diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php
--- a/src/__phutil_library_map__.php
+++ b/src/__phutil_library_map__.php
@@ -4628,6 +4628,7 @@
     'PhabricatorRepositoryIdentityAssignTransaction' => 'applications/repository/xaction/PhabricatorRepositoryIdentityAssignTransaction.php',
     'PhabricatorRepositoryIdentityChangeWorker' => 'applications/repository/worker/PhabricatorRepositoryIdentityChangeWorker.php',
     'PhabricatorRepositoryIdentityEditEngine' => 'applications/repository/engine/PhabricatorRepositoryIdentityEditEngine.php',
+    'PhabricatorRepositoryIdentityEditViewCapability' => 'applications/repository/capability/PhabricatorRepositoryIdentityEditViewCapability.php',
     'PhabricatorRepositoryIdentityFerretEngine' => 'applications/repository/search/PhabricatorRepositoryIdentityFerretEngine.php',
     'PhabricatorRepositoryIdentityPHIDType' => 'applications/repository/phid/PhabricatorRepositoryIdentityPHIDType.php',
     'PhabricatorRepositoryIdentityQuery' => 'applications/repository/query/PhabricatorRepositoryIdentityQuery.php',
@@ -11325,6 +11326,7 @@
     'PhabricatorRepositoryIdentityAssignTransaction' => 'PhabricatorRepositoryIdentityTransactionType',
     'PhabricatorRepositoryIdentityChangeWorker' => 'PhabricatorWorker',
     'PhabricatorRepositoryIdentityEditEngine' => 'PhabricatorEditEngine',
+    'PhabricatorRepositoryIdentityEditViewCapability' => 'PhabricatorPolicyCapability',
     'PhabricatorRepositoryIdentityFerretEngine' => 'PhabricatorFerretEngine',
     'PhabricatorRepositoryIdentityPHIDType' => 'PhabricatorPHIDType',
     'PhabricatorRepositoryIdentityQuery' => 'PhabricatorCursorPagedPolicyAwareQuery',
diff --git a/src/applications/diffusion/application/PhabricatorDiffusionApplication.php b/src/applications/diffusion/application/PhabricatorDiffusionApplication.php
--- a/src/applications/diffusion/application/PhabricatorDiffusionApplication.php
+++ b/src/applications/diffusion/application/PhabricatorDiffusionApplication.php
@@ -183,6 +183,9 @@
       DiffusionCreateRepositoriesCapability::CAPABILITY => array(
         'default' => PhabricatorPolicies::POLICY_ADMIN,
       ),
+      PhabricatorRepositoryIdentityEditViewCapability::CAPABILITY => array(
+        'default' => PhabricatorPolicies::POLICY_USER,
+      ),
     );
   }
 
diff --git a/src/applications/repository/capability/PhabricatorRepositoryIdentityEditViewCapability.php b/src/applications/repository/capability/PhabricatorRepositoryIdentityEditViewCapability.php
new file mode 100644
--- /dev/null
+++ b/src/applications/repository/capability/PhabricatorRepositoryIdentityEditViewCapability.php
@@ -0,0 +1,16 @@
+<?php
+
+final class PhabricatorRepositoryIdentityEditViewCapability
+  extends PhabricatorPolicyCapability {
+
+  const CAPABILITY = 'repository.identity.create';
+
+  public function getCapabilityName() {
+    return pht('Can Edit and View Identities');
+  }
+
+  public function describeCapabilityRejection() {
+    return pht('You do not have permission to create or edit identities.');
+  }
+
+}
diff --git a/src/applications/repository/engine/PhabricatorRepositoryIdentityEditEngine.php b/src/applications/repository/engine/PhabricatorRepositoryIdentityEditEngine.php
--- a/src/applications/repository/engine/PhabricatorRepositoryIdentityEditEngine.php
+++ b/src/applications/repository/engine/PhabricatorRepositoryIdentityEditEngine.php
@@ -70,7 +70,8 @@
   }
 
   protected function getCreateNewObjectPolicy() {
-    return PhabricatorPolicies::POLICY_USER;
+    return $this->getApplication()->getPolicy(
+      PhabricatorRepositoryIdentityEditViewCapability::CAPABILITY);
   }
 
   protected function buildCustomEditFields($object) {
diff --git a/src/applications/repository/storage/PhabricatorRepositoryIdentity.php b/src/applications/repository/storage/PhabricatorRepositoryIdentity.php
--- a/src/applications/repository/storage/PhabricatorRepositoryIdentity.php
+++ b/src/applications/repository/storage/PhabricatorRepositoryIdentity.php
@@ -142,7 +142,10 @@
   }
 
   public function getPolicy($capability) {
-    return PhabricatorPolicies::getMostOpenPolicy();
+    $app = PhabricatorApplication::getByClass(
+      'PhabricatorDiffusionApplication');
+    return $app->getPolicy(
+      PhabricatorRepositoryIdentityEditViewCapability::CAPABILITY);
   }
 
   public function hasAutomaticCapability(