>OK, I'm out to learn from others' experience.
>
>Has anyone out there implemented field level and control level security in their application or framework?
>
>I've got an idea on how it can be achieved, but want to see if anyone out there has better ideas.
You certainly are heading in the good direction. :)
To avoid hardcoding, what can be done, is to have a userfield table which is a many to many relationship from the users table and the fields table. At admin mode, you can then have a form to assign the right level for each field to each user. Then, your base class for each control can check what right that user has.