BUGs: Gateway+WARP can't block by GroupID, GroupName

I have a basic policy to block unsafe categories/content on the network. Latest WARP client installed.

The only way to enforce the block is to use individual email addresses. Trying to use GroupIDs or Group Name results in the policy not being applied (so i can have it applied to multiple users at once without needing to list every one individually).
I copy paste the GroupID from the group screen into Selector= User Group IDs.

In the Gateway logs it says that access was allowed because there was no policy match.

BUG #2
Creating a DNS policy and using user email in the selector results in the selector having limited choices. If you save the policy and then go back into the selector to change it to Group IDs or Group Names - you can’t because those options are now gone (along with some other options).