Alias for <role type="anonymous" deny-all="*">

@ePirat suggested that it would be nice to have an alias for that only accepts matching options as well as deny-options. His main reason was to help users not to in-correctly use allow-all="" as they may not understand that it actually is the opposite of deny-all="".

Maybe this should be more generalized and a kind of access profiles should be used like: