diff --git a/src/controller/group.ts b/src/controller/group.ts
new file mode 100644
index 0000000..7b5eb1e
--- /dev/null
+++ b/src/controller/group.ts
@@ -0,0 +1,63 @@
+import { checkProjectAccess } from "@controller/projects";
+import { encryptClearField } from "@utils/decryption";
+import { IKeyRole } from "@models/AccessKey";
+import { Group } from "@models/Group";
+import { planLimits } from "../limits/plans";
+
+export const listGroups = async (userId: string, projectId: string) => {
+    const access = await checkProjectAccess(IKeyRole.VIEW)(userId, projectId);
+    if ("code" in access) return access;
+
+    const groups = await Group.find({ projectId: encryptClearField(String(access._id)) });
+
+    return groups.map(group => ({name: group.name, description: group.description,
+        permissions: group.permissions}));
+};
+
+export const getGroup = async (userId: string, projectId: string, groupName: string) => {
+    const project = await checkProjectAccess(IKeyRole.VIEW)(userId, projectId);
+    if ("code" in project) return project;
+
+    const group = await Group.findOne({ projectId: encryptClearField(String(project._id)), name: encryptClearField(groupName) });
+    if (group === null) return { code: 4009, message: "The provided group does not exist" };
+
+    return { name: group.name, description: group.description, permissions: group.permissions };
+}
+
+export const createGroup = async (userId: string, projectId: string, configuration: { name: string, description: string, permissions?: string[] }) => {
+    const access = await checkProjectAccess(IKeyRole.MANAGE)(userId, projectId);
+    if ("code" in access) return access;
+
+    const count = await Group.countDocuments({ projectId: encryptClearField(String(access._id)) });
+    if (count >= planLimits[access.plan].GROUPS) return { code: 95, message: "You have exceeded the group limit" };
+
+    // TODO: Check if permissions exist
+
+    await Group.create({ ...configuration, projectId });
+
+    return {};
+}
+
+export const deleteGroup = async (userId: string, projectId: string, groupName: string) => {
+    const access = await checkProjectAccess(IKeyRole.MANAGE)(userId, projectId);
+    if ("code" in access) return access;
+
+    const group = await Group.findOne({ projectId: encryptClearField(String(access._id)), name: encryptClearField(groupName) });
+    if (group === null) return { code: 4009, message: "The provided group does not exist" };
+
+    await group.deleteOne();
+}
+
+export const updateGroup = async (userId: string, projectId: string, groupName: string, config: { name?: string, description?: string, permissions?: string[] }) => {
+    const access = await checkProjectAccess(IKeyRole.MANAGE)(userId, projectId);
+    if ("code" in access) return access;
+
+    const group = await Group.findOne({ projectId: encryptClearField(String(access._id)), name: encryptClearField(groupName) });
+    if (group === null) return { code: 4009, message: "The provided group does not exist" };
+
+    // TODO: Check if permissions exist
+
+    await group.updateOne(config);
+
+    return {};
+}
\ No newline at end of file