seperate authorisation to change fields in transaction XD02 and FD02

I have a small problem and I was wondering if somebody could help.

The user asked me to differentiate in a transaction (XD02 and FD02) the access of changing or simply displaying a field based on Users.

I tried to solve the problem in the following manner:

1. As the field didn't exist (ZTERM and VLIBB), I created an authorization object via transaction SU20.

2. In Authorization maintenance SU21, I created four Authorization objects, 2 for display ACTVT and 2 for Change.

3. These authorisation objects where attributed into transaction SU22 and SU24 for the transactions (XD02 and FD02).

4. Afterwards I run all checks which roles have to be changed via transaction SUIM.

5. I changed the affected roles (via transaction PFCG) and added the auhtorization objects, in a first time, I only attributed display activity.

6. But there is still a problem. The affected user can still change the fields even though he shouldn't be able to.

I checked via transaction SUIM who still has access to the authorization object but the user was not in the list. Do you have any ideas?

Thank you in advance.