My Liferay is connected to a OpenSSO solution & with LDAP import. Thus, I cannot import automatically any user roles (at least I don't know how), but what I can do is import the user's groups.

So my admin users (who should have acess to my site's private pages) are all in a restricted group in my LDAP (let's call it "admingroup"). I set the membership of the site to all users from group "admingroup".

So if I manually put the group URL in my browser (group/mygroup/) I can only access with those users that belong to admingroup, which means it's working properly.

However I want to put a link in my navigation.vm so only users belonging to this group can see it. I tried using permissionChecker in velocity but the options are not exactly what I mean to do:
$permissionChecker.isOmniadmin()
$permissionChecker.isCommunityAdmin( $portletGroupId )
$permissionChecker.isCompanyAdmin($company_id)

since my users are not really admin these will always return false.

So I need to check either a) the user belongs in the group b) the user has permission to the site

How can I achieve this?