Consider the following configuration in .htaccess/httpd.conf (or wherever):
AuthName "My Super Secret Area"
AuthType Basic
AuthUserFile /path/to/htpasswd
AuthGroupFile /path/to/htgroup
Require group bestmates
Require user randomguyWhere user randomguy does not belong to the group bestmates.
By default mod_auth of Apache 2.2 would allow only users from bestmates to authenticate, and randomguy won’t have access because he doesn’t belong to the group. In other words, require user directive would be entirely ignored.
To allow both group and user, simply add AuthzGroupFileAuthoritative Off to your configuration (.htaccess/httpd.conf or wherever).
All kudos for the find goes to user newmanium2001 from LinuxQuestions.org.
 
			
Works for me with AuthzUserAuthoritative !
AuthzUserAuthoritative works with me too