You can create a multipass group for group A and B, give A the owner role, and give B only editor/viewer roles.
You might not be able to give roles at the folder/resource level anymore depending on your deployment (that may have been turned off by your platform administrators), as the direction of the governance is to give permissions at the project level, to simplify maintenance work.
As such, it would be strongly recommended to create different projects hosting the resources that need to be permissioned differently, with group A being owner of all.