ad 1) according to the documentation ( http://docs.oracle.com/cd/E28280_01/doc.1111/e26692/securityacls.htm#BEIIHJAH )
"At least one of the following must be true for a user to be granted a particular permission:
The user's name appears in the xClbraUserList metadata field with the appropriate permission.
The user belongs to a group that appears in the xClbraAliasList metadata field with the appropriate permission.
The user is part of an Enterprise role that appears in the xClbraRoleList metadata field with the appropriate permission."
meaning that OOTB a user will be granted both Read permission as per user-granted permissions and RWD as per group-granted permissions (resulting into RWD because at the same level a union operation is used).
I'd say that conceptually, the group assignment should not be used in your use-case, because you don't want to assign permissions to group's users, do you? You could create new groups, or use assignment of permissions per user.
ad 2) check this: http://docs.oracle.com/cd/E28280_01/doc.1111/e26692/securityacls.htm#BEIIDCGD
Using ACLs, regardless User or Group Access Lists, always impacts the performance. And, it is difficult to maintain. From the information at the link you may understand how it is implemented - basically, the execution of the query will be affected by: a) how many items have to be evaluated b) the length of strings (xClbraUserList, xClbraAliasList) to be evaluated.
I am looking for performance considerations for User access list like it is mentioned for content server accounts here:http://docs.oracle.com/cd/E25178_01/doc.1111/e10792/c05_security.htm#BGBGIJDJ.
I understand performance depends on how many items to be evaluated and length of the string. i would like to know. do we have performance consideration documented anywhere for UAL like if we have assigned x number of user to the document/if user is assigned to y number of document then how much serach performance will be affected?