The Permissions selector allows you to determine which User License Profile will be able to SEE the Custom Field: Tasks / Bookings / Rates; Tasks / Bookings; or Tasks (only).
Since 6.6 SP2 you can also setup another level and add confidential users, who will only be able to see & edit the custom field. This option is available for Tasks and Bookings.
In Server Setup > Users > enable the "Use Confidentiality User For Custom Fields".
Add those Advanced Users that later should be allowed to see the Confidential Custom Fields.
As a next step you could setup a Task with (e.g.) a Custom Field: "Text Widget" that allows to enter a Private Note.
Only the Users added to the Server Setup List will be able to see, access and edit the Note.
Logging in as a "Non-Confidentiality User" I cannot see the information, nor access through reports or Web Access/iOS/MobileWeb.
