There is a lot of posts describing how to create security rules.
Basically, you will have to :
- create a customproperty, with 3 values, one for each group, and check "Users" and "Apps" boxes
- go to apps, and for each apps, give the custom property's value you want
- idem for all users
- then go to Security rules, create a new one, template "App access"
- in ressource filter, add the id of your application, like 'Apps_f0ff72b0-29d2-49b2-901b-64a992b299eb'
- in advanced conditions, write ((user.@YourCustomPropertyName=resource.@YourCustomPropertyName))
- repeat for each app
But refer to other posts for more details !