Using Negative Access Control Lists
You can deny a user or group specific access types using a Negative Access Control List (NACL).
cminder12902
You can deny a user or group specific access types using a Negative Access Control List (NACL).
With the CA ControlMinder language (selang), use the following command to deny access:
auth className resourceName [gid(group-name...)] \ [uid({user-name...|*})] [deniedaccess(accessvalue)]