Hello,
From my POV you are overcomplicating the situation, by trying to combine, what should be separated.
The SRX is a switch/router and FW, so I would create the individual VLANs per Department. Zone per functionality and IP Range per your needs.
Having a strong FW feature set (Zones) you should be in the position to create rules in the way you need.
Limiting the time/volume and speed of relevant departments
BR,
Andrei