If you want to restrict a user to a specific branch in the content tree, that user must be able to have read permissions from the root node to the branch or else permission exception will be thrown when the user is using admin ui to administrate it.

To do this and only allow permission along a specific path you need to be able to allow read permission on the root node. Currently UI does not allow you to select the root node.

Example node structure by id

1
1/2
1/2/3
1/2/4
1/5

To restrict a user to 1/2/3 and not let them view 1/2/4 and 1/5 in admin ui you need to add read node limitations to 1, 1/2 and a subtree limitation to to 1/2/3. As a node limitation cannot be selected in ui for the root node this is no possible.