On your original question (user levels), the way I did this was:
1. Users table - lists users and their role-number. #0 was disabled user, #1 was guest, #2 was "normal" user, #3 was admin user. But there is no reason you couldn't have more than that.
2. Each form's Form_Open event looked up the current user in the Users table, found the role number, and ran tests to decide (a) to not open the form or (b) to open the form but use the Form.AllowEdit and other .Allowxxxx flags to prevent unwanted action or (c) open the form and use the .Allowxxxx flags full access.
3. I also had the Form_Load stuff check for any special controls not compatible with a given role and to disable those controls. (Obviously, that is always some type of special-case check unique to each form.)