CentOS-6.5 httpd-2.2.15 (centos)

I am trying to understand how directory access control works in Apache-2.2. Does a means exist to revoke access in a subdirectory if access has been granted in a higher one? We restrict access to the entire site via htdigest but some directories are need to be further restricted by the group a user is assigned to. I have this situation:

<Directory /> AuthType Digest AuthName ca.harte-lyne AuthDigestDomain / AuthDigestProvider file AuthUserFile /etc/httpd/access.d/.htdigest AuthGroupFile /var/data/hll_dav/htgroup

Require group staff

AllowOverride None Order allow,deny allow from all Satisfy All

Options Indexes MultiViews IndexOptions FancyIndexing AddDefaultCharset UTF-8 </Directory>

<Directory /Private> Require group management </Directory>

In this setup a member of group staff who is not a member of group management nonetheless can list and download files in /Private. I want to prevent this. Is this possible and if so then how is this done?