When you revise or iterate you are storing new data to the database associated to an existing document, therefore you are creating data of that type you are denying. If you desire to configure an existing "single" context / container to allow create for revise and iterate you have many options, most require more configuration and some customization beyond the basics you have attempted:
- Use a workflow with a change process or a workflow bound to the object to fire off at a certain state to grant ad hoc acl's to a group / role on existing data; keeping in-tact your current deny. You use ACL's on the lifecycles, but I find these to be more difficult for folks to troubleshoot. The user on a change activity would get a task authorizing them to complete their work for existing part ABC123 and until they hit task complete, they have been granted temporary create permission to the business object aka the EPMDocument that is affected/resulting.
- Create an additional domain, assign to folder that allows create in this domain/folder only. As the data is lifecycled it's folder is changed such that a different set of policy restricting creation. Inside this folder / domain , you also just deny modify on the folder to prevent new data from added to the folder or something being modified/removed/deleted.
- Use a listener on method server to reject the persist store events on objects which are the mastered part number and name do not exist already. Get the master of the object and check if it is persistent already. Use a group / role / team to restrict access to those can create new versus create on existing.
- Use an combination of action filter and validator (for toolbar) that check membership of group / role / team to create new data of a certain type.
- Deny create from the organization level, grant create in only certain containers. (Multi container/context option)
It sounds like you need to review the basics of access control administration from the business admin guides and help center to better understand why denying create has this impact.
I had similar experience with WTParts and Types. I wanted to deny creation of Types and limit to certain users. When a user linked a CAD doc to it, it wants to iterate it. It then presents a problem in that the user cannot check in cad doc. I worked around it by changing the link type but not ideal. I wish deny rights were easier to use they are ok good in a very narrow use case.