@nabil, thanks! I understand that i have to add something like this:
Is it possible to hide the 'delete' command itself?
Requirement is to deny the operation but still seeing the delete command on the CLI is misleading.
My another problem is when I have rule to deny delete on the container, i am not able to delete optional parameters in the container. I did try to add rule to allow delete for those parameters but the delete-deny-of-container is overriding the optional parameter delete-allow