Access to buttons can be controlled by the 4 & 5 parameter of the CRM.Button() method. The entity referenced in the 4th param has to be an entity normally covered by security. (This can also be a custom top level entity) The 5th parameter can be

INSERT
VIEW
EDIT
DELETE

var strNewCompanySecurityButton = CRM.Button("New","newcompany.gif", CRM.Url(1200),"COMPANY","INSERT");
myBlock.AddButton(strNewCompanySecurityButton);

Interestingly the effect of the eWare.Button is that if the user in the above example has no insert rights over the company entity then nothing is returned, but if they have rights then the necessary HTML to build the button and hyperlinks is return. We can use this fact of either it returns HTML or returns nothing for other purposes. For example depending on the rights of the use we can switch on or off the inclusion of blocks in a page:

///////////////////////////////////////////////////
var intRecordId = CRM.GetContextInfo("company","comp_companyid");

if (CRM.Button("x","y", "z","CASES","INSERT"))
{
var myBlock = CRM.GetBlock("companyboxlong");
}
else
{
var myBlock = CRM.GetBlock("companyboxshort");
}

var myRecord = CRM.FindRecord("company","comp_companyid="+intRecordId);
eWare.AddContent(myBlock.Execute(myRecord));
Response.Write(CRM.GetPage("company"));
//////////////////////////////////////////