I'm trying to secure certain person attributes so that they cannot be seen by a specific security role. Our check-in volunteers don't need to be able to see information about people's discipleship pathways!

I know I can secure this via person blocks but my feeling (feel free to correct me) is it is more secure to do it at an attribute level. From the person attribute page it looked like I'd have to secure each attribute individually. I noticed that all users are inheriting permissions from the global default, I remembered in the CIRT talk about security that there was an inheritance pyramid. 

Is there a way I could secure the attributes higher in the pyramid, perhaps at an attribute category level? Am I over complicating things?