Close on Save/Cancel only has effect on forms shown in content. See the data view documentation for more information. Are you maybe trying to use it for popups? If you want to stay inside a popup you can make custom buttons in the data view control bar that do not close the form.
With respect to showing buttons 'only if allowed': your assumption is right. The delete button should only be visible for user roles that are allowed to delete objects of that entity as specified in the access rules in the domain model. Do you have the security level set to production?
And David, the New button checks both the permissions for creating objects and the form that is connected to the New button. Make sure a user has access to both if you want the button to appear.
See the documentation of the various buttons for the visibility rules.
I have seen the opposite behaviour where a New button with Visible-only if allowed is always hidden for Roles that have create permission, and I have had to change it to visible - always to get over this.
Added comment following answer above:
My security level is set to production. The User is a member of 2 roles - one role has access to form, one has access to data and rights to create new records. These rights should be additive?? They appear not to be.