CRM 2011 will now allow to decide permissions not just at the record level but also “Field Level”. This means that you can decide if a user has the permission to that attribute at the time of Create or Update or simply view the data for that attribute.
Currently, this feature is only available for the custom attributes that you add. They are not available for the system attributes. When you create a new attribute you can enable “Field Level Security” for that attribute.
Once the attribute has been defined for Field Security, it becomes available for defining the security levels for different roles.
Similar to the Security roles, you can now create Field Security Profiles
The profile lists out all the attributes setup for Field Security and you can edit the permission to Read, Update and Create.
Note any security that you apply here is not just available/applicable on the CRM forms, but also programmatically. So if you try to edit a custom attribute of an entity for which you do not have permission to edit, field security will be enforced and you will not be allowed to update the record. You will receive an error.
Field security can also be specified at the time of sharing a record.
You can specify the permission to each user with which the record has been shared and the permission for the secured fields.