Registry Services roles

Registry Services has a set of roles that control the access to its features.

Registry Services defines three different roles for access definition purposes:

RegistryClientRole: Grants read access to any data stored in the Registry Services database.

RegistryProviderAdminRole: Grants access to send requests over the data that is stored in the Registry Services database, except for creating, updating, or deleting Resource Shape definitions.

RegistryAdminRole: Grants access to send requests over the data that is stored in the Registry Services database.

The following tables outline the set of roles and maps them to the available Registry Services operations.

Table 1 displays the Service Provider operations available for each role.

Table 1. Registry Services roles and Service Provider operations
Role	Service Provider operations
	`Create`	`Update`	`Delete`
`RegistryAdminRole`	Yes	Yes	Yes
`RegistryClientRole`	No	No	No
`RegistryProviderAdminRole`	Yes	Yes	Yes

Table 2 displays the Registration Record operations available for each role.

Table 2. Registry Services roles and Registration Record operations
Role	Registration Record operations
	`Create`	`Update`	`Delete`
`RegistryAdminRole`	Yes	Yes	Yes
`RegistryClientRole`	No	No	No
`RegistryProviderAdminRole`	Yes	Yes	Yes

Table 3 displays the query operations available for each role.

Table 3. Registry Services roles and Query operations
Role	Query operations
	`Query Service Providers`	`Query Registration Records`	`Query Resource Records`	`Query Resource Shape`
`RegistryAdminRole`	Yes	Yes	Yes	Yes
`RegistryClientRole`	Yes	Yes	Yes	Yes
`RegistryProviderAdminRole`	Yes	Yes	Yes	Yes

Table 4 displays the batch and performance operations available for each role.

Table 4. Registry Services roles and batch operations and performance results
Role	Batch operations and performance results
	`Batch operations on Resource Records`	`Batch operations on Provider Records`	`Get performance statistics`
`RegistryAdminRole`	Yes	Yes	Yes
`RegistryClientRole`	No	No	No
`RegistryProviderAdminRole`	Yes	Yes	No

For information about the properties that specify these roles, see Properties for setting the secured access. Set these properties when you use the Registry Services CLI to install the application.

For information about the global security configuration, see Global security configuration requirement.