Uma-policy - negative logic does not work?

I’m looking for advice on what I’m doing wrong regarding the usage of uma-policies.

I’ve set up a very simple policy on my resource that I would expect to evaluate to “deny to users in these groups”:

“description”:“users not in these groups”,

Evaluation of this policy gives the opposite of what i’d expect.

I attempted to upload a second screenshot of the groups the user is a member of (/pk_1_1), but because i’m a new member it won’t let me.

If the user was in “pk_1_1” group, would this policy not DENY for the user?