You've hit on one the significant design limitations to the current version of FileMaker security settings. You are indeed limited to controlling access to specific records of a given table, and cannot specify user specific access limits for specific fields.
There are several possible work arounds.
- You have figured this one out already, which is to have several layouts and control access at the layout level by taking the user to different layouts.
- You can split your table into two or more parts linked in one to one relationships. Now you have separate tables so you can make one of those tables the "section" of your form that needs limited access. You can still keep all the fields on the same layout due to the one to one relationship between the two tables.
- You can also control access at the interface level with script triggers that deny access to the field when the user's privilege set is not one where access is permitted. This is fairly easy to set up but requires that you not leave any loop holes in your layout design that enable them to have access where they shouldn't.
- You can use a validation rule to deny all changes to data in a field if the user's privilege set does not allow them to edit that field. They will be allowed access to the field, but when they exit, an error pops up and they are required to revert the changes. This isn't terribly user friendly, but it's a good insurance policy to put in place if you decide to use script triggers to control access to specific fields as it will plug any "gaps" in your system that you may have unintentonally left in place in your interface design.
Amazing feedback as usual.
I take good note of it.