Security snap

I need more detailed restrictions for a snap. We need to protect a snap from ever reading/writing to the /home//Document directory as it houses important private company data. A blanket allowed access to the entire Home will not do.

Presently, we are forced to not use the firefox snap because of this.

sudo snap disconnect firefox:home

File access then will be mediated exclusively by the desktop portals.