Hi Pedro,
Are the users are fixed like Users 1 to 10 requests only SINGLE roles and Users 10 to 20 requests only COMPOSITE roles?
If this is the scenario then controlling at auth object level using PFCG role is correct way as suggested by Ameet. If they can request sometimes SINGLE and sometimes COMPOSITE roles, then may be you need to have 2 different request templates and then within the templates role search can be restricted based on Functional area.
Assign Fun Area 1 to Composite Roles and Maintain this Fun Area 1 in EUP 1 of Template 1 - So if the user access this Template, they can search only COMPOSITE roles.
Assign Fun Area 2 to Single Roles and Maintain this Fun Area 2 in EUP 2 of Template 2 - So if the user access this Template, they can search only SINGLE roles.
Regards,
Madhu.