Carlo,
please explain what you mean by "enabled to select buckets". If you mean that the user should not be able to edit a bucket (or display) then you can control it via going to bucket (or portfolio) details -> Miscellaneous -> Authorizations -> User Role and assign the desired role.
Please note that the authorizations are inherited downwards, i.e. you don't have to assign the same authorization to every bucket in the hierarchy - assigning to the portfolio or top-level bucket will do the job.
