If the set of managers is fixed from the moment the data is encrypted by the user, then the problem is solved trivially, the scheme will be similar to PGP.
We will store a public-private key pair in the database for each user and manager, and each private key will be encrypted on the derivative of the password entered by the user in the web interface (this is already implemented in the standard).
If managers can be added during the game, then it is somewhat more complicated:
Option number 0: we will generate 100 keys in advance. It’s redundant, and you’ll have to take a steam bath with changing passwords, but it’s easy.
Option number 1: one private key for all managers and an intermediate code that can access the password of this private key, and which itself decrypts the data and sends it to the web interface.

Nothing needs to be encrypted. It is necessary to give data to whom it is necessary, and not to everyone.

And you can’t just make the role of viewing certain data and simply not show the data to managers, for lack of access to it. And whoever has access (by default the user himself + the role of access to user data for some managers) can see the data. And you don't need to encrypt anything.

It seems I came up with, though there is redundancy.
So:
1. For each user, based on his password (PC), a public key is generated
2. For a group of managers, based on a master password (PC), a public key is also generated
3. The user encrypts the data with his own and manager's public key. Both options are stored in base
4. Now, when the user needs to read the data, he enters his password (PC) and decrypts his half.
5. Also, the manager enters his master password (PC) and decrypts his half.
6. Well, the manager, changing the data, encrypts them with his own and user's public key.
Missed nothing? Won't crypto-resistance fall due to duplication of data encrypted with two public keys?

I don't understand why you need to encrypt. Setting up access control in the application is not enough?

I'll put in my 5 cents.
The technical variant of protection was well described above. But any information security specialist will tell you that in most cases such databases are leaked not through hacking, but through employees who have access to them.
There is no and cannot be a 100% solution here, but you can minimize the risks as much as possible. Recipe:
- separation of access, providing access not to the entire array of information, but only to the part that is needed immediately (NO common passwords)
- logging - any access to sensitive data should be logged
- monitoring - any suspicious activity should be " turn on the siren"
- audit - analysis of logs
Plus legal support - managers must sign an NDA.
In case a leak does occur, you need to be able to identify the source of the leak from the leaked data. How exactly - consult with information security specialists.
PS If the above is expensive/difficult for you, don't bother with encryption either.
And yet, you need to understand that by encrypting data in the database, without taking special measures, you lose the ability to search, sort by stored data. Do you need a database in this case?

here, obviously, you need to look towards public key encryption

del