Thank you for your reply. The key part is "if you assign permissions correctly". We have several customers who are in the finance industry and there are some very strict laws and contract requirements. We've managed to get this far because we create all of the pages on the GUI, so we define what the customers sees, which adds an addition level of security. However, we want start automating things, as well as allow customer to see all of their monitoring data.

For me it's like a firewall, in that it is that second layer of security. You have your username/password to access a system, but you cannot access the system unless you can reach it, which the firewall prevents. In the case of Zabbix, it would be the firewall is irrelevant as ALL of the customers will be able access the server, so you need to make zero mistakes or you loose customers.

Perhaps I am not being clear with what we need, but there are other products on the market (albeit commercial) that all you to have a central server, but data is first collected on the remote machine and the passed to there central server. Configuration of the respective nodes is also done from the central server. If memory serves me correctly, Icninga has the concept of a "secondary master", where you can also install a GUI.

If zabbix cannot remotely configure the nodes, is it still possible to pass-through all messages from the remote machine to the central server. We have already considered automation solution such as puppet. However, it is a knock-out criteria if we don't both the ability to send all message to the central server and have a GUI on the remote machine for the customers.

I think cyber covered everything pretty well for current Zabbix.

There is a "customer portal" listed as a planned feature for Zabbix 6.2 in mid-2022: https://www.zabbix.com/roadmap

However, the caveats cyber pointed out about the access restrictions being in the central DB are probably going to apply in a similar way to a customer portal view, so it may still not provide the isolation you desire.

Proxy is just a data collector, it has no GUI, it does keep only limited data (until it is forwarded to server). It does not do any calculation or notifications etc. Server is still one and only. But if you assign permissions correctly, your users will see only data, that is available to them (host groups and user groups per customer, only permissions to see their own hostgroups data). You can still configure everything for everyone as superadmin.

I understand you, having a financial sector background.. Unfortunately Zabbix does not provide option of multiple GUIs... You could experiment with such setup, theoretically you can have several), but your access restrictions are still in central DB and your GUI would need access to your central server.. so kind of loses point here...
We have implemented in our environment access in that way, that each support group (defined as usergroup in Z) has access to only those services (defined as host groups) data, what they are supporting. All of it is automatic, based on CMDB data, no manual touching of access rights. For our purposes inhouse it works. For multitenant environment ... I don't know. You might get better answer if you ask Zabbix directly, they have probably more experience with such cases than forum members combined..