I see. So instead of opening up access to one field, I need to restrict all others. 

I have tried creating an ACL table_name.* given to a restricted role, but it seems that table_name.none to snc_internal takes priority? Everything is still visible for snc_internal. I can create single ACL records for all the fields and that seems to work.

In any case I understand this better now and have a way forward. Thank you!