If I tap "Allow" will the permission be saved, can allow "only for this time" - until the app is closed? Can I constrain the list of permissions available when the app runs in background?

If you choose to grant the permission during runtime the app would be able to access the underlying resource as many times as it wants until you do clear data or reinstall the app. There is no constraint available in stock Android's Settings app which can restrict the permissions when an app is running in background.

[Are there] other possibilities/apps to control privacy settings in [Android]?

Yes, and as Matthew Read noted XPrivacy is a flexible and powerful app to manage information sharing with installed apps. It is excellent but not perfect so you should not be surprised with crashes of the restricted apps.

Permissions are grouped by the android itself in a way that mixes read access with write access and combines different scopes.

I would like to address that with this quote:

If an app requests a dangerous permission listed in its manifest, and the app already has another dangerous permission in the same permission group, the system immediately grants the permission without any interaction with the user. For example, if an app had previously requested and been granted the READ_CONTACTS permission, and it then requests WRITE_CONTACTS, the system immediately grants that permission.

In plain words it appears to me that Android assumes that if the user is comfortable with granting an app a dangerous permission belonging to a certain group then they would not be having any problem if the system automatically grants rest of the permissions (dangerous or not) of the same group to that app, when requested.

Since normal permissions are always granted and considered safe I recommend you consider directing your attention to permissions groups holding dangerous permissions. Those permissions groups are self-describing and are not as much complicated as they seem to be at first sight.

Related:

• Is it possible to install an app and exclude some of its requested permissions?
• Are there any tools to sandbox a malware application even more than the granted permissions on Android?
• Preventing installed apps from making calls or sending SMS
• Is there a way to block permissions for other applications on Jelly Bean?

If I tap "Allow" will the permission be saved, can allow "only for this time" - until the app is closed? Can I constrain the list of permissions available when the app runs in background?

If you choose to grant the permission during runtime the app would be able to access the underlying resource as many times as it wants until you do clear data or reinstall the app. There is no constraint available in stock Android's Settings app which can restrict the permissions when an app is running in background.

[Are there] other possibilities/apps to control privacy settings in [Android]?

Yes, and as Matthew Read noted XPrivacy is a flexible and powerful app to manage information sharing with installed apps. It is excellent but not perfect so you should not be surprised with crashes of the restricted apps.

Permissions are grouped by the android itself in a way that mixes read access with write access and combines different scopes.

I would like to address that with this quote:

If an app requests a dangerous permission listed in its manifest, and the app already has another dangerous permission in the same permission group, the system immediately grants the permission without any interaction with the user. For example, if an app had previously requested and been granted the READ_CONTACTS permission, and it then requests WRITE_CONTACTS, the system immediately grants that permission.

In plain words it appears to me that Android assumes that if the user is comfortable with granting an app a dangerous permission belonging to a certain group then they would not be having any problem if the system automatically grants rest of the permissions (dangerous or not) of the same group to that app, when requested.

Since normal permissions are always granted and considered safe I recommend you consider directing your attention to permissions groups holding dangerous permissions. Those permissions groups are self-describing and are not as much complicated as they seem to be at first sight.

Related:

• Is it possible to install an app and exclude some of its requested permissions?
• Are there any tools to sandbox a malware application even more than the granted permissions on Android?
• Preventing installed apps from making calls or sending SMS
• Is there a way to block permissions for other applications on Jelly Bean?