If you have issues with personnel making un authorized program changes I would advise you to put a password on the plc that would only allow read access to other staff. At the moment I am not sure if you can retrieve a log file from the plc that will show you the mac address of the devices that accessed it.
Hope it helps
Regards Damain