I'd follow Iamw's recommendation and define roles and permissions. I'd also get a regular backup process implemented on the VMDKs (VCB or some 3rd party VMDK aware product).
I don't think there will be much else you can do outside of custom roles and permissions.
Reuben Stump | http://www.virtuin.com | @ReubenStump
