I would create a user role that is allowed to create accounts but can manage users with all roles selected, with the exception of the Administrator and Directie roles. This is standard functionality, see:
If you want to restrict this on xpath (not a secure solution) then set the xpath on the user role field in the account dataview to :
[id != '[%UserRole_Administrator%]'][id != '[%UserRole_Directie%]']
Be ware that this is not a secure solution as you are not restricting access to the roles and these will be accessible from the client. I strongly suggest to go for the first solution.