Hi SN1B,
Thanks for reaching out to the communities on this question. My name is Josh Wells and I am support engineer on the Microsoft Dynamics support team.
I have reviewed your situation and I can provide some insight. However, with me in being support, I can explain the limitations/usage of CRM but the real business solution may come from one of our partners on this forum.
It sounds like you did this correctly. From my understanding, you want to use team ownership and have users access things based on team ownership. I'm not sure how much information you came by around security roles but Teams can have their own security roles which can help define permissions. So what I would suggest is to create a "minimal security role" where a user has user level permissions only and assign that security role to the user and to the team. This should give that user only permissions to records they own or the team owns.
msdn.microsoft.com/.../gg334717.aspx
In addition, if you need to have a user in multiple teams, they would have permissions for each team but no more than that. Here is a great article that talks about inherited permissions within CRM around teams:
community.dynamics.com/.../assigned-and-inherited-security-roles.aspx
I hope this gives you the information you need but if you need more information, feel free to let us know.