When users are self-registered through email or SMS, an OTP will be sent to their email or SMS, at the same time a RADIUS account is auto generated, usually username is the email or mobile no. with a random password. 

By default, there's no access control/restriction for the auto generated user accounts, but the accounts are usually assigned to a profile group, eg. LOCAL (or email or SMS etc, can check out from RADIUS --> Management --> Users).

Usually there's no default profile called "LOCAL" exist in RADIUS database, so in order to enforce these users, we just need to create a RADIUS profile called "LOCAL" (or matching whatever assigned to users), then proceed to assign access rights for this profile, and all users using this profile (the self-registered users) will inherit this setting.

If you want to "borrow" settings from existing similar profile, just clone the target profile, rename it to LOCAL, then change the respective "Access Info" settings.