The LocalSettings.php customisations:

• install the extension and
• defined private group privileges.

The http://regional-training.org wiki has the following LocalSettings.php customisations for category:Access Control:

# End of automatically generated settings.
# Add more configuration options below.

##################################
# RBH additions
###################################

## To enable image uploads, make sure the 'images' directory
## is writable, then set this to true:
$wgEnableUploads = true;

# these following 2 lines should be uncommented for apache2 and commented out for nginx
# $wgUploadPath = "/img_auth.php";
# $wgUploadDirectory = "/var/wikis/wiki.arising.com.au/mediawiki/images/";

$wgWhiteListRead = false;
$wgImgAuthDetails = true;

wfLoadExtension( 'HitCounters' );
#$wgGroupPermissions['sysop']['hitcounter-exempt'] = true;

#################################
# SECURITY
#################################

# prevent anonymous edit and view source
function preventAnonymousEditHistory( $output,$article, $title, $user, $request, $wiki ) {
	if ( !$user || $user->isAnon() ) {
		$action = $request->getVal('action');
		switch($action) {
		case 'edit':
		case 'history':
			return false;
		}

	}
	return true;
}
$wgHooks['MediaWikiPerformAction'][] = 'preventAnonymousEditHistory';

# return 404 for anonymous user and invalid pages
function AnonMissingPage404( OutputPage $out, Skin $skin ) {
    $user  = $out->getUser();
    $title = $out->getTitle();

    if ( $user->isAnon() && $title && !$title->exists() ) {
        header( "HTTP/1.1 404 Not Found" );
        header( "Status: 404 Not Found" );
        return true;
    }
    return true;
}
$wgHooks['BeforePageDisplay'][] = 'AnonMissingPage404';

# Page Access authorisation
require_once "$IP/extensions/rabcg/RestrictAccessByCategoryAndGroup.php";

# RBH permit upload of these extensions
$wgFileExtensions = array_merge( $wgFileExtensions,
     array( 'doc', 'docx', 'xls', 'xlsx', 'mpp', 'pdf', 'ppt', 'xlsx', 'jpg',
         'tiff', 'odt', 'odg', 'ods', 'odp', 'xml', 'exe', 'zip', 'msg', 'tar'
         , 'mp3', 'wmv', 'mov', 'mp4', 'txt', 'svg', 'dss', 'rar', '7z', 'sh'
     )
);
#$wgFileBlacklist = array_diff( $wgFileBlacklist, array ('exe') );

$wgTrustedMediaFormats[] = 'application/zip';
$wgMaxUploadSize=640 * 1024 * 1024 ; # RBH

# SECURITY prevent public privleges  (anonymous user)
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermisisons['*']['createpage'] = false;
$wgGroupPermissions['*']['createaccount'] = false;

# sysop can
$wgGroupPermissions['sysop']['createaccount'] = true;

# only private can access
$wgGroupPermissions['private']['*'] = false;
$wgGroupPermissions['private']['private'] = true;

$wgGroupPermissions['users']['*'] = false;

$wgGroupPermissions['sysop']['deletelogentry'] = true;
$wgGroupPermissions['sysop']['deleterevision'] = true;

$wgShowExceptionDetails = true;
$wgRightsPage = 'wiki rights';

$wgDebugLogFile = "/var/wikis/wiki.arising.com.au/log/debug.log";
$wgShowExceptionDetails = true;
$wgDebugComments = true;
$wgSend404Code = true;
$wgEnableScaryTranscluding = true;

summary

These privileges may be assigned to a selected user from the Special:UserRights page, and are accessible in the php hook via $user->getGroups().

.

Categories may be assigned to a page, where the category may be associated by name to group.

Matches are performed case-insensitively, and when they occur, it means that the page is subject to fine-grained category:Access Control that is implemented by the Regional-training RestrictAccessByCategoryAndGroup.php extension.