When configuring New Roles for Embedded Lists from list controls, the selected role restriction is not honored by the system.

- Add an embedded list to an existing form. Ex. from the Incident form, go to Configure/Form Layout and add the Problem-->Parent embedded list.
- Make sure that the table level Create ACL for Problem (Problem.None) is set to pass the ACL for  ITIL role.
- Impersonate any ITIL user and verify that you are able to add a new record from this embedded list - Now impersonate Maint user and personalize the embedded list by right clicking in the list header and selecting Configure/List Control
- Select New Roles in the Embedded Lust Control form and add the Maint user to the Selected role slush bucket and Save the form.
- Now impersonate an ITIL user and you will find that in spite of adding the embedded list New Role configuration, you are able to create a new record for the list.

Note: Tested ths the other way round as well, where the ACL passes a higher role such as Admin and the Embedded List requires a lower role such as ITIL, but it also works the same way where ITIL user is not allowed access to create new records from the Embedded list.

Use an related list instead of an embedded list.