Access to certain branches

How do I create bind users such that some bind users can have read/write access to one branch within the directory, and only read access to the rest of the directory?

I know how to create some bind users who only have read access, and other bind users who have read/write access, but is there a way to limit certain areas of access for bind users?

Thanks for your help!

I've figured out that if you declare the same user twice, one with admin access and the other with reg user access within the same access control file, the user can have read access to one and write access to the other:

set admin-user = {
user = <o "PennState"><ou "Faculty"><cn "mrLion">
subtree = <o "PennState"><ou "Faculty">
};

set reg-user = {
user = <o "PennState"><ou "Faculty"><cn "mrLion">
subtree = <o "PennState"><ou "Students">
};


This will allow the "mrLion" user to be able to modify the Faculty area of the DIT, but only ready access to the Students area. However, this is quite tedious, esp. with several users. I'm still trying to figure out if there is a way to deny modify access to admin users for some areas of the directory.