In my opinion, your case require more than just a quick read on the forum and an answer and it will require more to have a complete answer (look for https://tiki.org/consultants).
I suggest you try to simplify and ask for support on specific and simple question not a complete setup of your permissions.
Yes it’s called category jail. Using category permission you can define such.
However in your case you will have a good headache with permissions cascades.
I suggest your to create a prototype and set demo permission one at the time for one user/group then to expand and see where it fail to correct. Once you know what to do move what you’ve learn to you main website.
I would also suggest you to work with Firefox or Chrome.
Not being rude just realistic... ;-)