If you want to store passwords in the database, you would generally want to encrypt them using the dbms_obfuscation_toolkit. Only people who are authorized to view the data should be given EXECUTE access on the procedure that decrypts the password. If you are storing passwords for an application that you're developing, you can be even more secure by hashing the password, which would make it possible for you to verify that the password a user enters is correct, but won't allow anyone to access the clear text password.
Generally, you can restrict access to columns by creating views that don't contain the sensitive columns and granting SELECT access only to those views.
Distributed Database Consulting, Inc.