Hi,
Apologies for a late reply. Somehow I was not subscribed to updates on this post. I needed to reread all information again.
I will try to give you my view on your questions. Note that your approach is also giving the correct result. I just tried to create less objects based on the required end result. As I don't have the full overview, maybe I missed something.
1a. The Maintain form in my suggestion has a different purpose than the Maintain form in your solution. In my set, I added this button 3 to create less privileges only. It would not be wrong to have a separate privilege.
1b. Also valid for 1a. In case there is a need and you foresee to separate access for button 1 and 2, then indeed, you can create separate privileges. Anyway, if there is a requirement for a change, something needs to be adjusted in the security.
2. This was not a typo. Again, I didn't know all the details for this customization. In case a user is not allowed to make changes on the grid, I would initially call it a View permission. In your reply, you now clarified the purpose of the buttons. That is changing data on the grid, so then it becomes indeed a Maintain permission.
3. Correct. See the answers above (1 and 2).
4. See also my reply on question 2. In case you need it in the future, you would need to make changes anyway. In case you now have an unlinked duty and you choose not to delete it, best practice checks will alert you that the duty is not included in any security role.
5. In your solution B, you used all security objects. Then the best practice checks will not complain about an "obsolete" object.
For your solution A or B, there is not a real difference apart from the best practice check warning you can expect for solution A.