See this video tutorial for an example of how to use these features: Create a private category with limited access for a certain group
The Security tab on the category edit page is used to control both the visibility of categories and what users can do in a category. This is done by defining an access list of groups that associate a group name with an access level. The default permission for a new category is that the group everyone can Create/Reply/See. This means that all users on your forum, including anonymous users, have access to the category. You can change this state by adding or removing groups and changing their permissions.
Adding groups
To add a group to the list, click the Add a group button. On a new forum, the group dropdown will have the everyone, admins, staff, and moderators groups, as well as a group for each of the four Discourse trust levels. If you have added a custom group to your forum, that group will appear in the group dropdown menu.
Once the group is added, you can select between three levels of access: See, Reply and Create. Create is the permission to create a topic in the category. Reply is the permission to post in a topic. See is the permission to see the category’s content. Combining groups with permission levels gives you control over what users can do in a category.
Removing groups
To remove a group, click the 
button.
Category visibility
If a group cannot See a category, that category will not appear in the user interface for its members. Members of groups who have access to a category that can’t be seen by everyone will see a padlock icon next to the category’s badge.
A group that can See a category, but can’t Create or Reply will have the category badge and content displayed normally in their user interface. On the category’s page, the New Topic button will be greyed out and disabled for them. The category will also not be available for them in the composer’s category dropdown menu. Users who can only See a category can still receive notifications for the category and have the category’s content included in their digest email.
Permissions for Admins and Moderators
Admins are always able to Create/Reply/See in a category. Moderators do not have default access to a category - for moderators to access a category they must be included in a permission rule. Moderators are in the staff and moderators groups, they can also gain access to a category by being a member of a custom group.
The difference between the everyone group and Trust Level 0
The everyone group is made up of all users, including anonymous users. The Trust Level 0 group is all users who have created an account and are logged into your forum. You can disallow anonymous access to a category by setting the group to trust_level_0 instead of everyone.
