Is it possible to do the following using 1 polkit .pkla file?

1. Disable all users except those in the wheel group from using polkit.
2. The users in the wheel group will need to provide the root password when using polkit.

/etc/polkit-1/localauthority/50-local.d/wheel-only.pkla

[disable all users except the wheel group]
Identity=unix-group:wheel
Action=*
ResultAny=???
ResultInactive=???
ResultActive=???

The following file works but you need to provide all the users in /etc/group:

[disable all users except those in the wheel group: root and myuser]
Identity=unix-user:daemon;unix-user:bin;unix-user:sys;unix-user:adm;unix-user:tty;unix-user:disk;unix-user:lp;unix-user:mail;unix-user:news;unix-user:uucp;unix-user:man;unix-user:proxy;unix-user:kmem;unix-user:dialout;unix-user:fax;unix-user:voice;unix-user:cdrom;unix-user:floppy;unix-user:tape;unix-user:sudo;unix-user:audio;unix-user:dip;unix-user:www-data;unix-user:backup;unix-user:operator;unix-user:list;unix-user:irc;unix-user:src;unix-user:gnats;unix-user:shadow;unix-user:utmp;unix-user:video;unix-user:sasl;unix-user:plugdev;unix-user:staff;unix-user:games;unix-user:users;unix-user:nogroup;unix-user:libuuid;unix-user:crontab;unix-user:messagebus;unix-user:Debian-exim;unix-user:mlocate;unix-user:avahi;unix-user:netdev;unix-user:bluetooth;unix-user:lpadmin;unix-user:ssl-cert;unix-user:fuse;unix-user:utempter;unix-user:Debian-gdm;unix-user:scanner;unix-user:saned;unix-user:i2c;unix-user:haldaemon;unix-user:powerdev
Action=*
ResultAny=no
ResultInactive=no
ResultActive=no