Our health system some needs to restrict some users' data level access to a general ledger zone within one company. We can restrict the access by using ranges of accounting units, but that is very awkward in our chart of accounts.
For example, we use zone 200 specifically for physician medical groups and want to limit their users to data within that zone. The accounting unit design is that the final three digits are the zone, but the beginning four digits are spread through all zones and thus aren't easy to create valid ranges for data level security. Some of the valid accounting units are 1000200, 4800200, 4925200, 5625200, 5870200, & 5875200. 1000201 is not to be included. Currently building valid ranges would have 30 lines of parameters and more importantly require maintenance for any new accounting unit additions.
Any suggestions?