I'm not sure that this level of granularity will be supported in AtoM. However, one thing you could try would be denying "View draft" permissions to the authenticated group, and then adding them back to each other group that needs to see them - for this custom group, just for the target fonds or series, by using the "Permissions by archival description" option. See:
A couple important things to note, however:
First, I'm not sure this will work. All other groups inherit base permissions from the authenticated group, so you may have problems if you deny View Draft permissions there. You can try manually adding back View Draft permissions to other groups, but you will need to do so for all of them, even the default groups like Administrators. Even then, there may be problems.
As to why there may be problems - AtoM's permissions module is very old, and was first implemented in 2008 or 2009 when web-based technologies were far less mature, AtoM was in its infancy, and its primary use case was small institutions with simple permissions needs and small collections. Currently there are many known issues with the module, all of which are related and difficult to fix individually - but so far we have not found community sponsors willing to fund an overhaul of the permissions module to make it more scalable and performant.
I have previously described some of these issues in the following threads:
The second one in particular describes some issues that can happen when you start trying to selectively deny "View Draft" permissions.
We would very much like to replace AtoM's current permissions module with a modern Identity and Access Management library, but this will require major development, and as such, will need support from our community. If you would like to learn more about how we maintain and develop AtoM, please see:
In the meantime, good luck, and let us know how it goes.
he / him