I came accross this text on MS web site about using groups in AD
When to use groups with domain local scope
Groups with domain local scope help you define and manage access to resources within a single domain. These groups can have as their members:
• Groups with global scope
• Groups with universal scope
• Other groups with domain local scope
• A mixture of any of the above
For example, to give five users access to a particular printer, you could add all five user accounts in the printer permissions list. If, however, you later want to give the five users access to a new printer, you would again have to specify all five accounts in the permissions list for the new printer.
With a little planning, you can simplify this routine administrative task by creating a group with domain local scope and assigning it permission to access the printer. Put the five user accounts in a group with global scope and add this group to the group having domain local scope. When you want to give the five users access to a new printer, assign the group with domain local scope permission to access the new printer. All members of the group with global scope automatically receive access to the new printer.
Why can't i just use a Gloabal group with five users and assign it Printer permissions.
It says i have to add the Global group to Domain local group and assign permissions on it.