Hi Karen, the best way to setup permission for your case is to limit the module level permission and give out more page level permission where needed. The common mistake is the the role gets all the permissions on the Content Module level, which means all editors in that role can edit everything within the content tree, which lead to a lot of deny you have to setup.
The best way to do this is:
For the roles like Marketing Editor, Sales Editor, when you setup the module permission for Content, only check Browse Tree and Read. That's the minimum for the editor to see the tree. And in this case, they cannot edit any content at all.
Then go to the content tree, go to /Marketing > permission, add the Marketing Editor role, and check Edit, modify, delete (maybe). Then similar thing for /Sales with Sales Editor role. Now any one in the marketing editor role will only be able to modify content within the /Marketing section.