Restrict EditNodePropertyPrivilege

I try to restrict access to sensitive node properties with the following snippet, but it doesn’t work. I would expect that after adding this code to policy.yaml, that no user is able to edit the properties of My.Package:FacebookPost in the inspector. Any idea what I am missing?

privilegeTargets:
  TYPO3\TYPO3CR\Security\Authorization\Privilege\Node\EditNodePropertyPrivilege:
    'My.Package:EditFacebookPost':
      matcher: 'nodeIsOfType("My.Package:FacebookPost")'

Ok, this morning I got a server error after trying to save those properties, but this is not very user-friendly. Any idea, how I can hide some properties for some users/editors?

Did you read http://neos.readthedocs.io/en/stable/CreatingASite/Security.html#editnodepropertyprivilege ?
Could you try to add the && nodePropertyIsIn(["propertyName", "anotherProperty"]) to your matcher?

Yes, I also tried editnodepropertyprivilege, but this is to restrictive and not fine-grained enough. E.g. it disallows editors to move or hide the element.

Probably this a missing feature or bug in the ui, because it doesn’t check the EditNodePropertyPrivilege.

Yes, unfortunately “Except for the assignment of roles to users there is no UI for editing security related configuration.” (see Backend Permissions - Manual - Guide - Neos Docs)