All access to the registry is controlled by user accounts, which are created by the registry administrator. A user account is assigned one or more roles, which is a collection of security privileges. User accounts are not assigned privileges directly, but are instead assigned privileges through the designated role. Every user must have a OneData MDR user account. This eliminates the need for maintaining privileges at individual user level.