I think of several things you can do, but the best will depend on your network and security configuration.
One of the ideas is to make this document the only one available in the root folder, and have all the other documents in different folders not mounted or under the root folder. This may be the easier one. So the only access to this document and then launch another docs from this. Make sure the actions (or macros, or URLs) you are using to open the different documents behave in the server-client environment, browsers, plugin, and so.
Hope that makes sense.
I dont use access point from which my users access documents (e.g. doesnt conform to Group standards) but instead use a .asp file where the documents are defined as anchor tags (<A>). All the documents are secured using section access.
I rather like it as it gives me total control of the user interface e.g. I can put links to other intranet/web pages etc.