Registry Services roles
Registry Services has a set of roles that control the access to its features.
- RegistryClientRole
- Grants read access to any data stored in the Registry Services database.
- RegistryProviderAdminRole
- Grants access to send requests over the data that is stored in the Registry Services database, except for creating, updating, or deleting Resource Shape definitions.
- RegistryAdminRole
- Grants access to send requests over the data that is stored in the Registry Services database.
The following tables outline the set of roles and maps them to the available Registry Services operations.
Table 1 displays the Service Provider operations available for each role.
Role | Service Provider operations | ||
---|---|---|---|
Create | Update | Delete | |
RegistryAdminRole | Yes | Yes | Yes |
RegistryClientRole | No | No | No |
RegistryProviderAdminRole | Yes | Yes | Yes |
Table 2 displays the Registration Record operations available for each role.
Role | Registration Record operations | ||
---|---|---|---|
Create | Update | Delete | |
RegistryAdminRole | Yes | Yes | Yes |
RegistryClientRole | No | No | No |
RegistryProviderAdminRole | Yes | Yes | Yes |
Table 3 displays the query operations available for each role.
Role | Query operations | |||
---|---|---|---|---|
Query Service Providers | Query Registration Records | Query Resource Records | Query Resource Shape | |
RegistryAdminRole | Yes | Yes | Yes | Yes |
RegistryClientRole | Yes | Yes | Yes | Yes |
RegistryProviderAdminRole | Yes | Yes | Yes | Yes |
Table 4 displays the batch and performance operations available for each role.
Role | Batch operations and performance results | ||
---|---|---|---|
Batch operations on Resource Records | Batch operations on Provider Records | Get performance statistics | |
RegistryAdminRole | Yes | Yes | Yes |
RegistryClientRole | No | No | No |
RegistryProviderAdminRole | Yes | Yes | No |
For information about the properties that specify these roles, see Properties for setting the secured access. Set these properties when you use the Registry Services CLI to install the application.
For information about the global security configuration, see Global security configuration requirement.