You don’t necessarily have to assign roles to manage the user’s capabilities.
First, register your custom post types with their respective capabilities.
See capabilities under Function Reference/register post type – Parameters
Managing User Capabilities
You can use add_cap or remove_cap to add or remove user capabilities for a specific user.
// Add capability to a specific user
$user = new WP_User( $user_id );
$user->add_cap( 'can_edit_posts');
// Remove a capability from a specific user.
$user = new WP_User( $user_id );
$user->remove_cap( 'read_private_posts' );
This is handy because it allows you to grant a user capabilities that do not belong to the user’s assigned role.
For example, you may create a form with check boxes for each post type like you were saying. For each box checked, it would grant a given user ID the capabilities you created when you registered that post type. Likewise, unchecking a box could remove the capabilities.