To clarify - My above suggestion should be used with your initial design. The design Rakesh suggested in his Post should also work if you are ok with creating extra roles/relams, etc. Its just 2 different ways of achieving the same result, the box is really flexible and granular when it comes to access control so usually there are several options :-)
