I agree with what you want for security...but a partial workaround I use (and this is only really valid for servers) is to keep all DBCs and any tables that do not need user update in a separate Readonly access directory. It's better than nothing, at least...
The Anonymous Bureaucrat,
and frankly, quite content not to be
a member of either major US political party.