You only need to create one role pr "access rule". E.g. if you want people (one or more) to access one function you need a role. This role can then be assigned to one or more users and/or user groups.
To simplify management you should make users in user groups and assign roles to these groups.
E.g.
Role A: read access to documents (class x). Is assigned to Group A.
Group A: a user group which contains n number of users. All users who are created under this group will get access to class X as defined by Role A.
In your case you can set this up using sections or subtree permissions. And yes, it's possible.
Something else: I want to give a user the rights to view only '/sports/soccer/'. Works fine; The user can login and see the root (with only one folder: sports). The user can click 'sports' and will only see the folder 'soccer', etc...
Is it possible that the user cannot see the folder 'sports', only 'soccer' ?
Situation: The user logs in and get to 'Root'. There is only one folder, named 'soccer'. Is that possible?