Windows security is inherently user based.
Setup a user on the machine holding the shares with the permissions you want them to have *on the filesystem*. If you use NTFS, and you should, those filesystem permissions are a secondary layer to the share permissions. You can then use that user, to access the share, in the format <ComputernameHoldingTheShares>\<Username> or maybe <Username>@<ComputernameHoldingTheShares>. If you have the same Usernames with the same password set up on both computers, it should even work directly without having to enter credentials.
The share permissions are a relic from almost forgotten times :p. They were required in times of filesystems that did not support security, like FAT. Nowadays they are mostly redundant and it is just an additional hassle to keep them up to date. Even in a corporate setting, these are generally set to "Everyone" and the actual fine tuning is done using filesystem security settings.
SInce you currently have shares running, i assume the windows firewall is properly set up (or turned off :p).
So, let's assume your CAD-PC holds the files you want to access. Creativly, it's actual computername is "CAD-PC"
So, you setup a local user on CAD-PC, lets call him shareuser, with some arbitrary password.
You create a folder, call it whatever, and setup NTFS permissions how you want them, how fine grained however you want it. Do not forget to setup inheritance properly. If you need help there i can give you a couple of pointers.
With the filesystem permissions set up, you can share that folder and give it a share name. Let's say "fileshare". Set the share permissions to "Everyone", as you have it now.
If you do not have a NTFS filesystem you want to share, it *should* also be possible to set similar permissions on the share level with that local user.
To access this share on the CAD-PC from the WEB-PC, you can access it directly the following way: \\10.0.0.3\fileshare. You should be asked for credentials. Enter them as CAD-PC\shareuser, and of course the password
Maybe this is too basic, since you already have sharing running, but hopefully this may give you additional insight. I have very little knowledge about Work/Homegrouping, but i suspect this may require a properly working DNS that knows all member computers.