iControl requires read/write user privileges as a majority of the methods require both types of actions. I believe what you are asking for method and parameter level authorization. For example, user "A" can modify pool "pool1" but not pool "pool2". Currently, iControl does not support this directly. There are approximately 1500 methods exposed in iControl and it has been determined that building a complex authorization scheme around parameter level validation is usually more easily developed in a custom build "shim" layer on top of iControl. For instance, one customer developed a web portal where the end users logged into were able to control the sections of the configuration that they owned.
We are always looking at how we can enhance security and welcome any specific requests for features.