I'm not sure if it's been ported to OpenACS yet, but have you looked at the general permissions module? The module lets you attach row-level permissions to any table. So, in the intranet case, you could define a set of permissions "view", "modify", "allocate", etc. and attach these permissions to the rows in the intranet table(s). Then you could attach user-groups/users to these permissions/rows.
The ACS4 permissions mechanism provides a similar mechanism, but in a more general way. However, the general principles are the same. If you're interested, please check out the ACS4 Project Central page and take a look at the permissions requirements and design documents.
