Registry Permissions
The following table lists the permissions that can be granted for the object types found in the registry.
Permissions for Registry Objects
| Permission | Meaning |
| A | Execute commands that act on replicas (sec_admin). |
| a | Modifies authentication information. |
| c | Modifies ACLs on objects. All registry ACLs must have one entry that specifies c (control) permission. |
| d | Deletes from an object's contents. |
| D | Deletes an object from the registry. |
| f | Modifies a principal's, group's, or organization's full name. |
| g | Adds a principal to a group. |
| i | Adds to a object's contents. |
| m | Modifies management information. |
| M | Adds and deletes members from this group or organization. To add a member to a group, you must also have g permission for the principal to be added. |
| n | Modifies the name of a directory, a principal, a group, or an organization. |
| u | Modifies user information. |
| r | Views management, authentication, and user information. |
| t | Tests the group or organization membership of a named principal. |
Management, Authentication, and User Information
Permission Required to Create Principals, Groups, or Organizations
Permissions Required to Delete Principals, Group, or Organizations
Permissions Required to Add Accounts
Permissions Required to Delete Accounts
Permissions Required to Add Members to Groups
Permissions Required to Add Members to Organizations
Permissions to Delete Members from Groups or Organizations
Permissions Required to Change a Principal's, Group's, or Organization's Full Name
Permissions Required to Change Management Information for Principals, Groups, or Organizations
Permissions Required to Change Passwords for Accounts
Permissions Required to Execute Commands That Act on Replicas
Permissions Required to Create Extended Registry Attribute Types
Permissions Required to Delete Extended Registry Attribute Types
Permissions Required to View Extended Registry Attribute Types
Permissions Required to Modify Extended Registry Attribute Types
Permission Required to Change ACLs on Registry Objects
Permissions Required by Slave Replicas