adavanced user permissions for groups...

Hello there,
I've read and tested now for some time, and haven't found a good solution for my problem yet.

Maybe someone can help... (PHPrunner 5.2)
I have an application where several clients, each with several users, are using the system.
As in advanced security settings on user level, I want that ALL users from one company (or group)

can see/edit their records - no matter which user entered a particular record).
May first attempt: using advanced security settings, with "user can only see and edit his records"

and then choosing not the individual user ID, but the company id as identification field.
Works, but how can I introduce an admin account which can edit ALL records?
I think there might be a better approach to this common question, so how do I do this better?

Thanks
thomas