In many cases, the customer want that some functionality in RTE are not accessible for some authors and accessible to the other. For safety reasons for example, it's necessary to allow the Webmaster only the ability to insert links within rich text editor or to add images. In Sitecore it is possible and pretty easy to set access rights for some roles or users to read, write or edit some fields within a component.
In this article we will take a look how we could configure a rich text editor, the way that the role "User/Author" will not be able to use the button "Insert Link" while the Webmaster is allowed to use the "Insert Link" button.

Assumed, we have a component with a Title, Subtitle and a copy text which will be edited within a Rich Text Editor. The rich text editor contains the following functions:
  • Copy, Paste
  • Undo, Redo
  • Italic
  • Superscript
  • Insert Link
The Webmaster role will be able to use all functions, the user/author role will not be permitted to use "Insert Link". There is a simple way to achieve that.

1. Create a Html Editor Profile

We create two toolbars within the "Html Editor Profiles", in the first Toolbar "Toolbar 1" we will add the buttons (Copy, Paste, Undo, Redo, Italic and Superscript) and within the second Toolbar "Toolbar 2" we will place the "Insert Link" button only.
First we create own Html Editor Profile, change to "core" database. Open the Content Editor, go to sitecore/system/settings/Html Editor Profiles, you will find some default Html Editor Profiles, like Rich Text Default, Rich Text Full etc. As the name indicates, those are pre configured rich text profile with several functions, Rich text default for example, contains the default toolbar functions, like Bold, Italic, Divider etc. This profile contains the "Insert Link" button, that we need. So we will create a similar profile, the easiest way to achieve that is, right click on Rich Text Default Profile folder and click on "Duplicate" in the context menu.
Duplicate_RichTextDefault
We rename it to "Custom Rich Text Profile".
When we expand the content of this new duplicated profile, we will see that we have one toolbar only "Toolbar 1", so we create a second toolbar by duplicating "Toolbar 1". Right click on "Toolbar 1" and select "Duplicate", rename it to "Toolbar 2", at the end delete all other buttons within "Toolbar 2" except the "Insert Link" button and delete the "Insert Link" button within "Toolbar 1". And don't forget to save.
Until this step we have a new rich text profile with two toolbars.
In the next step, we will add the path of the new created rich text profile to the datasource of rich text editor within the component, in this way sitecore know which profile should be showed in the used rich text editor.
Go to "master" database, and open the template, which contains the rich text editor. Add in the data source field of the rich text editor the path of the "Custom Rich Text Profile" folder.
Paste_RTE_Profile_Path

2. Set the access rights

2.1 Simple case

Now we need to configure the access rights the way that every user of the role "User" will not be able to use the "Toolbar 2", which contains the "Insert Link" Button.
Role
Access rights on Toolbar 1
Access rights on Toolbar 2
User/Author
Full
None
Webmaster
Full
Full
Sitecore provides a useful tool called "Security Editor"
Security_Editor
With the "Security Editor" we could set access rights for explicit fields and items.
We need to switch again to "core" database, to set access rights directly on "Custom Rich Text Editor".
We open the security Editor, select the role user or author, as needed. Expand again sitecore/system/settings/Html Editor Profiles/Custom Rich Text Profile, select "Toolbar 2" and set the read, write, edit etc. rights to deny.
Set_Deny_Toolbar2_User
Until this point we don't need to do any further actions, the toolbar "Toolbar 2" with "Insert Link" button is denied for all users with Author or User as role. "Toolbar 1" and "Toolbar 2" are per default accessible for other roles like Webmaster.

2.2 User role inherit from Webmaster role

In some cases, according to implemented role concept, the user role inherit from Webmaster role. That means the user role has the same access rights as the Webmaster. Now the question is, how could we configure the access rights the way that the user is forbidden to read "Toolbar 2" although he inherit the read rights from the webmaster, which is allowed to read "Toolbar 2". The magic word is "broke the inheritance", sitecore provides the possibility to broke the inheritance of access rights between a role and its ancestor. Concrete, we tell sitecore that the role "Webmaster" has full access rights to "Toolbar 2" and that the role "User/Author" has broken inheritance to "Webmaster" on this toolbar
So we set the full rights of "Webmaster" explicit on the profile folder of the tool bars, in our example "Custom Rich Text Editor".  And for "User/Author" we broke the inheritance on "Toolbar 2".
Break_Inheritance
That is all. When a Webmaster use the rich text editor, "Toolbar 2" will be visible and editable, but for "User/Author" it will be hidden.
That was just an example how we could edit the access rights on several items the way we need, it was a guideline more than a checklist.