In conjunction with June7' post, IMO a table of users and their permissions level (as well as other attributes) is the best approach. Also a tblPermissions table with fields for a role (e.g. admin, user, manager, etc. ) which if also given a numerical sort order field, allows you to put the levels in ascending order. That way, when you open a form, you can allow buttons to be seen by (for example) anyone with a level of 3 or greater or if need be, just with a level 3 or between 3 and 5 - any logical/mathematical comparison that can be made. Same for opening a form or viewing a report; allow or don't based on their permissions level.
Unless users are sharing a Windows login I don't see the point of db passwords. Said table of users can hold their Windows login name (and if desired, their pc id). When anyone opens the db, if their Windows login is found, they're in. If not, they're not - no passwords and no password related maintenance required.
The more we hear silence, the more we begin to think about our value in this universe.
Paraphrase of Professor Brian Cox.