtracking from some other file or directory set of ACLs/DACLs to find the users and groups that have access to that and then add the new file to each.

      And when you add a new user, you then need to track down every file and directory and give this new user permissions to access every one individually.

      This is what I think your asking for code to do in this post. It is the 'Wrong Way'. That way lies madness of a particularly insideous and nasty kind:)

   2. Or, the better, simpler method is to ignore the individuals and only deal with a group (or groups). You make the files/directories belong to a group that you set up for this specific purpose.

      You then make new Users members of this group and they gain all the right accesses to all the appropriate files in one simple step.

      And when you add new files or directories, you just set it/them to be owned by the special group, and everyone who is a member of the group instantly has the right permissions.

3. Of course, if you've started out using the former method, and are now trying to automate the process, then you probably need code to do the backtracking.

   As particle mentions above, Win32::FileSecurity will allow you to find out what permissions are set on individual files.

   Specifically, the Get( $file_or_path, \%permission ); will get you a list of users and/or groups that have DACLs set for the given file.

   You can then translate the masks returned for each user and group in the hash to the corresponding set of specific permission using the EnumerateRights( $mask, \@rights );

   Win32::NetAdmin GroupGetMembers( ... ); will allow you to find the all the members for each group that has specific permissions, but you should really just apply any new permissions to the group rather than to the individual members of it.

Overall, if your currently using the former method, I strongly recommend you move to the latter method as soon as possible. From experience, I can assure you that the pain of the transition is more than compensated for by the ease of management once it is completed.