Hello I have been asked to removed the ability for the helpdesk staff to view certain Directories with the NSS volumes.

I have turned off the IRF created a trustee on the directory with no right but still effective permissions show the group that these guys are in as having supervisor rights to the directory. I came across a simalar issue in a previous job and seem to recall the reason behind that was because if the supervisor right is granted at the root or the O you can not remove it or something like that. This group has neither of those, but can not get rid of the supervisor rights any ideas?
OES1 Linux edir