What you describe sounds more like you need to implement a strong role based security model not TDE encryption as a solution to your problem.