In my case, I needed to limit access to a directory that is a few levels down from the share top. Yes I could have moved it to its own share, but that is not its logical place.
I tried to use ACL but didn't have enough skillz. What I ended up doing, was that I made my user the owner of the directory with +rwx rights, I gave +w rights to group as a certain program needs to be able to write to that directory, and -rwx to other. This isn't perfect. I think, technically, the blocked user is able to write and delete files from the directory. But in my case it's enough to keep out family members who have never seen Linux.