This is an example on how to restrict a user from reading certain jobs on an instance without using an Explicit Deny policy.
I need help in setting up job based access restriction for a certain user. How is this done?
The client wanted an example on how to block a specific user from a set of jobs using an explicit grant.
1. Create a copy of Default-as-job policy.
2. Change the type of Policy to Access Policy
3. For the Resource Example would be ALL jobs that end with _PROD Example Add the Resource: ACE..*PROD$
4. Remove the ACE.*
5. Check mark Treat resource names as regular expressions
6. Set the following filter:
None/*blank*/global user/string/value/*blank*/Principal Name/NOTEQUAL !=/*usernametobock*
7. Save Filter.