A most asked feature, but not available OOB, is 'Field Level Security' functionality in MSCRM 4.0.
There are add-ons available from 3rd party vendors, which make use of Custom Entities, Custom Web Aapplications and Plugin to achieve the purpose.
This makes it costly to implement to implement the same.
 
A more compact and cheaper solution could be provided by javascript.
On the ONLOAD event of any Entity, we could load the user roles for the current logged in users, identify if the user falls under a valid role and apply the required secuity  settings to the attributes via javascript.
 
IOTAP has a simple Javascript solution in place for Field level security.
This script is just to be placed on the ONLOAD event of every Entity, where Field Level Security is to be implemented.
By modifying 3 variables in the script, an administrator can set Field Level Security for any field on the form, for any available role.
 
Features include :
1.    Apply Field Level Security if the user does not belong to a particular role (Even multiple roles could be set)
2.    Select single OR multiple fields on the form to be secured
3.    Security Options available for the fields are ‘Read Only’ or ‘Hidden’ on the form
 
For more details on the script please contact info@iotap.com