This policy will deny access to Dublin Core datastreams. Specifically, it will deny access to USER GROUPS making getDatastreamDissemination requests on API-A for datastreams with a datastream identifier of 'DC.' User groups are defined using custom roles in the tomcat-users.xml file. urn:fedora:names:fedora:2.1:action:id-getDatastreamDissemination DC mygroup