This one was hard to search so let me try and explain.

I've added a field in the user's profile that links to another user. I used entity reference to do this. It does exactly what I need since it creates a link that allows the user to go to the other profile and view the details.

The problem is that it's all or none as far as permissions so they could easily view other users as well buy changing the user id in the url. So what I need is way to allow viewing of only certain other users.

Here's a more specific user case:

A parent wants to see how much money is left in their son's scout account.
They login to the pack website (Drupal)
They click "My Account"
They see their son listed under "Associated Scout" and click the link (For example "...?q=user/101")
Their son's (User ID 101) user profile is listed where one of the attributes is the scout account balance

Here's what I need to change:
They manually change user/101 to user/102 and view somebody an account that they are not associated with
I want them to get access denied (or something else appropriate) instead.

Any ideas?