Is this possible, that, rather giving individual users access, we can revoke
access to the configured objects, from certain users?
This can be useful for "shared hosted" environment, where by default we want
to give new users access to the object, but if someone misbehave, we may
revoke from such misbehaving users individually.
For instance, say we have a configured object, Mail.SMTP, and we have given
access to "Web Anonymous Users" group.
So all existing and new clients can send mails. But we want to revoke access
to certain users who were misbehaving and involved in spamming/abusing the
service.