All custom roles can be granted territory access. By doing so, a role will have access to all projects that are assigned for a chosen territory structure, without necessity to add that user with that role manually in Security to every project on that particular territory. 

You can assign territory access to the role by going to Administration>Settings>Roles:

The next step is to hover over a custom role, click on the 3 dots and check the territory access box, followed by apply.

All roles with granted territory access will have a globe icon next to them when created or edited.

After role with territory access is selected, fields Country and Line of business will become available. Then you can assign to which territory structure user will have access to all projects.

After selecting a country, “Show details” will become available. This gives us the option of choosing a territory structure.
Besides territory structure, Line of business can be set which can narrow down user’s access to projects furthermore. 

If no country is selected, then user will have a global access to all projects within the tenant.