You are close, except in the first policy you should give MyDB [exclude]
Hive Database: MyDB [exclude]
Table: * [include]
Columns: * [include]
Permission: Group=GlobalAccessGroup – All
For giving permission to MyDB, you should created another permission
Hive Database: MyDB [include]
Table: * [include]
Columns: * [include]
Permission: Group=MyDBGroup – All
One major concept in Ranger is by default no one has permission and you have to explicitly give the permission. Also there are no negative permissions. When you give exclude, you are just saying not to include the resource (in this case MyDB) in the policy. It is there to simplify use case like yours.