Help with IOMAD Moodle security settings.

Summary: I want help creating a user role/account type with a security profile that allows a user allocated to a child business to be able to add, edit and delete courses at their business level, and at any child-of-the-business level, but not the parent business level. Detail: I have a parent company ([login to view URL]) and a child company ([login to view URL]) in IOMAD. At the parent company level, I have some training course that I offer to all the child companies. The child company, [login to view URL], wants the ability to manage their own users and to create their own courses so that their courses are only visible to the child company. To do this, I have created a role called "Company HR Director". It has the same permissions as an IOMAD Company Director combined with the permissions of an IOMAD Teacher. Company HR Director is a system-wide role. I created this role at the parent level because I expect I will need to apply the role permissions to users in other child companies in the future. I have created a user (ChildUser1) for [login to view URL] (child-company level) with this Company HR Director role. The problem I have is that this child-company user (ChildUser1) can edit the courses at the parent level ([login to view URL]). I do not want ChildUser1 to be able to edit courses saved against the parent company. I only want them to CRUD courses at the child level. The solution I want is for the Company HR Director role to only be able to edit courses in their own company or child companies, but not the parent company. Also, they should not have visibility of courses or users in any other sibling company.