Concatenating the groupname and username columns in a Db query where groupname X is null

I'm trying to get a list of contentid's with the following criteria

Content ID has a view restriction and group X doesn't have access.

The issue is, when you try and slice this up, because groupname and usernames are in separate columns, if you just try and say 'where groupname != X', you don't get any rows of contentid's where the restrictions are purely based on usernames,

So after a lot of messing around, it looks like the easiest way would be to concatenate the two columns, name it something like restrictions and run a 'where' clause of 'restrictions not like X'

I started playing around with concactenations but one issue is you need to put the 'where' clause in a separate block, as you can't run where's on the initial concat query.

If you're wondering why, it's because if you dont parse out the Edit only pages, when I run my script to add the group with view perms, an edit only page with no view restrictions suddenly has them, learned this lesson on the production instance the hard way. thankfully it was reversable.

This is the skeleton I'm working with that needs the tweak

SELECT distinct c.contentid
FROM SPACES s, content c, content_perm_set cps, content_perm cp, content_perm_type
where
s.spaceid = c.spaceid and
c.contentid = cps.content_id and
cps.id = cp.cps_id and
c.contenttype = 'PAGE' and
c.prevver is null and
c.content_status = 'current' and
s.spacestatus = 'CURRENT' and

and content_perm_type = View
cp.groupname != '_confluence-browse-all';

any help would be appreciated.