Linking entities requires edit rights for at least one end, so it might be possible for someone to click Approve on a Task they don’t have edit rights for if the action is to link the User entity to the Task.
But in general, a lot of the actions require edit access for the item on which the button lives.
Indeed, button’s don’t have values, so can’t be queried, but my point is, the idea of a capability called “Can Edit this entity” is something that can be applied to all entities in the workspace, no matter what fields the database has.
But the idea of a capability called “Can press the ‘Approve’ button” and a separate capability called “Can edit the ‘Toggle send to client’ button” implies that capabilities are not conceptually universal across all dbs, but are dependent upon which buttons exist in any given database.
In that sense, it would mean controlling permissions as a function of what buttons (= ‘fields’) a database has (aka field-level permissions).