In your first example - are you confirming that if the original user (ilya) clicks it anywhere but the dashboard it works?
Your second error is unrelated and simply a security matter that you can't update info while testing as another user. That is expected.
If you test as that user - can you go to the record that you're clicking the button on and just 'edit' it natively? As in - instead of clicking the button - can you click the pencil on the row to enter into the Edit Form?
To your first question, yes I can confirm that he will not get the access error if he clicks the button anywhere but in the Dashboard. For your second question, testing as the user he can click the edit pencil on any record for the report where the button resides and enter the edit form.
Interesting. And the button on the dashboard is part of a report correct? The behavior doesn't really make sense at a high level. I would recommend doing a quick stare and compare when you hover over the button. If you go to the dash - and hover your mouse over the button, take a look at the link that pops up. In chrome - it should be at the lower left of your window of what link the button is referencing. Do the same in the report where it's working. Is there any difference?
Here is the url for the button when it resides on the Dashboard: https://maximind.quickbase.com/db/bqxbiq3x2/bqxxj9qi8?a=API_EditRecord&rid=4295&apptoken=xxx&_fid_736=1&rdr=https%3A%2F%2Fmaximind.quickbase.com%2Fdb%2Fbqxxj9qi8%3Fa%3Ddoredirect%26z%3Dzdyi
and here is the url when it is on the report (not on the dashboard): https://maximind.quickbase.com/db/bqxxj9qi8?a=API_EditRecord&rid=4295&apptoken=xxx&_fid_736=1&rdr=https%3A%2F%2Fmaximind.quickbase.com%2Fdb%2Fbqxxj9qi8%3Fa%3Ddoredirect%26z%3Dzdyp
You can see that that there is an extra table listed when on the dashboard
"bqxbiq3x2/bqxxj9qi8" What's that all about.
Here is the code for the button:
If([Archive cb] = false,
"<a class='Vibrant Success' style=\"width:100px; text-align: center;\" href='" & [_DBID_COURSE_INFORMATION]& "?a=API_EditRecord&rid=" & [Record ID#] & "&apptoken=xxx&_fid_736=1&rdr=" & URLEncode(URLRoot() & "db/" & [_DBID_COURSE_INFORMATION] & "?a=doredirect&z=" & Rurl()) & "'>Archive Record</a>",
"<a class='Vibrant Danger' style=\"width:100px;\" href='" & [_DBID_COURSE_INFORMATION] & "?a=API_EditRecord&rid=" & [Record ID#] & "&apptoken=xxx&_fid_736=0&rdr=" & URLEncode(URLRoot() & "db/" & [_DBID_COURSE_INFORMATION] & "?a=doredirect&z=" & Rurl()) & "'>UnArchive Record</a>"
------------------------------
George Bramhall
------------------------------
Just as a note for the future - I would advise removing the apptoken specifically from your copy/paste to this community.
When I look at the formula and your href - it looks like you're using the shorthand URL starting with just the DBID which probably a little different when interpreted on the dashboard. I would advise building the entire URL String with the URL Root like so:
"<a class='Vibrant Danger' style=\"width:100px;\" href='" & URLRoot() & "db/" & [_DBID_COURSE_INFORMATION] & "?
This way you don't give the opportunity for QB to do any guess work since it's a complete URL
