There are really 2 parts to this:
- The data layer - and the security that goes with it.
- The UI layer - and the user experience you want the user to have.
#1 involves setting up your security so users, whether students or staff, allows or prevents entry into the fields.
#2 involves the scripting and showing/hiding of appropriate fields and buttons and other UI elements.
Using a field in the table with the student data, should be a start. You can set whatever status they are. All of your finds and scripts can act according to that field value.
and it seems like creating multiple tables might be a bad idea (since they would be one-to-one relationships?
There is nothing inherently bad about 1 to 1 relationships. They can be quite useful. In this case, it may enable you to better match the access permissions you specify in different privilege sets to your data model as it is easiest to control access to an entire record rather than just certain fields within the record.