The entire FM security model is amazingly capable but buried sooo deep as to be somewhat inaccessible, and visually disconnected from the target fields/layouts. etc. Much could be solved with better access points by making it - along with a more friendly UI - directly accessible from within layouts.
There are a number of idea posts on DISABLE EDIT WHEN: (1044, 1297, 2256) that expose just one of the many things that the security model does today, but at the UI layout level.
However, the very powerful and granular security model in FM is not well known or understood, to a great degree, as a result of the complexity that comes with the power, and the location, buried deep within the bowels of manage security.
HIDE was added at the Inspector level (something that was NOT in the security model), but the security model features would be far more usable, if they were more accessible - maybe not explicitly tied to privilege set as a starting point.