From e45d2384398dad30cb2d291d9f2495ac0c05c322 Mon Sep 17 00:00:00 2001
From: Noah Luna <15202580+ngrayluna@users.noreply.github.com>
Date: Thu, 11 Jun 2026 12:28:52 -0700
Subject: [PATCH 1/4] Add info about SA access to different types of registries

---
 models/registry/configure_registry.mdx | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/models/registry/configure_registry.mdx b/models/registry/configure_registry.mdx
index c50686ff3c..dd59e97b26 100644
--- a/models/registry/configure_registry.mdx
+++ b/models/registry/configure_registry.mdx
@@ -22,7 +22,7 @@ Registry admins can add individual users or entire teams to a registry. To add a
     <img src="/images/registry/add_team_registry.gif" alt="Adding teams to registry"  />
 </Frame>
 
-Learn more about [configuring user roles in a registry](/models/registry/configure_registry/#configure-registry-roles), or [registry role permissions](/models/registry/configure_registry/#registry-role-permissions) . 
+Learn more about [configuring user roles in a registry](/models/registry/configure_registry/#configure-registry-roles), or [registry role permissions](/models/registry/configure_registry/#registry-permissions) . 
 
 ### Remove a user or team
 A registry admin can remove individual users or entire teams from a registry. To remove a user or team from a registry:
@@ -80,11 +80,22 @@ W&B automatically assigns a default **registry role** to a user or team when the
 | Service account (non admin)            | Member<sup><a href="#service_account_footnote">1</a></sup>                | Member<sup><a href="#service_account_footnote">1</a></sup> |
 | Org admin                              | Admin                                                       | Admin                                           |
 
-<a id="service_account_footnote">1</a>: Service accounts cannot have **Viewer** or **Restricted Viewer** roles.
+<a id="service_account_footnote">1</a>: Service accounts cannot have **Viewer** or **Restricted Viewer** roles. See [Service account access](#service-account-access) for how a service account's access is determined.
 
 A registry admin can assign or modify roles for users and teams in the registry.
 See [Configure user roles in a registry](/models/registry/configure_registry/#configure-registry-roles) for more information.
 
+### Service account access
+
+Service accounts cannot have **Viewer** or **Restricted Viewer** roles, their access to a registry is determined as follows:
+
+- **Registries with Organization visibility**: a service account automatically has **Member** access.
+- **Registries with Restricted visibility**: access depends on the role assigned to the service account's team:
+  - If the team is added to the registry as a **Member** or **Admin**, the service account automatically receives **Member** access.
+  - If the team is a **Viewer** or **Restricted Viewer**, the service account does *not* receive access automatically. A registry admin must [add the service account to the registry manually](/models/registry/configure_registry/#add-a-user-or-a-team).
+
+See [Visibility types](/models/registry/create_registry#visibility-types) for more information about registry visibility types.
+
 ### Role permissions
 The following table lists each Registry role, along with the permissions provided by each role:
 

From d6ce8fbfcf7627e871c788e8dfdd982b93dc389c Mon Sep 17 00:00:00 2001
From: Noah Luna <15202580+ngrayluna@users.noreply.github.com>
Date: Thu, 11 Jun 2026 12:32:57 -0700
Subject: [PATCH 2/4] word smith

---
 models/registry/configure_registry.mdx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/models/registry/configure_registry.mdx b/models/registry/configure_registry.mdx
index dd59e97b26..8e755096ae 100644
--- a/models/registry/configure_registry.mdx
+++ b/models/registry/configure_registry.mdx
@@ -90,7 +90,7 @@ See [Configure user roles in a registry](/models/registry/configure_registry/#co
 Service accounts cannot have **Viewer** or **Restricted Viewer** roles, their access to a registry is determined as follows:
 
 - **Registries with Organization visibility**: a service account automatically has **Member** access.
-- **Registries with Restricted visibility**: access depends on the role assigned to the service account's team:
+- **Registries with Restricted visibility**: service acount access depends on the role assigned to the service account's team:
   - If the team is added to the registry as a **Member** or **Admin**, the service account automatically receives **Member** access.
   - If the team is a **Viewer** or **Restricted Viewer**, the service account does *not* receive access automatically. A registry admin must [add the service account to the registry manually](/models/registry/configure_registry/#add-a-user-or-a-team).
 

