another solution would be to export your field groups to PHP and then dynamically add add these extra fields to the group if the user is an admin. With ACF5 your could even export the groups to JSON, read the JSON files and merger the admin fields into one group if if the user is an admin.
The functionality you’re looking for has been requested a number of times. I’ve been answering questions here for… must be almost 5 years now. It’s probably on the list of things to do, just low on the priority list.
There is also the possibility of extending ACF with your own conditional logic.
Personally, I don’t think that a hidden field, or even a disabled or read only field would be very secure on a page that a user can view and edit. Honestly, anyone that knows anything about coding could alter the page they are looking at in their browser and submit valued to fields they should not be able to submit values to. If you want the fields in a single group then then only secure way to do this would be to generate the field group in PHP and not include the fields they shouldn’t be able to edit.
Welcome to the Advanced Custom Fields community forum.
Browse through ideas, snippets of code, questions and answers between fellow ACF users
Helping others is a great way to earn karma, gain badges and help ACF development!