See https://drupal.org/node/178506#comment-726479 - although it mentions Drupal 5.7 at first, it applies to Drupal 6 too. The gist of it is, you have to (safely) impersonate another user. By doing that you get access to whatever function the user has access to.
Impersonating users is as simple as
global $user;
$original_user = $user;
$old_state = session_save_session();
session_save_session(FALSE);
$user = user_load(array('uid' => 1));
// Take your action here where you pretend to be the user with UID = 1 (typically the admin user on a site)
// If your code fails, it's not a problem because the session will not be saved
$user = $original_user;
session_save_session($old_state);
// From here on the $user is back to normal so it's OK for the session to be saved
Then the action you must take is to run drupal_execute()
with the form array you have.