Systems and techniques provide activity monitoring and selective obfuscation of various fields or categories of information included in traffic between servers providing services and end-user devices accessing such services. The selective obfuscation may account for a user's role and one or more levels of authorization or permission assigned to such a role. More generally, the disclosed techniques provide the ability to selectively restrict end-user access to data included in server responses, such that desired portions of the data are not accessible while other portions of the data are still accessible. An administrator tool may configure the permissions and rules used to decide whether traffic to or from a particular server or service should be selectively obfuscated; and if so, how that traffic should be selectively obfuscated.