CentOS-6.5
httpd-2.2.15 (CentOS)

I am trying to understand how directory access control works in Apache-2.2. Does a means exist to revoke access in a subdirectory if access has been granted in a higher one? We restrict access to the entire site via htdigest but some directories are need to be further restricted by the group a user is assigned to. I have this situation:

AuthType Digest
AuthName ca.harte-lyne
AuthDigestDomain /
AuthDigestProvider file
AuthUserFile /etc/httpd/access.d/.htdigest
AuthGroupFile /var/data/hll_dav/htgroup

Require group staff

AllowOverride None
Order allow,deny
allow from all
Satisfy All

Options Indexes MultiViews
IndexOptions FancyIndexing
AddDefaultCharset UTF-8

Require group management

In this setup a member of group staff who is not a member of group management nonetheless can list and download files in /Private. I want to prevent this. Is this possible and if so then how is this done?