A database view is a stored SQL query that functions as a virtual table. A data administrator can create a view that selects only a specific subset of fields (columns) from the source feature class's business table. By granting user permissions on this view while revoking or denying permissions on the underlying base table, access to the sensitive fields is effectively restricted at the database level. This is a standard, robust security practice for implementing column-level security in an enterprise geodatabase, ensuring unauthorized users cannot access the restricted data regardless of the client application used.

A. Layer file: A layer file (.lyrx) only controls the display properties and field visibility within a specific ArcGIS Pro map or project; it does not enforce security at the data source.

B. Query layer: A query layer is an ArcGIS mechanism for displaying data from a SQL query, but it is not the fundamental database security object. The underlying security is managed by database permissions on views or tables.

1. Esri ArcGIS Pro Documentation, "Views in a geodatabase": "You can use views to control access to data by granting privileges on the view to specific users. This allows you to limit the columns (fields) or rows (features or records) the users can see." This document explicitly states that views are a primary method for restricting access to specific columns.

2. Esri ArcGIS Pro Documentation, "Data access and security": "To restrict access to certain columns in a table, you can create a view on the table that includes only the non-sensitive columns. Then grant privileges on the view to users and revoke privileges from the base table." This section provides a step-by-step conceptual model for the exact scenario in the question.

3. Pennsylvania State University, GEOG 485: GIS Database Development and Administration, Lesson 6: Multiuser Geodatabase Administration: The courseware explains security models, stating, "A common strategy for restricting access to certain rows or columns in a table is to create a database view...You can then grant privileges on the view to a role, and add users to that role." This confirms the use of views as a standard academic and professional practice for field-level security.