Day2 action policies - How to remove an action

I simply want to remove the "Deployment.Delete" and "Cloud.vSphere.Machine.Delete" from any deployment/machine that has an environment tag that equals prod. Everything else (machines where the tag does not equal prod, deployments that do not contain machines [XaaS/workflow], deployments without any environment tag, and failed deployment) should have the ability to be deleted by the user (member).


This seemed easy in theory but it's turned into mission impossible for me. The evaluators of "has any" and "not equal to" don’t produce the desired result. The best I can do is to add the delete action where the environment tag equals dev or test, but that doesn’t exist for all deployments (i.e. XaaS/workflow request, failed deployments, etc..).


Thanks in advanced. Double points for the right answer : )

