How to give only specific users the ability to manage specific group

am trying to achieve multi tenancy with keycloak using groups where the tenant=group assuming i have groupX and groupY and each group contain some number of users normally i should have maybe an admin in each group for example userX is admin in the groupX and have the ability to only view and manage users in the groupX and the same things applies to userY .

so far i did create two group and i did join some users to each group and all the users i create have default-roles-master as a role since giving a user admin role will result that the user have the ability to manage all groups.

also i did enable permissions in each group and i did try creating user policy and group policy then i did attach it to the groups permission but i dont think that this was the right thing to do