It is not clear if you are using standard or custom roles.
Which approach to solve your requirement heavily depends on the structure of your current security setup.
The way you can approach this requirement, is to create a new privilege and grant "Update" access on the relevant menu items.
Leave the "Create" and "Delete" access to "Unset".
This privilege then needs to be added to your relevant role and/or duty if you want to assign duties to your roles.
Be aware that if the users already have access to maintain purchase orders, then you should remove the duty/privilege granting maintain access from the security role as well. As security is cumulative, the combined access level across every role/duty/privilege assigned to a user, will be the users effective access.
