[Zope] acquisition and access control

[Oliver Frommel]

Hi,

I have implemented a hierarchical access control with the following scheme:
given the structure /a/b/c/d write access is granted if the AUTHENTICATED_USER
has a role identical to the folder name or one of the parent folders, i.e. 
a user with role b can change contents of folders b, c, and d, but not a.
I need to have a single user_folder and thus can't use a scheme similar to
the content manager's guide ..
It works like this: 

for all parents
  compare role to foldername
  if equal
     grant permission
                    
The problem is that one can change the access path by using acquisition, e.g.
/a/b/a, so a user with only role b can now change folder a, too.
                      
is there a way to disallow acquisition for single folders or objects or any
other way to make this work?

thanks
--Oliver