Hi there, @y11… if I was doing what you described, I would use an option set to define the user roles, I would have a role field on the User data type (with that field being associated with the option set), and I would likely have a staff field on the User data type that is a list of users.
With that setup in place (and assuming you add users to a supervisor’s staff list field, of course), a privacy rule on the User data type that looks like the following should produce the desired result.