I am still using Crystal 5.0 (which works great for me) but I want to allow some other users to use the program as well. The problem is I don't want to give access to all my data. What is the best way to limit access to specific data files without interfering with the normal operation of DBA/EVO?
 

I password protected the dsn and assigned a simple user name and password.  I did not assign any permissions to this user.
 
Then, in the PUBLIC user,  I only selected tables I wanted access too.  You can select what type of access you want to each individual table.
I choose select only access.  
 
The user I defined inherits the permissions of public.  
 
You could just as easily add another user for confidential information that has permissions for the additional tables that they need.
You could also define groups that have permissions to different tables that you can assign users too.
 
Since I am the only one that does any manipulation of the ODBC data, I just use the master user that gets defined when you turn on security.