Every service item has three settings on the Audit tab that allow you to define access by Remedy permission groups. The three options are Visible To Group, Management Group, and Submission Group.
The Visible To Group field controls access to "seeing" the service item on the web portal, as long as you make users authenticate against Remedy. Authentication allows the application to collect and compare the permission groups of the customer against any restrictions on the service item. If you don't enable authentication, the permissions of the web server user (normally KD_WEBUSER, and normally set to be a Remedy Adminsitrator) are used.
The values from the Visible To Group field are stored in field 112 (Assignee group) on the KS_SRV_SurveyTemplate form. Then, lookups by logged in user can be restricted by permission group.
Here is a screenshot of the Audit tab of a service item - Departmental Printer - that shows both the Permission Groups and the Authentication settings.
All of the permissions are set to Public - so any user would see the service item listed on the catalogs web portal.
The Visible To Group field has now been updated to a specific group (Community) and the Public group has been removed.
Here is an image of the web portal with Han Solo logged in - no permissions so he will only see the categories and service items that he has permission to see. The Departmental Printer is in the Network Services category, and since it is the only service item in that category it has been removed entirely from the web portal options.
After Adding the Community permissions to Han Solo, he can now see the desired service item and its category.