That was not my point. Restricting the ability of a user to select a tracking code to only those codes authorized is probably straightforward. The problems come when you have transactions involving tracking codes a user is not authorized to use. Do you prevent the display of an invoice because it includes one unauthorized tracking code among 10 line items? Do you prevent a user from seeing transactions in a bank account because one of them includes a line item with an unauthorized tracking code? If so, what do you do about running balances? Do you stop a user from seeing quantities of inventory items if sale or purchase of one has been assigned to an unauthorized tracking code?
All sorts of difficulties can easily be envisioned if you try to use tracking codes as a way of setting permissions. Tracking code functionality was designed as a way of segregating general ledger transactions—line by line. It was never meant as a means for setting permissions to view/edit/create/delete transaction forms, account balances, etc.
Tracking codes do not even apply to balance sheet accounts, yet @Rajwani wants to use them to set roles and permissions to access tabs, forms, and specific customers. That is a long way from their designed purpose of separating revenue and expense account postings by division or cost center.