Currently there is no existing method to control groups centrally.
If a user is a part of a group and that group is given permissions, then the user in the group will have permissions wherever that group is applied.
The recommendation is to create a second group, or multiple groups, to manage access for specific users as this is currently the supported method.