Starting in v17.0, the Registration Template now inherits security permissions from its Category.
Previously, a Registration Instance determined EDIT access by first checking the Registration Template's EDIT permissions. If none were found, it would default to the Rock.Model.RegistrationTemplate entity type's permissions. Since modifying security on Rock.Model.RegistrationTemplateisn't ideal or recommended, this update makes the RegistrationTemplate inherit from the Category instead.
This means you can now set EDIT permissions at the Category level rather than on individual Templates, allowing more flexibility in controlling who can edit Registration Instances.
This is a similar approach used with Data View's and their Categories.
Note:
The Registration Instance Detail (WebForms) block also uses block-level (CMS) security. If someone has EDIT permission on the block itself, they will retain access regardless of the entity's security settings.