Unusual User Permissions

Dear All, I have a client who wants a user to be able to post cash receipt journals but should only be able to see customers and bank accounts. In addition, they should only be restricted to certain bank accounts (e.g. client account but not Office account). This extends to the bank reconciliation. They should only be able to perform bank rec’s on certain bank accounts. What do you think is the “best” way to do this. My initial thoughts are to code relevant filters (based on new booleans added to the user table) against the bank account card and list as well as setting suitable Roles. The problem as I see it is that I want to restrict access to certain records rather than just certain objects. Any help will be gratefully received! REgards Duncan