For the love of god man, DONT use HOMEGROUP! It's a nightmare and an abortion of an effort to make home networking "simple".
If it's a simple matter of limiting access to files and folders to specific user accounts, then you just create a user account on the machine that is sharing the files. Then when you share a folder, there are two different places to set permissions for that folder. One is at the file level and the other is at the network share level and that's the one you want to use when it comes to that resource being accessed from another machine on your network. You can do things there like assign read-only permissions etc and the enforcement of permissions are handled in the network layers of the operating system, not at the file system level. Of course, either place can achieve the same goal, but it's far better to let the right layer of the OSI model handle its job accordingly. Some people like to grant full access through the network share, then assign file permissions using the ACLS at the disk level. To me, that's kind of overcomplicating the issue and it can lead to problems over time when you can't figure out why you can't do something that you should be able to do. Keep it simple!
I am additionally of the opinion that your paranoia over allowing multiple devices have Internet access is misplaced and it is something that I hear far too often from people who don't understand how Internet connectivity works and because they don't understand, they chose to error on the side of caution. Which is GREAT, don't get me wrong, but I like to take such opportunities to try and help people understand best practices so that they don't have to impose such limitations on their personal lives. It's far more convenient when all of your computers can get on the Internet through a high-speed connection such as a cable modem service or FIOS or something similar. And in order to do that SAFELY, just get yourself a modern, well-reviewed, supported and recommended home Internet router / WiFi router and plug your Internet connection into the WAN port, and power it up and go through the instructions for basic setup and you'll be just fine. No one is going to hack into your network for many reasons. First, most home routers don't even respond to traffic requests coming into your network from the outside. They won't even respond to pings, so when hackers are out there fishing for networks that are exposed to the Internet, they will be looking for certain responses that a quality home router won't be giving them. out of the millions of IP addresses available to scan for hackability, there would be nothing coming from your IP address that would give anyone even a spark of curiosity. And in the one in a million chance that they did see something, they would still need to hack your router because of the firewall software in it and if they could get that far, then they would need to re-configure it so that they could actually attempt to gain access to the computers sitting on your home network.
These are not trivial tasks that anyone can just do because they want to. The level of skill that would be required to brute force hack into your home network from the Internet, given that you're using a quality home router, would be so incredibly large, that anyone who had those kinds of skills would not even consider someone's home network to be worth their efforts ... unless the home network belonged to the CEO of Google or some such potentially valuable target. The hard reality is, you're just not that interesting that someone would go through such extreme measures to break into your network. No, you're far more vulnerable just because you have a personal account on your bank's web server. Cause if THIER stuff ever got hacked, then YOUR information is at risk. Hackers want the meat on the internet, not the scraps.
And the way traffic flow works from a computer inside your home to the Internet is like this...
You are on your home computer and you open Chrome and you go to google.com, your computer sends out packets to your local router, which then re-packages your request into a packet that is allowed to exist on the Internet because it uses the public IP address that your Internet provider assigned to it. I also tag the packet with something called a session ID so that when the request is responded to, and your router receives those response packets, it will know which machine on your home network made the request because it keeps track of all that via those session IDs. So your as far as the Internet traffic goes that is related to a computer inside your house is concerned... any information about that computer STOPS at the router and is re-packaged and then forwarded out to the Internet and the responses coming in are then re-packaged with your personal computers private IP address and then sent back to your private computer. The router is the wall in between you and the world, keeping your inside network completely invisible to the rest of the Internet.
Also, the notion of monitoring all of the traffic coming in and out of your house to and from the Internet would be called SNIFFING and that is done with software that is designed to capture packets for later analysis. HOWEVER, there is only ONE group of people who would ever be able to do that with your traffic and those are the people who sell you your Internet connection. Sniffing packets requires being on the same VLAN as the switch port being sniffed. It's actually done at layer 2 in the OSI model which means it cannot be done across a bridge, router or vlan, it needs to see the MAC address of the switch port directly. So unless you're afraid that someone at the cable company would try to hack your router and attach your network, don't think twice about it. You have nothing to be afraid of.
So you see ... The internet is not so simple that it could be compared to someone leaving the door open to their house 24/7 leaving them vulnerable to crooks or evildoers. The better analogy is to think of it like you have a security screen door and a guy sitting at the door checking the credentials of anyone wanting to come into your home and if they aren't on the list that you approved, then they aren't getting in PERIOD. Not only that, but you can also think of it like ... if an evildoer were driving down your street with a spotlight looking for houses that they could break into, when they shine their light on your house, its actually cloaked and all they see is an empty field even though you are really there actively doing stuff.
SO ... don't be afraid to allow all of your computers to have access to the internet ... be far more concerned with how you use the internet and the places you go to on the internet, which can put you at far more risk than simply being attacked out of nowhere... because that's never gonna happen.