You should create special Groups of users for each project you have... you can have more than one group, something like "project1_developers", "project2_observers" for better organization.
You alson combine these groups with the Project Roles to define into each project what kind of access each group should have.
Make a Permission Scheme to set of permissions to one project. Something like this:
Browse Projects -> Group (project1_admins, project1_developers, project1_users, project1_observers)
Create Issues -> Group (project1_admins, project1_developers, project1_users)
Move Issues -> Group (project1_admins)
You can use your Project Roles here too... but I prefer to set everything with groups.
Finally, you can use Issue security schemes to define who can and cannot view issues. Issue security schemes implement a number of security levels which can have users/groups assigned to them.
Hope that can help.