Well, this is a lot more complicated, but perfctly possible.
One possibility is to manage security groups by your own.
In Security Groups Configuration, disable all inheritances. You will need to manage that using workflows.
As per your explanation, your company is centered around products. So you need to indicate the Security Group of a Product. You can do that creating a custom field or using the regular Security Group mass update functionality, for instance.
Then, whenever you create a record (an opportunity, an activity), you will need to link it to the corresponding security groups via workflow. For exemple, linking to the security group of the product.
Then, in the Product’s security group, insert all people who is allowed to see all the records related to that product, like your managers.
In the roles, sales people should have Owner level permision and managers have Group level permision.
With this arrangement, regular users will be able to see only their own records and users with Manager role will be able to see all records related to their products.
It’s gonna take some time and try and erros, but it’s possible.