One event can have only one source type, think of it as a tag which gets added upon indexing. If you need the clear and the anonymized data, I would copy the data to a second index and anonymize the data during this copy. So you can create a role which has only access to this index, and thus only to the anonymized data.
If it is not that important, you could create an app which does not show the clear data, create a restricted role for this app so it has access to this index, but can not execute any free from search. Then grant only this app to a certain role. But if one user has an additional role which allows access to the search app, then this user is able to search the index and see the clear data, something you probably don't want.