How to make a directory-like access control?

I have tried with rules, but there will be many rules. What I’d like is to allow a certain group of people to have access from a certain node and down. Further down maybe another group will gain access and those from further up in the tree keep theirs. Imagine an organisation divided in sub organisations, those in the main org will see everything within their branch but those belonging to a child organisation will never see up towards the parent.

Any ideas for a neat solution?