Currently, you can restrict certain abilities like adding or deleting gifts, ability to view certain tabs, etc. from certain security groups or users.  However, it would be useful to have the ability to be even more granular with security by being able to allow a group access to a certain tab/field in a record, but only give them access to select certain entries from a given field's table. 

Example:  We are a foundation with funds benefiting other organizations.  In RE, we have those organizations linked to their funds with a relationship type of "Beneficiary."  Only folks in our Operations department should ever assign that kind of relationship.  It would be nice to restrict other departments (like Development) from entering Beneficiary relationships.  However, that security group should still be able to put in other types of relationships (like relating individuals as family, employees to their employers, etc).

Another Example:  We have attributes to track info about our clients that is specific to our organization.  Changes to some of that information requires paperwork or documentation.  It would be great to allow certain security groups to view a specific attribute but not edit it.  e.g.- We are a religious foundation. There's an attribute on church records in our database to indicate if the congregation has dismissed to another denomination or has dissolved completely.  If they do, there's a process that has to be completed if they are the beneficiary of funds.  If someone in customer service gets a call that a church has closed, we don't want them to just update that attribute.  They need to contact Operations to start the beneficiary review process.