In my experience there are a couple of things you could do:
1. Indeed with acces rules restrict the acces to certain objects. You could for example use a status to restrict on entity level, maybe even create a specific offline user that you give this restriction. This way the data that is used offline stays limited. Keep in mind that the sync at the moment syncs all objects that are shown on pages through your offline application on pages.
2. You could think about a seperate ‘offline’ domain model with only objects used for your offline process. Downside is that after the sync you will need to process this into your normal domain model.
Hope this helps!