Add the following text to your authz specifying a user by name for path-based authorization (<reponame>
can be the name of any repository).
[<reponame>:/branches/calc/bug-142/secret]
harry =
To give Harry readonly access to the secret folder then do the following.
[<reponame>:/branches/calc/bug-142/secret]
harry = r
These will specifically deny a user from having any less restrictive inherited permissions.