Yes.
> What about group/role based security concepts?
Yes, those have been standard in RDBMSs for decades.