NIS netgroups, ACLs.
It is not possible to restrict access from anyone with root access.
Nothing you can do will work because everything you can do will
have a workaround by them. Turn your NFS access back off and
no one will be able to access the data.