Except Operator

The access control system supports a single operator, EXCEPT. You can use the EXCEPT operator to create exceptions to the patterns found in a rule’s service list and client list. EXCEPT clauses can be nested. If there are multiple EXCEPT clauses in a rule, they are evaluated right to left.

The EXCEPT format is:

list1 EXCEPT list2

where list1 is a comma separated list of services and list2 is a comma separated lists of clients.