You have a little work to do and I don't have a free test server at the moment to guide you all the way. You will need to make sure you have done this:
config setprop horde Administration enabled
signal-event email-update
Next login to horde as admin, then choose administration, groups, click on the person icon at the right to add a new group. Give it a name, then you must manually enter each user that is a member of that group in the format of user@domain.com. No, you can not re-use users from a previous group. You must do the manual user entry for each group. Make sure to add admin to each group, as users are only able to see groups that they are a member of. Once you have your groups made, goto Calendar, my calendars, create a calender, then edit it and choose your group and give it the permissions you want. Have a user login and they should not have access to that particular shared calender with the permissions you gave them. All users will have a default calendar and this shared calendar. Users can change their default calendars by logging into webmail and changing the appropriate options.
It's a pain, I know, and may get better once/if/when SME switches to LDAP authentication and horde takes advantage of being able to look at ldap users and groups. I don't know that it will for certain, but some reading I did a while back, makes me think that it will.
Your other option is to create the calendar, then edit the permissions and add the appropriate perms on a per user basis.
Good Luck and report back whether this worked for you or not. Like I said, I don't have a test server free at the moment to guide you, but I have done this in the past and it worked in my testing.
John Bennett