Permissions per field in content type schemas

Slightly off topic, but a little bit related, so I ask here:

I stared making something similar (but because of COVID 19 it has been delayed at least a year).

For this, I planned to have a few extra fields for the users (that had to register), with ONE field that can only be edited by 'admins' ( a BOOL field to check if they got their T-shirt').

Is this doable with memberdata.xml (or another profile/xml file) ?

You can set permissions per field in the content type schema like this:
https://github.com/collective/ploneconf.site/blob/master/src/ploneconf/site/content/talk.xml#L40 (in xml)
or https://github.com/collective/ploneconf.site/blob/plone6/src/ploneconf/site/content/talk.py#L93 (python)

Thanks.

So it looks like it has to be done in userschema.xml

Does not seem to work, the user can still edit the field

 <model xmlns:easyform="http://namespaces.plone.org/supermodel/easyform"
  xmlns:form="http://namespaces.plone.org/supermodel/form"
  xmlns:i18n="http://xml.zope.org/namespaces/i18n"
  xmlns:lingua="http://namespaces.plone.org/supermodel/lingua"
  xmlns:marshal="http://namespaces.plone.org/supermodel/marshal"
  xmlns:security="http://namespaces.plone.org/supermodel/security"
  xmlns:users="http://namespaces.plone.org/supermodel/users"
  xmlns="http://namespaces.plone.org/supermodel/schema">
  <schema name="member-fields">
    <field name="tshirt" type="zope.schema.Bool" users:forms="On Registration|In User Profile"
      security:read-permission="zope2.View"
        security:write-permission="cmf.ManagePortal">
      <required>False</required>
      <title>T-shirt</title>
    </field>

Plone Foundation Code of Conduct