Permissions are available for a user to create a given record, but the Create button is not available on the parent record's page.
When object records are created, the only guaranteed role the user will belong to is Owner. When atomic security is configured for an object, the Owner role will need to have edit permission on any field needed during the record to create the process in the object's default state.
- Check the Object's Page Layout for the section where the create button should be. Be sure the Prevent Record Creation option is not checked (enabled).
- Navigate to Admin --> Configuration --> Object Lifecycles.
- Click into the lifecycle.
- Go into the affected state.
- Note that the Atomic Security: Fields section defaults the state behavior to Read permission across all fields.
- Note that the affected role has overrides for Edit.
Per background information, the current user is not guaranteed to be in the role. So, the create process looks for the Owner role.
- Click on the Edit button for the Atomic Security: Fields section
- Click on the + Role Override button.
- Select Owner.
- For each of the fields required during the create process, select the Edit permission.
- The object must be marked editable. This is because it drives the visibility of the button itself If the parent field on a record cannot be set, it cannot be created.
- If no other fields are marked editable other than the parent, the dialog appears. However, the required fields are not editable, preventing the user from creating the record.
Vault Help Documentation: N/A