diff --git a/rhodecode/model/users_group.py b/rhodecode/model/users_group.py
--- a/rhodecode/model/users_group.py
+++ b/rhodecode/model/users_group.py
@@ -29,8 +29,10 @@ import traceback
 
 from rhodecode.model import BaseModel
 from rhodecode.model.db import UserGroupMember, UserGroup,\
-    UserGroupRepoToPerm, Permission, UserGroupToPerm, User, UserUserGroupToPerm
-from rhodecode.lib.exceptions import UserGroupsAssignedException
+    UserGroupRepoToPerm, Permission, UserGroupToPerm, User, UserUserGroupToPerm,\
+    UserGroupUserGroupToPerm
+from rhodecode.lib.exceptions import UserGroupsAssignedException,\
+    RepoGroupAssignmentError
 
 log = logging.getLogger(__name__)
 
@@ -75,7 +77,7 @@ class UserGroupModel(BaseModel):
                 )
             else:
                 self.grant_users_group_permission(
-                    user_group=user_group, group_name=member, perm=perm
+                    target_user_group=user_group, user_group=member, perm=perm
                 )
         # set new permissions
         for member, perm, member_type in perms_new:
@@ -85,7 +87,7 @@ class UserGroupModel(BaseModel):
                 )
             else:
                 self.grant_users_group_permission(
-                    user_group=user_group, group_name=member, perm=perm
+                    target_user_group=user_group, user_group=member, perm=perm
                 )
 
     def get(self, users_group_id, cache=False):
@@ -292,8 +294,50 @@ class UserGroupModel(BaseModel):
             self.sa.delete(obj)
             log.debug('Revoked perm on %s on %s' % (user_group, user))
 
-    def grant_users_group_permission(self, user_group, group_name, perm):
-        raise NotImplementedError()
+    def grant_users_group_permission(self, target_user_group, user_group, perm):
+        """
+        Grant user group permission for given target_user_group
+
+        :param target_user_group:
+        :param user_group:
+        :param perm:
+        """
+        target_user_group = self._get_user_group(target_user_group)
+        user_group = self._get_user_group(user_group)
+        permission = self._get_perm(perm)
+        # forbid assigning same user group to itself
+        if target_user_group == user_group:
+            raise RepoGroupAssignmentError('target repo:%s cannot be '
+                                           'assigned to itself' % target_user_group)
 
-    def revoke_users_group_permission(self, user_group, group_name):
-        raise NotImplementedError()
+        # check if we have that permission already
+        obj = self.sa.query(UserGroupUserGroupToPerm)\
+            .filter(UserGroupUserGroupToPerm.target_user_group == target_user_group)\
+            .filter(UserGroupUserGroupToPerm.user_group == user_group)\
+            .scalar()
+        if obj is None:
+            # create new !
+            obj = UserGroupUserGroupToPerm()
+        obj.user_group = user_group
+        obj.target_user_group = target_user_group
+        obj.permission = permission
+        self.sa.add(obj)
+        log.debug('Granted perm %s to %s on %s' % (perm, target_user_group, user_group))
+
+    def revoke_users_group_permission(self, target_user_group, user_group):
+        """
+        Revoke user group permission for given target_user_group
+
+        :param target_user_group:
+        :param user_group:
+        """
+        target_user_group = self._get_user_group(target_user_group)
+        user_group = self._get_user_group(user_group)
+
+        obj = self.sa.query(UserGroupUserGroupToPerm)\
+            .filter(UserGroupUserGroupToPerm.target_user_group == target_user_group)\
+            .filter(UserGroupUserGroupToPerm.user_group == user_group)\
+            .scalar()
+        if obj:
+            self.sa.delete(obj)
+            log.debug('Revoked perm on %s on %s' % (target_user_group, user_group))