Field level security is an out of the box feature in CRM 2011. Once you are familiar with how it works it's easy to quickly configure your system for any number of complex scenarios.
For this post we use the follow scenario, we want to add a password field to the contact form to track a contacts password. We want all of our users to be able to see the contacts, and make changes but only users who have signed an NDA should be able to see the password field.
Navigate to Settings > Customizations > Customize the
system open any existing entity with a custom field on it, or create a new field. Fill in the field designer as needed and Set Field Security to Enabled. Save and Close.
Open the form designer and navigate to the field you enabled field security on. Drag it onto your form. Note the secured key icon. Save and Publish, and Close.
Navigate to Settings > Administration > Field Security Profiles
The field level security profile works a little different then you may expect. My initial thought was I would call it "Contact Password Access" and define access to the newly added password field. Instead you should define the actual role, as if you're extending the permissions. So we will call it "Non NDA users" to extend out a role with users without specific permissions. The reason for this is that each profile contains definitions for all field levels in the system that can be secured.
Once we click on Field Permissions we see there is an existing one, as well as the Password field we added. By default all the permissions read/update/create are set to no. This is what we want for Non NDA users, so we don't need to make any changes.
Finally, we need to add all the users that we want to restrict access to.
Users that have been added to the new Non NDA Users, Profile now see just symbols in the Password field.
Any user not added to the group, still sees the text.