Sales users need to make invoices and receive payments and thus need Account User role. However, this also gives them access to CoA and all other financial reports, which is not right.
The issue is similar to these old threads but I could not find a way to fix
Role Permission for Page and Report is just for Pages and Reports. Hence you can cover reports like Cash Flow and Ledger Report etc.
But for Tree view, you may have to try changing in the treeview file. It is a JS file.
In case of Chart of Accounts, it is account_tree.js, you could check if the frappe.session.user has the required role say ‘Auditor’. If they have it, it renders but if they don’t the tree doesn’t load and displays a message and could route them back to the desk.
What has worked for us so far is to use User Permissions and give individual users permissions only to the accounts they need. It does not work on the branch, need to do for each leaf. for us is 25 entries per user.
Real pain is you cannot copy these 25 from one user to another so every time new user is created need to do 25 manual entries. Duplicating a user should duplicate all including user, page and report permissions, but does not. A way of copying user permissions would be great.