Recently I created a model I called sfDoctrineSecurityGenerator. It's an awesome class that you can drop directly into generator.yml that matches the admin generator's security credentials with those that you set in security.yml. This works with the default admin generator in core, and has worked swimmingly for me. So what is sfModelGenerator? sfModelGenerator is an abstract class extended by the ORM in order to auto-generate files. This class is used anywhere you have a generator.yml file, or any time you run the tasks ./symfony doctrine:generate-module or ./symfony doctrine:generate-admin. Step 0 (optional): If you don't have a module set up that uses the generator.yml file, see Fabien's Screencast on how to use it. You can also run a command like this: php symfony doctrine:generate-admin myapp MyModel. Step 1: Add this file to /path/to/project/lib/generator/sfDoctrineSecurityGenerator.yml. Step 2: Swap out the sfDoctrineGenerator field in your generator.yml for sfDoctrineSecurityGenerator. Should look like this:
  class:                            sfDoctrineSecurityGenerator      # was "sfDoctrineGenerator"
    model_class:                     MyModel
    theme:                              default
Step 3: Add a security.yml file to your module's config directory if one doesn't exist already. This would look something like below:
# /path/to/project/myapp/modules/company/config/security.yml
  is_secure: on

  credentials: [Company Edit]

  credentials: [Company New]

  credentials: [Company Delete]

Step 4: Set the use_security_yaml_credentials flag to true. Add use_security_yaml_credentials: true to your generator.yml's params, so it looks like the following:
  class: sfDoctrineSecurityGenerator
    model_class:           Company
    use_security_yaml_credentials: true

      actions: ~
      fields:  ~
      list:    ~
      filter:  ~
      form:    ~
      edit:    ~
      new:     ~
Note: If you don't set up a security.yml file (Step 3), this next step will throw an exception
You are now in business. The admin generator is now smart enough to hide EDIT links from users lacking the Company Edit credential. This is the same with DELETE and NEW actions as well. In fact, this works for any custom action declared in generator.yml. For instance, if your generator.yml looked something like...
      mycustomaction: { name: 'Do Stuff Now!', action: dostuff }
...and a dostuff credential existed in security.yml, the link "Do Stuff Now!" will only show to those with the correct credentials. Pretty cool stuff. The sfDoctrineSecurityGenerator.yml class can be found here. As always, please report any issues and give me your feedback!