your requirement that group b not see each other makes this impossible. because any groups that are shared automatically are shared to the members of the group.
Perhaps the users wouldn’t be assigned to a group that are the employees.
The general idea is that a group of folks ~30 are not supposed to be allowed to see each other, but rather each one can only see the 5 managers and the 5 managers can see all of the 30 folks.
there is no automatic way to do this without the use of groups and the sharing of said groups. you can use the packet filter to restrict who can talk to whom. you can also use the subscription plugin to restrict the addition of additional users to rosters.