This is an issue that has been the subject of many questions and below is the series of processes which I believe adequately addresses the structure needed.
Firstly, the three initial things to do (which I will not go into any depth with) are: -
- Configuring any SharePoint views to display only the columns you want all users to see and
- Filtering the View data so that it displays only the records you want available for choosing. I am assuming here that the users need to see records other than those they created.
- Configuring the Integrated App to restrict the users (or the particular user) to only be able to do and see what they need to.
Then however we are left with a number of inbuilt SharePoint functions that allow a reasonably knowledgeable user to circumvent these controls and do/see things you do not want them to.
Read more...