Is there a way to deny cloning without also denying viewing?

What I am looking for is a way to deny repository access only (i.e. via any of the Git protocols/SSH), while retaining the ability to give access to the web interface of GitLab.

I fully understand that a determined “user” would still be able to extract the revision history this way, but it would have to be quite the determined user.

Does this exist?

In general, is there a more fine-grained method of access control than the usual private/internal/public setting for the projects and what’s underneath " Visibility, project features, permissions" in Settings/General?

Thanks in advance for any insights you’re able to provide.