I suppose that you as superadmin don’t allow users to register new subsites at the multisite network, it’s only your privilege. Thus only you decide what user to what site and with which role to add.
So you register user and add him to the “news.everythingagricultural.com” with required role. May be WordPress built-in roles will be enough: author to pulish new articles, editor – to moderate what author do. While user will can login to everythingagricultural.com (WP has the single users list for the whole multisite network) but he will can post only to the site to which you added him and where he has enough permissions (author or editor) – to “news.everythingagricultural.com”.
Any visitor can comment. Only one who can edit article can moderate the comments sent to it.