I believe that in a line from /etc/exports such as :
foobar can only be a machine (or IP address), not a user.
A nfs share has the permissions of the original file system shared :
$ ls -l movies/file1
rwxr-x--- 23 foo bar 0 Oct 26 10:37 movies/file1
$ grep foo /etc/password
$ grep bar /etc/group
With this config, and the line in /etc/exports, the user that as UID 1001 on the foobar mahcine will be seen has the owner of the shared .movies/file1 file. The members of the group GID 1002 will have r-x permissions....
So by correctly setting permissions you can limit users rights BUT, because there's a GREAT HUGE BUT : but you have to synchronise your UID/GID on all the machine that have access to the nfs share.
In a big network, that means using NIS, LDAP or other.
And even with such a system, someone with root access can change the users IDs, and so get full access easily. Of course root access must be limited to administrators... but if I come with my laptop, I'll too be root on a machine, and will be able to use the UID/GID I want... so you also need to control the network access
All this is why I prefer using samba shares that can be controlled with a user/password request (but that has also its own security issues)