Hi Peter,
Check out the entity access for the entity user and also check the microflow access as you have allowed user to create the data or not if not allow the userrole you can able to see the button.
Hope this information helps.
As per Mendix security if Microflow is accessible to the user he will be able to see the button it triggers.
Hope it helps