From space or SD, user privilege restriction can be configured by creating a user account and assigning a specific role to it. As per the example which you have shared, you will have to create specific domains for it. Then map particular srx and user to a particular domain so that the users assigned to that domain can access only that SRX and policies related to it.
Also it's important to check that domain mapping is done correctly for the users. Once you assign a user to a domain, the same user will be restricted to that domain.
Srx also needs to be managed from that domain for which you want specific user restriction.. You can also move srx across domains but just need to be careful as we need to move the specific policies and objects as well linked to that srx from one domain to another.
Please ensure you do not enable Object visibility across domains as that allow users from separate domain view objects of the parent domain.