For the same group, remove the modify/create/delete permissions on that path.
Make sure that the users' own ACLs are not overriding group's permissions or same user is not a part of other groups that has "edit" access. Resolve ACL related conflicts, if any.
Alternatively, you can validate the "Effective permissions" for same user/group on that path via /crx/de console.