We’ve offered support for website access restrictions by NetID for quite a long while, and have fairly extensive documentation about how to implement this for many different scenarios, including by UW Groups and registered students in courses.
One thing that you may not know is that you can also explicitly exclude NetIDs using the “not” directive.
require not user lonely4
This will allow everyone with a NetID to access the site, but not user lonely4.
You can also do this with groups:
require type employee
require not group u_nikky_restrict