Access to buttons can be controlled by the 4 & 5 parameter of the CRM.Button() method. The entity referenced in the 4th param has to be an entity normally covered by security. (This can also be a custom top level entity) The 5th parameter can be
INSERT…