From 35891a8eb3a98de867bc7bede666c9693becfbe5 Mon Sep 17 00:00:00 2001
From: Noah Luna <15202580+ngrayluna@users.noreply.github.com>
Date: Thu, 11 Jun 2026 12:36:30 -0700
Subject: [PATCH 3/4] more word smithing

---
 models/registry/configure_registry.mdx | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/models/registry/configure_registry.mdx b/models/registry/configure_registry.mdx
index 8e755096ae..3b594b3cde 100644
--- a/models/registry/configure_registry.mdx
+++ b/models/registry/configure_registry.mdx
@@ -22,7 +22,7 @@ Registry admins can add individual users or entire teams to a registry. To add a
     <img src="/images/registry/add_team_registry.gif" alt="Adding teams to registry"  />
 </Frame>
 
-Learn more about [configuring user roles in a registry](/models/registry/configure_registry/#configure-registry-roles), or [registry role permissions](/models/registry/configure_registry/#registry-permissions) . 
+Learn more about [configuring user roles in a registry](/models/registry/configure_registry/#configure-registry-roles), or [registry role permissions](/models/registry/configure_registry#role-permissions) . 
 
 ### Remove a user or team
 A registry admin can remove individual users or entire teams from a registry. To remove a user or team from a registry:
@@ -87,7 +87,7 @@ See [Configure user roles in a registry](/models/registry/configure_registry/#co
 
 ### Service account access
 
-Service accounts cannot have **Viewer** or **Restricted Viewer** roles, their access to a registry is determined as follows:
+Service accounts cannot have **Viewer** or **Restricted Viewer** roles. W&B determines a service account's access to a registry with the following rules:
 
 - **Registries with Organization visibility**: a service account automatically has **Member** access.
 - **Registries with Restricted visibility**: service acount access depends on the role assigned to the service account's team:

From 9220ea93d9890e2d2959cf92bd2afc82f4cc1a28 Mon Sep 17 00:00:00 2001
From: Noah Luna <15202580+ngrayluna@users.noreply.github.com>
Date: Fri, 12 Jun 2026 11:27:18 -0700
Subject: [PATCH 4/4] feedback

---
 models/registry/configure_registry.mdx | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/models/registry/configure_registry.mdx b/models/registry/configure_registry.mdx
index 3b594b3cde..8fa1d34c73 100644
--- a/models/registry/configure_registry.mdx
+++ b/models/registry/configure_registry.mdx
@@ -87,12 +87,18 @@ See [Configure user roles in a registry](/models/registry/configure_registry/#co
 
 ### Service account access
 
-Service accounts cannot have **Viewer** or **Restricted Viewer** roles. W&B determines a service account's access to a registry with the following rules:
+W&B assigns a default access level to a service account based on the registry's visibility and the service account's team role. A registry admin can modify a service account's access by [adding the service account to the registry with a Member or Admin role](/models/registry/configure_registry/#add-a-user-or-a-team-to-a-registry).
+
+The following describes the default access level for a service account:
 
 - **Registries with Organization visibility**: a service account automatically has **Member** access.
 - **Registries with Restricted visibility**: service acount access depends on the role assigned to the service account's team:
   - If the team is added to the registry as a **Member** or **Admin**, the service account automatically receives **Member** access.
-  - If the team is a **Viewer** or **Restricted Viewer**, the service account does *not* receive access automatically. A registry admin must [add the service account to the registry manually](/models/registry/configure_registry/#add-a-user-or-a-team).
+  - If the team is a **Viewer** or **Restricted Viewer**, the service account does *not* receive access automatically.
+
+<Note>
+Service accounts cannot have **Viewer** or **Restricted Viewer** roles. 
+</Note>
 
 See [Visibility types](/models/registry/create_registry#visibility-types) for more information about registry visibility types.