Here is what I have done for the same problem. Reserve one administrative account having every permission on all tables. Give all users read only permission for tables. Users can only run code which updates(/add) tables. Create workspace object using the administrative account I mentioned. You have to embed this account's password in your code. Users will only have run permission for your code. Then using DAO add to or update those tables using BeginTrans..Commit.
Thus your code is updating multiple tables,logging user names using currentuser() function.
Another way is to use withownerpermission queries. Users can use only this query(actually form based on this query) to amend records. Revoke all permission from table. Give Run permission for form and add/update permission for query. Create a calculated field in the table based on autonumber field and set table level validation rule. On your form based on owneraccess query disable username field,hide calculated and autonumber field. Set beforeupdate code on form to calculate and fill the calculated field and username field. Hide the code and calculation logic from user.
Please let me know if this helps.
[This message has been edited by PrPu (edited 10-24-1999).]
