Generally, one assigns the View Restricted role to the group Everyone for the repository root. Then all users have Metadata Viewing access, unless restricted at a lower level in the repository folder structure.
The advantage of this approach is that access remains for common system type objects like Naming Standards without having to explicitly assign those permissions, as one is only restricting further at lower levels in the folder structure.
Example
Sign in as Administrator and go to MANAGE > Servers.
Select the repository root and the Responsibilities tab.
By default the View Restricted role to the group Everyone for the repository root.
Select the Demo Enterprise Edition folder and the Responsibilities tab.
The View Restricted role is inherited to the group Everyone for the repository root.
To override this role and restrict it to only a subset of users, you may assign the View Restricted to that subset of users. Click EDIT next to the View Restricted role and pick Business Users.
Click OK and then SAVE.
Business Users are now the only users who can see this folder and thus the contained configuration and its models.