As far as I know this can't be done.

are you looking for column level permissions  ?

There is nothing built-in to SharePoint that will allow securing Views.
Since normal users (Those with Contribute permission  level) can create their
own views  duplicating whatever is in a secured view this is a fruitless
exercise unless the system is locked down to prevent users from doing
anything. Having said that, the only real way I can see to do this would be
to write an event handler for the list  that would check what view was being
opened whenever an item was accessed and cancel the request if the view
wasn't one of the "permitted" views.

I had this requirement myself and this is what I did:

1. Create a document library for web part pages.
2. Add a web part page for each view.
3. When finished, go into the web part page library and assign permissions  to
each web part page.
4. I then only expose the web part pages (in the Quick Launch menu)Â to the end
user.

if the user knows how to type in the address of the AllItems.aspx page
in the library itself then they have access to create any views  they want. This
will work, but its obfuscation and not true security.

There is a CodePlex project that lets you set permissions  on list  views, as well
as configure the different default views  for different users. See
http://spviewpermission.codeplex.com/

This is also security by obfuscation. It doesn't actually secure the views.
It applies security to the dropdown list  of views  on the normal page. If
you know the name of the view or the create page you can still get to any
view or create your own. For most people it will be a sufficient solution,
but it doesn't really secure the views themselves.

I should have mentioned that there is also a CodePlex project by the same person
to apply permissions  to columns.

I think you are correct for contributors that it is security by obfuscation, as
they can create public or personal views  that include more columns.

Whether it is true for readers depends on whether it blocks direct access to the
view pages that you don't have permissions to, which I would assume it does (but
would need to be tested). However, even they could presumably still access
"restricted" information through another route such as web service calls?

I think though you could achieve pretty strong security by making users
restricted readers, by only surfacing the data you want them to see on web part
pages, with personalisation disabled?

you should be able to accomplish this with audience, give that a try

Well, yes & no. What we REALLY want is both permissions  on views  AND
persmissions on columns. Hmmm - does the former (if real ala Paul's comments)
imply the latter? I guess so.

Anyway, thanks for point out that the codeplex 1/2 solution is really only
obsfucation (SP?).