If you add a supplemental group 'disk' to user 'nbd' then I believe the nbd-server should be able to read/write to the block devices. This opens up the security for the nbd-server to read/write to any disk which is up to you if that is ok security wise.
A more constrained approach could be to set up a systemd service file or upstart/init script to change the disk ownership that you want to export (preferably by label or uuid) to user=nbd group=disk and that should let the nbd-server access just that disk