Managers can be given a different privilege set and thus can be given different record level access control calculations that limit access differently. Thus enabling you to do what you want here.
What I see in your screen shot would see to require three such privilege sets. The bottom row represents the most limited privilege set. Rows 3 - 9 would represent a manager level of access where they can see all records for a specified department. and row two would require a 3rd privilege set.