Hi Eric
Unfortunately the way permissions work is that the permission applies to everyone in the role rather than a subset of users in the role. So giving a user permission to view users means viewing all users rather than a subset of users. This applies to all role contexts except the user context which is what the staff manager role uses so the manager can only see a subset of users (users assigned as their manager)
One possibility to keep groups of users apart is multitenancy - the future users could be added to a tenant and the people who need to view or edit them added to this tenant too in a tenant role such as tenant user manager and when they start move them to the main tenant so others can see them.
This has potential to work - please note the current unsupported features of multi tenancy
Regards