Users can be granted access to projects based on the OU that the users and projects belong to.
However, permissions can be more specific if needed, e.g. an OU has a sensitive project that not everyone at that OU should be able to see.
The level of access to projects (the permission group) can also be set per OU or per individual.
Permissions groups are defined as what access users should have to different areas of the site. These access levels can be separate for projects a user is assigned to versus those they're not.