The answer is, it's simple, yet not so simple. To ascertain whether or not the password is valid when input, you have to either store the password in a table and compare the input to it, or simply write code that basically says "If strPswrd = 'SomePasswordText' then allow the user action". How secure either of these two methods is depends on how you have designed the db (split into Front End [FE] and Back End [BE]) and what protection you have employed to keep users from discovering how to circumvent your password security. So it's easy, but may be pointless if anyone chooses to simply Google how to do stuff in Access. In a shared db that is split, the code can be protected in an FE so that it can't be discovered, but if you wish to change it periodically, you have to alter the code in the template database and re-distribute a new copy to every user - each time someone forgets their password (or you open a desk drawer somewhere and remind them what it is - not real security). Another drawback is that anyone who obtains the password can do whatever it is you're trying to restrict. Storing the passwords in a table would at least require you to password protect the BE and relink all the tables to the FE. As long as you keep the list of people who know the BE password short, it's not a bad solution IMHO since you would not have to hard code the password in vba code and re-distribute after each change. You can also write a routine to encrypt the password field and decrypt it for use, but I thing a BE password is better.
Another method is to use the network login id of the user, look up their user level/profile in the user table and either show a button, or other object, or hide them. You can also restrict the opening of forms/reports or use of functions such as altering/deleting data. IMHO, this method is by far the best, but still requires the designer to prevent common users from going into the BE table and altering their profile.
So, while it's not hard to do, the answer depends on what lengths you have gone or should go to in order to support your protection efforts in your business environment. I know that doesn't provide a quick answer, but writing out the means to do it at this point makes no sense since I/we don't have the information to make a sensible recommendation.