If you used the built-in switchboard manager it would be difficult.
BUT, the bigger point here is that not letting someone click a button on a
menu has nothing to do with the user getting to the form, report, query, or
table. Just because you come up with some way to issue an error when they
click a button, does not mean they can't just open the table, or the form,
or the query. Or, build their own.
In order to secure your database, you need to implement user-level security
and assign permission to the objects.
