You will never be able to satisfy that requirement.
The 'admin' user is a super user that cannot be modified.
Note 'admin' and an 'Administrator' are NOT the same thing at all.
Also seek to understand the WHY behind that requirement -- so so so many features require jcr:read on /home