Access controls for the multiple tunneled vnets?

Hi,

This is both a Cloudflare Access and Cloudflare Tunnel query.

Are we able to put access controls in place to ensure that only some groups of users are able to access some of the virtual networks?

Like only the ‘Admin Access Group’ is able to access the ‘mgmt-vnet’?

Thank you