We can deny access to individual custom asset types for a security group but not Core Assets.

Also, we can’t restrict access to specific KB Folders in the same way we can with Password folders.

These would be 2 very useful security features, especially for co-managed users. (Until the co-managed user feature is improved)