Using the nmf_deny_unknown flag on a nodemap we can reject requests that specify a UID or GID that does not belong to the respective client to FS map. See for example new_init_ucred():

 210         if (nodemap && ucred->uc_o_uid == nodemap->nm_squash_uid) {
 211                 /* deny access before we get identity ref */
 212                 if (nodemap->nmf_deny_unknown) {
 213                         nodemap_putref(nodemap);
 214                         RETURN(-EACCES);
 215                 }

It would be useful to have a way to apply the same logic to the UID and GID of the inode to be accessed. That is, if either ID is not in the respective FS to client map of the nodemap for the export the deny access to the inode. This would be most useful when used with subtree mounts for a single user. It would also need to be an opt-in flag on the nodemap or it would be too disruptive to existing nodemap use cases. One potential complication/objection is that nodemaps are handled in the mdt layer whereas permissions are checked in the mdd layer. But I don't think this is a huge issue for this use case.