Proposed solution to this: Separate permission for buttons and workflows - #9 by Chr1sG
Since buttons are a sort of field, as indicated by Chris, it would be interesting to allow to lookup a button from one entity to another.
The kicker is that the permissions could then be based on the looked up entity, and not the current entity.
So you can create a button on an entity, give it edit access (so that the user can press the button), then look that button up to the other database. Then the entity is read-only, but the button is clickable.
This goes against what I say here: Lookups are visible to those with no access, but not rich text - #4 by RonMakesSystems
But I also think that buttons are different enough from data storage that this might be okay.
You could then have different buttons have access to different people with different relationship fields and different access templates.
This could also sort of solve this: Editable Lookup Fields
If the user has editor access, they can press the button to update the entity.
Just a thought!