Access Rules for Cloned Items

Custom.ClonedItems.config

<?xml version="1.0"?>
<configuration xmlns:patch="http://www.sitecore.net/xmlconfig/">
  <sitecore>
    <accessRights defaultProvider="config">
      <rights>
        <add patch:after="*[@name='field:write']" name="field:writeClone" comment="Write right for fields." title="Field Write for Clones" modifiesData="false" />
        <add patch:after="*[@name='item:write']" name="item:writeClone" comment="Write right for items." title="Write for Clones" modifiesData="false" />
      </rights>
    </accessRights>

    <pipelines>
      <renderContentEditor>
        <processor patch:before="*[@type='Sitecore.Shell.Applications.ContentEditor.Pipelines.RenderContentEditor.RenderSkinedContentEditor, Sitecore.Client']" type="Sc8Master.Common.Clone.SetEditorFormatter, Sc8Master.Common" />
      </renderContentEditor>
    </pipelines>
  </sitecore>
</configuration>

CustomEditorFormatter.cs

//-----------------------------------------------------------------------
// <copyright file="CustomEditorFormatter.cs" company="Namics AG">
//     Original work Copyright (c) 2011 John West, see https://goo.gl/qnMWRL
//     Modified work Copyright 2016 Daniel Scherrer  
// </copyright>
//-----------------------------------------------------------------------

using System.Web.UI;
using Sitecore.Security.AccessControl;
using Assert = Sitecore.Diagnostics.Assert;
using SC = Sitecore;

namespace Sc8Master.Common.Clone
{
    public class CustomEditorFormatter : SC.Shell.Applications.ContentEditor.EditorFormatter
    {
        public override void RenderField(Control parent, SC.Shell.Applications.ContentManager.Editor.Field field, bool readOnly)
        {
            base.RenderField(parent, field, readOnly || this.ShouldMakeReadOnly(field));
        }

        public new void RenderField(Control parent, SC.Shell.Applications.ContentManager.Editor.Field field, SC.Data.Items.Item fieldType, bool readOnly)
        {
            base.RenderField(parent, field, fieldType, readOnly || this.ShouldMakeReadOnly(field));
        }

        public override void RenderField(Control parent, SC.Shell.Applications.ContentManager.Editor.Field field, SC.Data.Items.Item fieldType, bool readOnly, string value)
        {
            base.RenderField(parent, field, fieldType, readOnly || this.ShouldMakeReadOnly(field), value);
        }

        private bool ShouldMakeReadOnly(SC.Shell.Applications.ContentManager.Editor.Field field)
        {
            Assert.ArgumentNotNull(field, "field");
            Assert.IsNotNull(SC.Context.ContentDatabase,"Sitecore.Context.ContentDatabase");
            SC.Data.Items.Item fieldItem = SC.Context.ContentDatabase.GetItem(field.TemplateField.ID);
            Assert.IsNotNull(fieldItem, "fieldItem " + field.TemplateField.ID);
            return fieldItem.Appearance.ReadOnly || !AuthorizationManager.IsAllowed(fieldItem, AccessRight.FromName("field:writeClone"), SC.Context.User);
        }
    
    }
}

SetEditorFormatter.cs

using Sitecore.Security.AccessControl;
using SC = Sitecore;
namespace Sc8Master.Common.Clone
{
    public class SetEditorFormatter
    {
        public void Process(
          SC.Shell.Applications.ContentEditor.Pipelines.RenderContentEditor.RenderContentEditorArgs args)
        {
            if (args.Item.IsClone)
            {
                if (!AuthorizationManager.IsAllowed(args.Item, AccessRight.FromName("item:writeClone"), SC.Context.User))
                {
                    args.ReadOnly = true;
                }

                args.EditorFormatter = new CustomEditorFormatter {Arguments = args};
            }
        }
    }
}