After trying a lot of drupal access control module, the one that seems to suit my style is taxonomy access control lite (tac_lite), being able to set visibility for each vocabulary separately.
However, it does not support the entry that is already posted. I have to edit the database myself with
INSERT INTO drupal_node_access VALUES (xx,yy,'tac_lite',1,0,0);
where xx = node id and yy = group id (role id).