diff --git a/app/models/spree/ability.rb b/app/models/spree/ability.rb
index cc4aeb007a..2b162f8750 100644
--- a/app/models/spree/ability.rb
+++ b/app/models/spree/ability.rb
@@ -202,7 +202,7 @@ module Spree
     def add_product_management_abilities(user)
       # Enterprise User can only access products that they are a supplier for
       can [:create], Spree::Product
-      # An enterperprise user can change a product if they are supplier of at least
+      # An enterprise user can change a product if they are supplier of at least
       # one of the product's associated variants
       can [:admin, :read, :index, :update,
            :seo, :group_buy_options,
@@ -214,7 +214,16 @@ module Spree
         )
       end
 
-      can [:admin, :index, :bulk_update, :destroy, :destroy_variant, :clone], :products_v3
+      # An enterprise user can clone if they have been granted permission to the source variant.
+      # Technically I'd call this permission clone_source_variant, but it would be less confusing to
+      # use the same name as everywhere else.
+      can [:create_sourced_variant], Spree::Variant do |variant|
+        OpenFoodNetwork::Permissions.new(user).
+          enterprises_granting_sourced_variants.include? variant.supplier
+      end
+
+      can [:admin, :index, :bulk_update, :destroy, :destroy_variant, :clone,
+           :create_sourced_variant], :products_v3
 
       can [:create], Spree::Variant
       can [:admin, :index, :read, :edit,
diff --git a/lib/open_food_network/permissions.rb b/lib/open_food_network/permissions.rb
index b3239d1b72..10f8495e37 100644
--- a/lib/open_food_network/permissions.rb
+++ b/lib/open_food_network/permissions.rb
@@ -86,6 +86,10 @@ module OpenFoodNetwork
       managed_and_related_enterprises_granting :manage_products
     end
 
+    def enterprises_granting_sourced_variants
+      related_enterprises_granting :create_sourced_variants
+    end
+
     def manages_one_enterprise?
       @user.enterprises.length == 1
     end
diff --git a/spec/models/spree/ability_spec.rb b/spec/models/spree/ability_spec.rb
index 60b0b67f8e..9f71ac98e1 100644
--- a/spec/models/spree/ability_spec.rb
+++ b/spec/models/spree/ability_spec.rb
@@ -364,6 +364,19 @@ RSpec.describe Spree::Ability do
                                         for: p2.variants.first)
       end
 
+      describe "create_sourced_variant" do
+        it "should not be able to create sourced variant without permission" do
+          is_expected.not_to have_ability([:create_sourced_variant], for: p_related.variants.first)
+        end
+
+        it "should be able to create sourced variant when granted permission" do
+          create(:enterprise_relationship, parent: s_related, child: s1,
+                                           permissions_list: [:create_sourced_variants])
+
+          is_expected.to have_ability([:create_sourced_variant], for: p_related.variants.first)
+        end
+      end
+
       it "should not be able to access admin actions on orders" do
         is_expected.not_to have_ability([:admin], for: Spree::Order)
       end
@@ -720,6 +733,19 @@ RSpec.describe Spree::Ability do
       it "can request permitted enterprise fees for an order cycle" do
         is_expected.to have_ability([:for_order_cycle], for: EnterpriseFee)
       end
+
+      describe "create_sourced_variant" do
+        it "should not be able to create sourced variant without permission" do
+          is_expected.not_to have_ability([:create_sourced_variant], for: p_related.variants.first)
+        end
+
+        it "should be able to create sourced variant when granted permission" do
+          create(:enterprise_relationship, parent: s_related, child: d1,
+                                           permissions_list: [:create_sourced_variants])
+
+          is_expected.to have_ability([:create_sourced_variant], for: p_related.variants.first)
+        end
+      end
     end
 
     context 'Order Cycle co-ordinator, distributor enterprise manager' do
@@ -795,6 +821,19 @@ RSpec.describe Spree::Ability do
       it "has the ability to manage vouchers" do
         is_expected.to have_ability([:admin, :create], for: Voucher)
       end
+
+      describe "create_sourced_variant for own enterprise" do
+        it "should not be able to create own sourced variant without permission" do
+          is_expected.not_to have_ability([:create_sourced_variant], for: p1.variants.first)
+        end
+
+        it "should be able to create own sourced variant when granted self permission" do
+          create(:enterprise_relationship, parent: s1, child: s1,
+                                           permissions_list: [:create_sourced_variants])
+
+          is_expected.to have_ability([:create_sourced_variant], for: p1.variants.first)
+        end
+      end
     end
 
     context 'enterprise owner' do