The answer depends on whether your users are garden-variety or exotic users.
The garden-variety users can be blocked as theDBguy suggests, by never showing your users anything but forms. Then on any form where a critical delete COULD happen, you assure that the form's AllowDelete and AllowEdit property is set to No. You also would want to perhaps have user-role sensitivity in that you have people log in to the DB by a username. In your app, have a user table that identifies a role or a special key or something to define what each user can do. For the super user, don't set the form's AllowXXXX options to No.
If you are in a domain environment, a simple (if not perfectly reliable) way is the Environ("Username") function. It can be spoofed, but you trust your users or believe they aren't very savvy, it is a decent way to find out your user's login name. (I.e. make it match the domain login name.)
For the more exotic or determined or bull-headed user, make good backups so you can manage data recovery because a really determined malicious user will find or even create ways to be malicious.