Does a User's permissions affect Button script capabilities?

When a User runs a Button script, does the User’s permissions restrict what the script can do?

Scenario:

A User has Editor access to the “Clients” DB, and the User runs a Button script from there.

This User does NOT have access to the “Secrets” DB, but the script calls fibery.getEntityById() to retrieve a record from the “Secrets” DB.

Does this API call succeed?

The script will be executed with the permission level of the person pressing the button (just like for any no-code action).
However, the IDs of entities are considered public, even if the content of an entity is not, so in your example

then the API call will ‘succeed’ but will not return any detail from the Secrets DB.