diff --git a/graphql/api/index.ts b/graphql/api/index.ts
index 4cf1fda..6f1a358 100644
--- a/graphql/api/index.ts
+++ b/graphql/api/index.ts
@@ -159,6 +159,7 @@ export class QuerySet {
       if (step.filters.where) querySet.where(...step.filters.where);
       if (step.filters.whereIn) querySet.whereIn(...step.filters.whereIn);
       if (step.filters.whereNot) querySet.whereNot(...step.filters.whereNot);
+      if (step.filters.whereNotIn) querySet.whereNotIn(...step.filters.whereNotIn);
     }
     step.children.forEach((c) => {
       const joinedF = typeof c.fk === 'string' ? c.fk : c.fk[0];
diff --git a/graphql/api/utils/diagram.ts b/graphql/api/utils/diagram.ts
index 7f55c4c..21dce64 100644
--- a/graphql/api/utils/diagram.ts
+++ b/graphql/api/utils/diagram.ts
@@ -85,17 +85,18 @@ const recurseAuth = (plan: AuthQueryPlan, parent?: AuthNode) => {
 
   if (
     plan.filters &&
-    (plan.filters.where || plan.filters.whereNot || plan.filters.whereIn)
+    (plan.filters.where || plan.filters.whereNot || plan.filters.whereIn || plan.filters.whereNotIn)
   ) {
     const filterName = (c: string) => {
       if (c === 'whereIn') return 'where in';
       if (c === 'whereNot') return 'where not';
+      if (c === 'whereNotIn') return 'where not in';
       return c;
     };
     const cond_text = Object.keys(plan.filters || {})
       .map((c) => {
         if (typeof plan.filters !== 'undefined') {
-          const filter = plan.filters[c as 'where' | 'whereNot' | 'whereIn'];
+          const filter = plan.filters[c as 'where' | 'whereNot' | 'whereIn' | 'whereNotIn'];
           return (
             (filter &&
               `${filterName(c).toUpperCase()}\\n${plan.table}.${
diff --git a/graphql/auth.ts b/graphql/auth.ts
index 1e0df3b..d218c97 100644
--- a/graphql/auth.ts
+++ b/graphql/auth.ts
@@ -13,6 +13,9 @@ export const groups: { readonly [authGroup: string]: AuthFilters } = {
     sites: {
       where: ['healthReg', 'CSC'],
     },
+    datasets: {
+      whereNot: ['datasetID', 'NML-WWMPOX'],
+    },
   },
   bccdc: {
     sites: {
@@ -20,6 +23,7 @@ export const groups: { readonly [authGroup: string]: AuthFilters } = {
     },
     datasets: {
       whereIn: ['datasetID', ['BCCDC', 'NML-WWPCR']],
+      whereNot: ['datasetID', 'NML-WWMPOX'],
     },
   },
   hnj: {
@@ -28,12 +32,16 @@ export const groups: { readonly [authGroup: string]: AuthFilters } = {
     },
     datasets: {
       whereIn: ['datasetID', ['NML-WWPCR', 'NML-GXWW', 'onsite-GXWW']],
+      whereNot: ['datasetID', 'NML-WWMPOX'],
     },
   },
   pho: {
     sites:{
-      whereIn: ['healthReg', ['Dryden', 'Kenora']]
-    }
+      whereIn: ['healthReg', ['Dryden', 'Kenora', 'Toronto']]
+    },
+    datasets: {
+      whereNotIn: ['datasetID', ['NML-WWMPOX', 'OMECP']],
+    },
   },
   open: {
     sites: {
diff --git a/graphql/types.ts b/graphql/types.ts
index 3d5c29c..778c333 100644
--- a/graphql/types.ts
+++ b/graphql/types.ts
@@ -10,6 +10,7 @@ export type AuthFilter = {
   readonly where?: [any, any];
   readonly whereIn?: [any, any[]];
   readonly whereNot?: [any, any];
+  readonly whereNotIn?: [any, any[]];
 };
 
 export type AuthFilters = {