Logs of actions in EERM are not recorded at all, but yes, your scenario works, just give them the EERM password. There is no real user accounts on EERM, just a volume password.
It's pretty difficult to record actions on file operations without installing something to do just that - the beauty of EERM is it does not require admin rights, or any product install to use. Where could it log operations that the user would not be able to delete afterwards? On the stick? Remember, we don't have any special rights in user space, so the "secrecy" of what we can do is really limiting.