You secure the db by implementing the usual methods and as long as no one can get at the table(s) you can always elect to open a form and make its recordsource a snapshot of the data. Snapshot recordsets cannot be edited. Then you can decide to open it that way for some or provide full access to other users who belong to a group with edit rights. You can also just lock certain form controls based on user profile. You might want to research having a users table that associates db permissions as part of your investigations.
Users should never be allowed to interact directly with tables, and usually not queries either, as a rule.
The more we hear silence, the more we begin to think about our value in this universe.
Paraphrase of Professor Brian Cox.