Add 'no access' to group/member permissions assignment

My projects are setup as a folder structure basically of subgroups. My problem is when developers log in, they are given the role via ldap of "reporter" for the entire tree. This works fine, but I have subgroups that contained classified code that only project members can get into. Therefore i need a way in that subgroup to override the parents permissions and assign that initial ldap group to 'no access'.

kinda like this

division1 <- [{ldap_login = reporter}] --department1 <- (inherited) [{ldap_login = reporter}] ----appProject1 ----appProject2 --department2 <- (inherited) [{ldap_login = reporter}] ----appProject1 ----appProject2 --department3 <- [{ldap_login = no_access}, {ldap_trusted = reporter}] ----appProject1 ----appProject2 division2 <- [{ldap_login = reporter}] --department1 <- (inherited) [{ldap_login = reporter}] ----appProject1 ----appProject2 --department2 <- [{ldap_login = no_access}, {ldap_trusted = reporter}] ----appProject1 ----appProject2 --department3 <- (inherited) [{ldap_login = reporter}] ----appProject1 ----appProject2 division3 <- [{ldap_login = reporter}] --department1 <- (inherited) [{ldap_login = reporter}] ----appProject1 ----appProject2 --department2 <- (inherited) [{ldap_login = reporter}] ----appProject1 ----appProject2 --department3 <- (inherited) [{ldap_login = reporter}] ----appProject1 ----appProject2

Make sense?

This can very easily be tied into https://gitlab.com/gitlab-org/gitlab-ee/issues/2474 where if inheritance is disabled for a subgroup, it basically resets the permission stack