D7, IBO4.5B FB1.5

This is a followup to my prior post regarding table access rights.

Helen pointed out that I should use RequestLive = True and let IBO
calculate the xxxSQL statements on the fly.

This does work ok, however not when I have specific column access
set in RDB$PRIVILEGES.

EX: table Contacts has Update rights for various individual fields
and none for others when the client role is WAREHOUSE.

When logged in as roll = WAREHOUSE I can open the table now and
browse, but when I try to edit ANY field I get a GDS error
335544352 "no permission..." error on one of the non-editable fields.

When I look at the SQL monitor the Update statement includes all the
fields in the table including the ones for which there is no Update
privilege.

So my assumption is that IBO checks for table access for UPDATE, but
not for any particular column rights when it creates an xxxSQL
statement.

I can't see from the monitor how IBO is querying the RDB$PRIVILEGES
to find the access rights.

If I want individual field access, do I just need to take over the
xxxSQL statements in the code?

TIA

Rick