I want to restrict some of the service folders in service catalog. I can see there is permission tab with Group and role. But it acts as OR condition.
But I want to provide access for particulär group or user.Please let me know is there any option in catalog.
That's correct - the permissions tab currently has either "everyone can see/request this", or "only members of the following groups/roles can". While it's not possible to say "all members of this group/role -except- for this individual has access", or other more complex boolean sets, what you could do is create a custom group within EEM or the directory you're importing into EEM from that does contain the people you're after, and use the tools available there.
My one caution here, however, is that the more groups that EEM is aware of that a user belongs to, the longer that permission check takes. So I'd recommend avoiding a situation where a user could be in tens or hundreds, to ensure they have a good performance experience.
Yes my worry is its going to create more Groups. Can we restrict based on particulär user? Like how we have on form hide form and show forms.
Unfortunately, you can't link directly to the user in the restriction, no.
However, when looking at the EEM mapping of AD groups, you may wish to restrict it to only pull in the groups you actually need, rather than any superfluous ones.