Certain aspects and features of the present disclosure relate to providing access control using groups that can be dynamically controlled by group owners, such access control hereinafter referred to as group access control. Group access control can be used to control the transmission of packets on a network layer, or for other access control. A network administrator can provide users with permissions, such as using user roles. Users can then establish groups to share permissions with other users. A group is established by a group owner, who can modify the member list of that group and modify what permissions will be passed on to group members all without the involvement of a network administrator. Members of a group can include users, devices, and network resources. Additionally, data path entities (e.g. routers and access points) can facilitate delivery of packets between group members across multiple logical networks.