Instead of applying deny permissions or negative permissions (which the system does not cater for) where an administrator would for example want users to view all the assets in all the sites for an organization except the one site you would successfully implement this using a security group.
In other words if you want to give permissions to everything but want to exclude only one or a few sites, , that could for example include the management vehicles, you can multi-select sites and only give the desired permission to those selected.
The reason for this is that we give permissions from a level down in the tree, so you cannot exclude one site down in the tree, but you can multi-select many sites and apply the same permissions to them.
- Go to Manage.
- Under User admin, click Security groups.
- Click on the Add Security group button,
- Enter a descriptive name for the security group.
- Select the group membership.
- Click Save to create the group.
- Click Add permissions.
- Multi-select all the sites except the site(s) you want to exclude.
- Now select a profile for all those sites.
- Assign a role to the sites.
- Click Save.
See the demonstration below: