In Odoo, you can define a list of groups for a particular view. In that way, you can allow only users with those groups to have access to the functionalities defined in the view.
For Example, if you want the field phone in the crm.lead view to be readonly for users with group base.group_sale_salesman you will need to create a new view that will inherit from the existing one and to add a group base.group_sale_salesman for it. Also, you will need to add attribute readonly=True to the phone field. All this in code should look like:
<openerp> <data> <record model="ir.ui.view" id="view_crm_lead_form_inherited"> <field name="model">crm.lead</field> <field name="inherit_id" ref="crm.view_crm_lead_form" /> <field name="groups_id" eval="[(6, 0, [ref('base.group_sale_salesman')])]"/> <field name="arch" type="xml"> <field name="phone" position="attributes"> <attribute name="readonly">True</attribute> </field> </field> </record> </data> </openerp>