I am working on implementing an internal site built on AEM 6.3.
I have a business requirement to make the site require the user to be logged in with an employee user group attached to their profile. I looked at implementing this by making all pages have the employee closed user group configured by default, so that they cannot be accessed without it. However, there are other pages within the site that have other closed user groups that are required to access the page, if they have the employee group, this allows the user to access the page even if they do not have the other groups.
So, what would be the best way to restrict access to the entire site, while still requiring specific groups on pages within the site?