This seems like something that is possible, however it might take some time to come up with the structure that would be needed to enable this.
The first thing you would need to do is come up with a way of restricting access to individual pages based on all different rules. So you would basically need to have a rule for each page that checks on a particular variable that is set when the user logs in or is set on the page with the rule based on a recordset that is filtered on the userID.
Once you have individual rules based on specific values you could then add in a table or columns to your users table to hold the access value for each of these new rules. You could then have an update page that will allow you to set the values in these new columns wich will dictate what pages the user has access to.
This is not a simple setup and it will require a bit of work to get implemented correctly but I think it is definitely possible.