Does anyone have suggestions around restricting access to entities based on class, department, or even (somewhat preferably) custom segments? Transaction data is controllable via role restrictions but I haven't figured out a good way to limit access to customers and project records based on classification data...