Does Firebird support field-level access rights?
Yes, it does for writing new values (UPDATE statements). To control the rights, use the GRANT and REVOKE statements:
GRANT UPDATE(field1,field2,...) ON table1 TO USER1;
REVOKE UPDATE(field1,field2,...) ON table2 FROM USER2;
If you wish to limit users to certain fields when reading (SELECT), a common way is to use views:
create view v1 (limited column list)
And then grant user SELECT rights only for the view. With views, you can also limit which records (rows) can user see:
create view v1 (column,list)
where ...constraining clause...;
If you need really complex rules, you can setup up a stored procedure that would return NULLs for some columns to specific users.