My intention is to have ALL users with the Primary User Group set to "Registered".
From here, my Secondary User Groups will have two purposes: styling (naming) and permissions. For example, I will have "permissions" secondary user-groups (Administrative, Moderating). The remaining user groups will be for styling purposes. The "styling" user groups will have all permissions set to "Not Set (No)", because I want permissions to be inherited from the other "permissions" user groups (Administrative and/or Moderating). So, I may have a "styling" Secondary User Group which alters things like the user banner and username CSS, etc. Is this a good approach?
Also, if I had a single permission which I needed to grant, could I have a permission user-group with all permissions set to "Not Set (No)", except the single permission that I wished to grant (set to "Allow")?