Relation fields have the permissions of the related model, not the model you are loading in the form, so you have permissions on table A, and relation with table B but no access to the records of table B. try removing the field, or adding a group rule to stop unauthorized people form seeing it, as tommaso already suggested.

As the restriction is at field level (contract_id) , it will be possibly because of a record rule defined on that field and model. 

In order to confirm the same in your example, enable the developer mode, go to settings , technical menu and open record rules. Here, filter for the model hr. employee

Check the rules in tree view which contain the field name contract_id (domain column) and check the rule definition of that particular record rule. If the groups defined for this rule doesn't contain the group of the user for whom the error is coming, then, this particular record rule will be the reason why you are getting that error. 

Try limiting the field view to that group with the attribute `groups`. XML Field Documentation.

<field name="contract_id" groups="hr.hr_group_manager" />