Currently there is no granular functionality that limits which FDT fields like a SSN custom user field on a users records. Administrators either have the ability to look at all FDT fields or they don't.
A user program could be written to display the users TSS LIST information and not include certain fields.
The application would issue a security check against a user defined resource class to determine if the user has access to certain fields, then the user written program would display only those fields they have authority.
Example, create a resource class called AUTHFLDS.
Issue a TSS PERMIT(xxxx) AUTHFLDS(SSN) to authorized the user to see the SSN field. Issue the PERMIT for every field you want shown.
The user written program would invoke a TSSAI RESLIST to see what AUTHFLDS the user is authorized.
Then the application would list out the user only with the fields they are authorized for.