Domain Specific Language security

Is there a way to write a DSL which limits the access by a user? Since
this
is Ruby, they could write any arbitrary expression such as
  MyModel.delete_all

My users would not do this on purpose, but perhaps by accident.
I have read some about Sandboxes, but don't see how it would
prevent something like this.

Thanks in advance,
Don Mc

Dale,
  Thanks! That is exactly what I needed.

Regards,
Don McClean