Does Oracle support table-level & column-level permissions?

If there is a customer table, and some extra-private/secure information like SSN is there, should I create another table to store such information and lock that table so only certain people can view it even though it's strictly one-to-one? or can columns be locked too from unauthorized viewing based on rights? Even if both types of security mechanism do exist, is one preferred over the another? I might have said something very vague but I've used SQL Server more often.