I have seen some add-on security products for both MS-DOS and early Macs (pre OS X) that were pretty good, and were more than just separating users.
The most notable was a product by Casady & Greene called A. M. E., or Access Managed Environment. It allowed for hierarchal management of users where only the top admins could see peers of each other, and everyone else could only see who was lower in the hierarchy. Each permission had a setting of not just allowing or disallowing, but allowing the downstream user to allow their downstream users to set that. It also had very good encryption for its time (DES on the disk, folders, and individual files), as well as the ability to add code to copy-protect or otherwise restrict executing of applications (these were well before the days of signed applications, even applications that checked their own resources for integrity.) It even had features controlling lockout of a user, not just exponential timeouts, but for a very sensitive user, would go and erase files flagged as "sensitive", which ensured a brute force, even if successful, attack would not bring much. It even brought to the table 2FA by giving the option that a user must insert a floppy disk with a nonce file on it, as well as entering their password.
Of course, there was logging, and virtually every action could be set to be placed in an audit log.
Of course, today's user management has replaced the security programs that sat on top of single user, cooperative multi-tasking operating systems, but it is interesting to see how this was added on.