When I want to prevent a user from performing an action on a page, do I disable that control, or do I just make it invisible?

It seems no one has really published any rules about when to use either of these options (at least none I can find).  Some applications use one method, when they should probably be using an other.   Many of you may think this to be trivial knowledge, but I see applications all the time that don’t follow general standards or even show consistency in the application itself. I would like to officially propose the following "soft" rules:

Rules:

1. If it is an action the user does not have permission to use, make it invisible. If the user is never going to have permission to perform the action, then there is no harm in not showing.  This may be preferable too so that casual users don’t know about actions that more advanced users may be able to perform.
2. If it is an action that the user normally has permission to perform, but is not available at that time, make it disabled.  Making actions invisible and visible again can confuse users because they expect to see certain actions in certain places.  Disabling it keeps the action in place, but the user can no longer select it.

For instance, lets say you are working on an ordering application.  There may be a "save" button that is disabled until the user enters in all relevant data.  Once the order is placed, no one can edit the order except an administrator. So, on a summary page you may have a "save changes" button that is only visible to those users with administrative permissions. However, what if you use the same form for adding and editing the order?  The regular user normally has the permission to "save" a new order, but not the permission to "save" and edit to an existing order.  Since this is technically a different action now, making this button be invisible is acceptable in accordance to the defined rules.

As with most rules, there may be exceptions.  These exceptions should only be used in "special case" scenarios.  Your application and company as a whole should have standards that are routinely followed.  Here are some proposed exceptions:

Exceptions to the rule:

1. When you need to disable an action and are working with a control which doesn’t have an enable property:  In this scenario you might look at a ReadOnly property or find some other way to "gray out" the action.  You should avoid making the action invisible if you can help it.
2. When you want some descriptive information displayed to the user even if they don’t permission: You might want to go ahead and show an action as disabled even if the user doesn’t have permission just so the user knows it is there.  You should avoid this doing this all together, but you may come up with a scenario where this makes sense.  If you do this, you may want to append something like "(admin)" to action name to inform the users that this isn’t a task they can perform.