The key is to set restrictions on any sensitive content. Then you can assign the appropriate Reader role to any user or group you choose.

Based on our previous dialogue, I need to clarify how Role Scoper restrictions work. (this is the same explanation I e-mailed you).

First, remember that a role (Editor, Author, Contributor, Reader) is simply a collection of capabilities (read, edit_post, publish_post, edit_published_post, edit_others_posts). Therefore a user who has the role of Editor also effectively has the roles of Author, Contributor and Reader.

Setting a restriction does not deny all access to a certain group of users. Instead, the a restriction on the Post Editor means that operations requiring the Post Editor role can only be done by users who have that role explicitly assigned for the content in question - having the WordPress Editor role is no longer enough. However, operations which only require the Post Author role will be allowed, unless Post Author is also restricted. Likewise for Contributor and Reader. This is a more complex system than what you envisioned, but consider the advantage of restricting some Editors from editing while still allowing them to read, if you so choose.

If a post has restrictions set on all its categories, the corresponding role must be assigned for the category or directly for the post. If the restriction is on the post itself, only post role assignments count for that role.