@Arif
Thank you for your question!
You can use Azure deny assignments to block users from performing specific Azure resource actions even if a role assignment grants them access. For Azure Key Vault, as of right now, the only way you can add your own deny assignments is by using Azure Blueprints.
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.