Restrict the access to some file operations (Implemented through clispec)

Hi All,
We have implemented some file operations like ‘file show/tail’ using clispec. But now we want to restrict the access to this operations for specific group users.

The NACM rule I added:

  <cmdrule xmlns="">
    <command>file show</command>
    <access-operations>read exec</access-operations>

I tried with adding above NACM cmdrule for specific group, to achieve the above requirement, but is there any other, more efficient way to fulfill this?

When you write “more efficient”, what do you mean, why is this not efficient enough?