Turn auto-commit off, then check in your update scripts for the proper permission sets. If the user has the correct permission, then set the fields and commit the records and if not pop up a dialog and then halt the script.
The layout being modifiable pertains to whether someone can change the layout design itself via "Edit Layout".
You can also use security settings to restrict how a user can edit the values in your tables so that they cannot edit the value, but then you click the "run with full access privileges" check box in the script editor for each of your scripts that modify fields. This way, the scripts performed by the user can modify data, but the user cannot. (And put the global fields in one table and give them edit permission on just that one table...)