Security Changes with Essentials 4.0

Hi,

Wondering if anyone can tell me about security and permissions changes in the latest release. We are still at 3.15.

I'm curious about the securituy settings in Rest Manager that allow you to filter access to services, layers, workflows, etc... At 3.x the security model is that any deny trumps any allow permission. So, for windows auth, I have an AD group of all staff, and I deny access to that role for some secure layers in my site. There is no way for me to allow access to those layers for a smaller subset of authorized users. Unless, I create new AD groups that are mutually exclusive, which would be a lot of work to create and maintain. Here is the releveant text from the admin guide:

In the simplest case, a user has a single permission for a particular securable component which is either assigned directly or comes from a role. In this case, the permission determines whether the user has access to that securable component. For example, if you assign User1 permission to access the Legal Size print template, and User1 does not belong to any roles, then User1 can access the template. In more complicated cases, a user might get permissions from multiple places. This means it is possible for a user to have conflicting permissions. When a user has conflicting permissions, a single Deny permission overrides any number of Allow permissions. For example, if you assign User2 permission to access the Cities layer, and User2 alsobelongs to a role that denies access to the Cities layer, then User2 is denied access to the Cities layer.

So, question is: has this changed with 4.0 to be more flexible for my scenario?

Thanks