Users want to restrict access to custom fields. Some custom fields are used internally and should not be visible outside the company.
A solution might be: The custom field creation page has additional fields, where one can enter groups, users etc. for read permission and maybe a second field for write permission.
JRA-1330, which is more general but needs much more effort to implement.