Role-Based Access Controls (RBAC) for Users

Role-Based Access Controls (RBAC) for Users

I'll try to keep this very simple, because I'm sure the answer is just the same. Thank you for the help in advance. I am not a novice user, just new to Zoho and its architecture. 

Nevertheless, my problem is that I have, for discussion purposes, 15 licenses for 3 different businesses. Leads have custom fields for some business that are not relevant or applicable to another (if those lead fields cannot be hidden / restricted to specific roles then so be it). 

Specifically, the breakdown is: 
  • Digital Marketing - 3 exec roles, 4 marketing user roles
  • Business Acceleration - 3 exec roles, 4 accelerator user roles
  • Structure Finance - 5 exec roles, 2 admin roles
My understanding is that each of the roles under a particular role should not be able to see information on leads and fields thereof when created / assigned to higher-up roles. It's vertical with respect to permissions and access is what my current understanding is and that is what we are trying to achieve to manage a very distributed workforce for business development, sales, and marketing. 

I have multiple problems: 
  1. Marketing should not see the Finance fields, and vice versa;
  2. New Marketing leads should not be visible to Finance admins;
  3. Execs should span across all functional LOBs (This should be working - more just stating a fact);
  4. Leads / Potentials assigned to one user should not be visible to another;
  5. Leads / Potentials assigned to an Executive role should not be visible to an admin or operations user. 
Please advise on what is the best way / most fine-grained options available to organize Zoho CRM to manage multiple businesses, activities by and between inside and outside staff operations within the CRM, and how best to architect the system to reflect the above. Help to achieve this is very much appreciated.