Access to objects in the Registry is set by access control policies (ACPs). The default access control policy specifies the following:
The predefined user Registry Guest can read any object. All users have this identity when they are not logged in to the Registry.
All registered users can create objects and can perform actions on objects they own.
Any user classified as a RegistryAdministrator can perform actions on all objects in the Registry. By default, only the predefined user Registry Operator is classified as an administrator. Instructions on becoming an administrator are in Creating an Administrator in Service Registry 3 2005Q4 Administration Guide.
Very fine-grained access control on individual objects is possible through custom ACPs. However, writing an ACP is currently a manual process that requires knowledge of OASIS eXtensible Access Control Markup Language (XACML). For details, refer to Chapter 9, “Access Control Information Model,” of ebXML RIM 3.0, especially the examples in Sections 9.7.6 through 9.7.8.