Define Separate Security on Forwarder in SQL Server Distributed Availability Group

**In short:** Is it possible to define separate security specifically on the forwarder server in a SQL Server Distributed Availability Group, which crosses domains, in order to allow access to the forwarded database(s)? **Longer Explanation:** For a myriad of reasons my team had settled on using a Distributed Availability Group to satisfy a need to make an existing multi-terabyte database (in an existing AG) available for another section of our company (in a separate domain), and we were under the impression we could define separate security on the forwarder environment to grant access to that domain’s accounts. We have everything working so far, aside from this security question/issue. I have combed over as much of the documentation, blogs, and forums as I care to, but I have not been able to find anything referencing this either in the negative or affirmative. I’m hoping there is some way to address this without having to find a way to add the other domain’s users to our main instance, mostly because we aren’t currently setup to support that from a domain standpoint and something like snapshot replication was/is off the table.