How to give 3rd party specific directory permissions?

Hi Craig and the Digital Startup community.
Firstly all the best for the new year!

I’m trying to figure out how to give a third party user only access to certain folders and the sub folders there after.

From what i can find in the other forums the best way is to make a new group but i don’t want to mess up the current permissions that my ‘magento’ user has.

I already added my user to the magento user group but this gives access to everything.

For example i would like to give access to my user ‘BOB’ to read and write in the /var/www/html/var folder and sub folders.
/var/www/html/pub folder and sub folders.

Do i just need to make a new group and also add the magento user to it so that there are no issues?

Thanks for your help!