HI Peeyush,
Authorization group will have to be maintained for all Materials and then you put them in say two groups,
Group A: All (minus) those two
Group B: Those two
and then when you will give access to Group B they won't be able to access Group A.
Right now since Auth group is blank for Group A, they can access it as system won't check if there is any auth group maintained and it will bypass that check. (Check in the trace)
Cheers
Zak