That middle paragraph is one sentence!
Have the application open a hidden form on start up, and run these events from the On Load event of the hidden form.
Create a table, perhaps in another database, that has the user name and role. When the application opens, have it take the username from the person's computer:
sUser = (Environ$("Username"))
Then have it open the crendentials database (I use a SharePoint site for this purpose so I can manage user levels there) and find the user.
If the user is not in the database, then Application.Quit.
If the user is in the database, take their username, maybe first and last names (I like to display them so the user knows the app knows who they are) and the group name.
Take these credentials and put them in unbound text boxes on the hidden form. Then open your main form.
I generally use a main navigation page, and if the user is allowed to see the admin forms, the button to those forms is visible. If not, then the button is invisible. The forms check the hidden form like this:
If [Forms]![frmHiddenCreds].[GroupName] = "Admin" Then
Me.btnAdminForm.Visible = True
Me.btnAdminForm.Visible = False
Also put an event on the forms themselves on their on load event, to close the form if the user is not in the admin group.
I set all the forms and tables to Hidden, as well. The only way around that is to move data in and out as the user opens forms and reports they are allowed to see. There are lots of kludges. Then turn your database into an MDE so the users can't modify your code and get access, etc.
Did any of that help?
Look it up at: http://wrox.books24x7.com