Thanks for your thoughts Sreeni.
Couple of comments:
* what difference does it make in adding 25 users individually to distributions vs adding those to one security group and then the security group to distribution?
* what exactly is the server checking? What do you mean by read/write options?
I suggest to have a security group to be added rather than individual to be added. And its the best practice as you can have similar rights for the group of users
Lets say, you have 10 people assigned to one group, but if you want to restrict the access (lets say qvw download permissions or anything else) to one individual, then you can add the user again with the restricted access. I believe this user permissions will be override than the group permissions.