Rules of good manners, they say what is necessary. The diagram is correct.
1. This is done by setting up routing between Vlans on the router or L3 switch.
2. No. You simply open on the desired port access to those Vlans where you want to go.
We read - Networks for the smallest . And from chapter zero.

A separate VLAN for printers is an extra hassle for yourself. You will first drive them into a separate VLAN (it is not clear why), and then you will look for an opportunity to bypass the VLAN restrictions. "The efficiency of these two actions is 0" :-)
For phones, a separate VLAN is quite justified.
If you really want to breed VLANs, get a gateway that will sit in all VLANs and through it you can go from anywhere to the desired VLAN, after setting up routing to a slave. place.

The logic is correct. Vlan numbers do not matter, but it is right and good to separate devices of the same type into separate networks. Connectivity between vlans is provided in the same way as between separate physical networks - using a router. Read what VLAN trunking is, and see how it is implemented on Mikrotik, and configure routing on it.
Network segmentation is not just good manners, it is a necessity, especially in light of the development of malware / viruses and other information security threats. Printers/phones are vulnerable devices, so they need to be isolated. A flat network where all computers in an organization are in the same vlan/network segment will cause any stray NotPetya to spread throughout the network in a matter of minutes. And it will be like here. Or some mother's hackers will start picking the computers of the neighboring department over the network. So segmentation and configured rules for traffic between subnets are a must have in modern conditions.

Phones in a separate vlan, printers and work clamps in a vlan vlan (not separating them, it makes no sense) vlan1 - do not use it better. Admins - to a separate vlan grid and from it access to the mgmt network and to all data networks