Workflows and node specific access rights

Please forgive me, if this is a bad case of RTFM (kindly point me to the FM, if that is the case). I am looking for a way to implement following use case utilizing Workflows module:

1. User A creates content (e.g. Article) node 1
2. User A states that User B and User C will review the document.
3. User A states that User D shall approve the document
4. User A saves the document and invitations for review are sent
--- Review and Approval etc.
5. User D approves the document
--- System makes the article public at time User A has set. (I have simplified the real use case as much as possible)

Every document I turn advises me to create "Reviewer" and "Approver" roles, but my catch is that every document is to be considered Confidential before they reach status "Approved" and are scheduled for publication. Universal "Reviewer" role based access control will not work for me as all Reviewers will be able to read all documents in Review state (?). This is unacceptable in organizations that will use the system.

So I need the "roles" to be per node OR I need a way to Workflow trigger granting access to individual users based on state and document fields. What would be the the best to do this? I am happy to write new code, but much rather use existing modules. Can I for instance make Workflow module work together with Node access module to achieve what I need?