Provide “Deny” permissions, in addition to the current “Access” permission on resources
For example, if you set permissions on a vSphere Cluster (Resource), you can choose between “all” or specific groups. If you uncheck “all” and choose specific groups to have permission to a cluster, then create a new group in Morpheus later, you need to make sure to check mark that group on all clusters setup the same. It would be nice to be able to keep “all” selected but have a deny option for groups, which would ensure certain groups would not have access to resources but all new groups would continue to inherit the resources with all automatically. The deny would have precedence.
this construct could be used in other places, other than cloud resources specifically.