As defined in ietf-netconf-acm.yang, the rules in a rule-list are processed as follows:
list rule {
key "name";
ordered-by user;
description
"One access control rule.
Rules are processed in user-defined order until a match is
found. A rule matches if 'module-name', 'rule-type', and
'access-operations' match the request. If a rule
matches, the 'action' leaf determines if access is granted
or not.";
Continuing from the example aaa_init.xml as described in my previous posting, you should define the data access rules for a particular context before denying access to other contexts.