Hi, I think it’s possible to do what you’re looking for with OpenZiti service policies. Basically you create service-policies that are associated with roles, and you assign roles to the identities that are allowed to dial or bind the service.
We’re definitely not talking about a “tunneler issue” at this point though, so could you please start a new thread with the info from your previous post here and maybe include the configs for the service(s) that you want to share between the groups?
Thanks!