The Sitecore security model is pretty straight forward, but as everything security, it can become complicated.
This goes for field level security. For a certain field, I wish to grant read access to everyone, but write access only to members of my “Price Administrator” role.
STEP 1: THE SETUP
First, create the new role:
Sitecore Role
Select the field that needs to have the access modified, and select “Assign security”
Field to grant access
For the “sitecore\everyone” role, grant “field read” access, but deny inheritance. It is important that you deny inheritance, because if you do not, no other role can grant access to the field, and everyone but administrators will have denied access:
Everyone Role
For the “sitecore\Price Administrator“, grant “field write” access:
Price Administrator Role
STEP 2: THE TEST
Go to a page that uses the field. Ordinary users (non-admins) will see the field, but it is read-only:
Field is read-only
Then grant the role to your Sitecore user:
Price Administrator Role is added to the user
… and the user have write access:
User has write access to field
MORE TO READ:
- Field Level Restrictions in Sitecore from Sitecoretricks
- Access rights overview from Sitecore documentation
- Field level deny permissions in Helix based on Habitat and how that affects your workflows? by Martin Miles
Brian Pedersen's Sitecore and .NET Blog 