diff --git a/config/vufind/permissions.ini b/config/vufind/permissions.ini
index c5baa3ffe70e5f6be2c4be90b2a6ebfa7de77f9a..e36cf4e944faa9e1d9f69be38e35dc7b4658d97f 100644
--- a/config/vufind/permissions.ini
+++ b/config/vufind/permissions.ini
@@ -75,6 +75,7 @@
 ; access.PrimoModule - Controls access to ALL Primo content
 ; access.StaffViewTab - Controls access to the staff view tab in record mode
 ; access.SummonExtendedResults - Controls visibility of protected Summon results
+; feature.Favorites - Controls access to the "save favorites" feature
 
 ; Default configuration for the EIT module; see EIT.ini for some notes on this.
 [default.EITModule]
@@ -93,6 +94,11 @@ role[] = guest
 role[] = loggedin
 permission = access.StaffViewTab
 
+; By default, favorites are available to all logged-in users.
+[default.Favorites]
+role[] = loggedin
+permission = feature.Favorites
+
 ; Example for dynamic debug mode
 ;[default.DebugMode]
 ;username[] = admin
diff --git a/module/VuFind/src/VuFind/Controller/AbstractRecord.php b/module/VuFind/src/VuFind/Controller/AbstractRecord.php
index f93093044793e7ddb07421bad656e91709222326..073b6e5a3eb62947b5b32bef9de676c495299326 100644
--- a/module/VuFind/src/VuFind/Controller/AbstractRecord.php
+++ b/module/VuFind/src/VuFind/Controller/AbstractRecord.php
@@ -326,6 +326,12 @@ class AbstractRecord extends AbstractBase
             throw new ForbiddenException('Lists disabled');
         }
 
+        // Check permission:
+        $response = $this->permission()->check('feature.Favorites', 'promptLogin');
+        if (is_object($response)) {
+            return $response;
+        }
+
         // Process form submission:
         if ($this->formWasSubmitted('submit')) {
             return $this->processSave();
diff --git a/module/VuFind/src/VuFind/Controller/MyResearchController.php b/module/VuFind/src/VuFind/Controller/MyResearchController.php
index e55310344d530b7b50cc282f0fcf360a9995ccbf..fac083cd056038a8377f6fee34ec4da3f5bdff84 100644
--- a/module/VuFind/src/VuFind/Controller/MyResearchController.php
+++ b/module/VuFind/src/VuFind/Controller/MyResearchController.php
@@ -706,6 +706,12 @@ class MyResearchController extends AbstractBase
             throw new ForbiddenException('Lists disabled');
         }
 
+        // Check permission:
+        $response = $this->permission()->check('feature.Favorites', 'promptLogin');
+        if (is_object($response)) {
+            return $response;
+        }
+
         // Check for "delete item" request; parameter may be in GET or POST depending
         // on calling context.
         $deleteId = $this->params()->fromPost(
diff --git a/themes/bootstrap3/templates/RecordDriver/SolrDefault/result-list.phtml b/themes/bootstrap3/templates/RecordDriver/SolrDefault/result-list.phtml
index 97232352659b8cee5d4e27a5c63b142720139b27..a28191deb95830732978a5322084a4f514372724 100644
--- a/themes/bootstrap3/templates/RecordDriver/SolrDefault/result-list.phtml
+++ b/themes/bootstrap3/templates/RecordDriver/SolrDefault/result-list.phtml
@@ -173,9 +173,13 @@
       <? endif; ?>
 
       <? if ($this->userlist()->getMode() !== 'disabled'): ?>
-        <? /* Add to favorites */ ?>
-        <i class="result-link-icon fa fa-fw fa-star" aria-hidden="true"></i>
-        <a href="<?=$this->recordLink()->getActionUrl($this->driver, 'Save')?>" data-lightbox class="save-record result-link-label" data-id="<?=$this->escapeHtmlAttr($this->driver->getUniqueId()) ?>"><?=$this->transEsc('Add to favorites')?></a><br/>
+        <? if ($this->permission()->allowDisplay('feature.Favorites')): ?>
+          <? /* Add to favorites */ ?>
+          <i class="result-link-icon fa fa-fw fa-star" aria-hidden="true"></i>
+          <a href="<?=$this->recordLink()->getActionUrl($this->driver, 'Save')?>" data-lightbox class="save-record result-link-label" data-id="<?=$this->escapeHtmlAttr($this->driver->getUniqueId()) ?>"><?=$this->transEsc('Add to favorites')?></a><br/>
+        <? elseif ($block = $this->permission()->getAlternateContent('feature.Favorites')): ?>
+          <?=$block?>
+        <? endif; ?>
         <? /* Saved lists */ ?>
         <div class="savedLists">
           <strong><?=$this->transEsc("Saved in")?>:</strong>
diff --git a/themes/bootstrap3/templates/RecordDriver/SolrDefault/toolbar.phtml b/themes/bootstrap3/templates/RecordDriver/SolrDefault/toolbar.phtml
index 6445ed461f2d80ca57eb92e594560776d05c71a2..c90ddb37fbf02f55c340b2985077b9fee9819eac 100644
--- a/themes/bootstrap3/templates/RecordDriver/SolrDefault/toolbar.phtml
+++ b/themes/bootstrap3/templates/RecordDriver/SolrDefault/toolbar.phtml
@@ -26,7 +26,13 @@
   <? endif; ?>
 
   <? if ($this->userlist()->getMode() !== 'disabled'): ?>
-    <li><a class="save-record" data-lightbox href="<?=$this->recordLink()->getActionUrl($this->driver, 'Save')?>" rel="nofollow"><i class="fa fa-star" aria-hidden="true"></i> <?=$this->transEsc('Add to favorites')?></a></li>
+    <li>
+      <? if ($this->permission()->allowDisplay('feature.Favorites')): ?>
+        <a class="save-record" data-lightbox href="<?=$this->recordLink()->getActionUrl($this->driver, 'Save')?>" rel="nofollow"><i class="fa fa-star" aria-hidden="true"></i> <?=$this->transEsc('Add to favorites')?></a>
+      <? elseif ($block = $this->permission()->getAlternateContent('feature.Favorites')): ?>
+        <?=$block?>
+      <? endif; ?>
+    </li>
   <? endif; ?>
   <? if (!empty($addThis)): ?>
     <li><a class="addThis addthis_button" href="https://www.addthis.com/bookmark.php?v=250&amp;pub=<?=urlencode($addThis)?>"><i class="fa fa-bookmark" aria-hidden="true"></i> <?=$this->transEsc('Bookmark')?></a></li>