We do something very similar to this. I assume that, server-side, you have a way of knowing the access level of the user.
What you need to do, in the Appointment_DataBound event of the Scheduler, is set the AllowDelete and AllowEdit properties appropriately, like this ...
sender, SchedulerEventArgs e)
e.Appointment.AllowEdit = e.Appointment.AllowDelete = UserHasEditAccessLevel;
When it comes to adding a new appointment, it depends on how you normally allow a user to do it. The normal method is for the user to double-click on an empty time slot. You can catch this and stop it if necessary by wiring up the OnFormCreating event ...
sender, SchedulerFormCreatingEventArgs e)
e.Cancel = !UserHasAddAccessLevel;
You can find more information about RadScheduler's events starting at this documentation page
. Similarly, you'll find a number of helpful ideas if you look at the code associated with the various RadScheduler demos
Hope this helps get you started.