I have covered all the other aspects of Security in CRM 2013 and now I am left with Field Level Security, which in some ways is apt because this is probably the most strict.
Field level security was a much requested feature when it was added in CRM 2011, probably up there with auditing.
Here is the video walkthrough
Field level security allows you to add extra security around individual fields. The three security values are
Read
Create
Update
Adding Security to a Field
The first rule is, you cannot set field level security for any of the default fields. If you try to the pesky field level security checkbox is disabled. I’m not entirely sure the reasons for this, the most likely is if you stop people adding values to the default fields then some of the functionality might stop working or the system as whole might not work probably (that is my interpretation of it)
You can only set field level security on custom fields!
So go to record, either create or find a custom field and then enable Field Security
If you now look at your custom field on the form then you will see there is a key on the field
Publish the changes to the entity and before we add the field to a Field Level Security profile go and have a look at the form, which in my case is the account form.
If you go to the form with a user who has the System Administrator role then you will be able to see the value in field but if you go to that form as another user then you will see some asterisks ****** (even if the field is blank). The reason all other users see asterisks is because the field is added to field level security profiles (all of them) with the Create, Update, Read values all set to NO.
This means when you add field level security, no users (except System Administrators) will be able to view or edit the field, so you better quickly set it to a field level security profile and add some users.
below is a screen shot for a user who isn’t a System Administrator
Create Field Level Security Profile
Now we are ready to create a profile. The order of these steps can catch people out because if you start with Field Level security you might first create your Field Level Security profile and find them blank and then you will wonder how to get fields in there.
Go to Settings –> Administration –> Field Security Profiles
This will then take you to a list of all the field level security profiles.
Notice the System Administrator is a default team maintained by CRM, although it is possible to add members to the team.
Now edit or create a new field security profile
Opening your new field security profile.
If you go to field permission you will see a list of all fields which have field security enabled.
By default the privileges are set to NO
if you click on one of the fields you can then edit the security
The other important thing you need to do is add users/teams to the field security profile (otherwise only System Administrators can view/edit the fields)
Key Facts about Field Level security for MB2-703 exam
Enabling or disabling of field level security by setting the IsSecured attribute cannot be audited.
System Admin is has all privileges on all field level security fields, the user has a System Administrator field security profile where all values are set to yes and will be for any fields checked for field level security.
Every field enabled for field level security is added to all field level security profiles
when you turn on field level security for a field, it will automatically be added to all Field Level security roles with Read, Create and Update all set to No.
New field level security fields can only be seen by users with the System Administrator role, so you have to go and configure the field level security privileges.
Every field level security profile will include all fields with field level security enabled.
Fields that are ticked for field level security will be added to field security profiles but with Read, Update, Create all set to No, so you must go in to configure
users/teams can be added to more than one field level security profile.
*** asterisks show if a user does not have read access to a field
*** asterisks show even if the field is null/blank
You cannot delete the System Administrator field level security profile
You can only set field level security on custom fields!
Hosk's Dynamic Blog 
For those using Hosk’s guide for the newer CRM 2016 exams, note that Field Level security can now be applied to most attributes, including system and custom attributes.
LikeLike
Hi there,
My client has a custom field in their Leads form which stores an amount. They want that field to be viewable only to the OWNER of the Lead. How do I get that right?
LikeLike