Setting user permissions

[Nevare]

I'm having trouble getting graph permissions to work the way I want.

My scenario is as following:

I need to export graphs for specific interfaces on a a specific host to a different machine. I do _not_ want to export all graphs associated with this host, only a selected few. I have put said specific graphs in its own tree for simplicity. I then created a user with "View graphs" and "Export data" permissions, and I set the default policies to "Allow" on everything except "Tree Permissions", where I set the default policy to "Deny" and added the tree I wish the user to have access to.

This works fine, except when I give the user access to list and preview views, all the rest of the graphs/hosts are listed. This means I have to disable these views in order for the user to be able to access only the intended graphs.

Currently the only solution I have found for this is to explicitly allow the specific graphs I want this user to see, and have all default policies set to "Deny". Naturally, I have to add the tree to the allow-list in order for the tree view to work.
This seems to me like a cumbersome way to do this, does anyone know of a better way?