Policy set for the MA confidentiality code. If the access subject is NOT one of those users which consent has been removed, then deny. Note: there is reverse logic here because the Obligation that denies access to the user for this object must be issued when the user has obtained a Permit. So, the caller of this policy must know to reverse sense as well. If a Deny was not obtained above then set Permit by default.