2
|
1 |
######################################################################
|
|
2 |
# Default Access Control File for Remote JMX(TM) Monitoring
|
|
3 |
######################################################################
|
|
4 |
#
|
|
5 |
# Access control file for Remote JMX API access to monitoring.
|
|
6 |
# This file defines the allowed access for different roles. The
|
|
7 |
# password file (jmxremote.password by default) defines the roles and their
|
|
8 |
# passwords. To be functional, a role must have an entry in
|
|
9 |
# both the password and the access files.
|
|
10 |
#
|
27565
|
11 |
# Default location of this file is $JRE/conf/management/jmxremote.access
|
|
12 |
# You can specify an alternate location by specifying a property in
|
|
13 |
# the management config file $JRE/conf/management/management.properties
|
2
|
14 |
# (See that file for details)
|
|
15 |
#
|
|
16 |
# The file format for password and access files is syntactically the same
|
|
17 |
# as the Properties file format. The syntax is described in the Javadoc
|
|
18 |
# for java.util.Properties.load.
|
|
19 |
# Typical access file has multiple lines, where each line is blank,
|
|
20 |
# a comment (like this one), or an access control entry.
|
|
21 |
#
|
|
22 |
# An access control entry consists of a role name, and an
|
|
23 |
# associated access level. The role name is any string that does not
|
|
24 |
# itself contain spaces or tabs. It corresponds to an entry in the
|
|
25 |
# password file (jmxremote.password). The access level is one of the
|
|
26 |
# following:
|
|
27 |
# "readonly" grants access to read attributes of MBeans.
|
|
28 |
# For monitoring, this means that a remote client in this
|
|
29 |
# role can read measurements but cannot perform any action
|
|
30 |
# that changes the environment of the running program.
|
|
31 |
# "readwrite" grants access to read and write attributes of MBeans,
|
|
32 |
# to invoke operations on them, and to create or remove them.
|
27565
|
33 |
# This access should be granted to only trusted clients,
|
2
|
34 |
# since they can potentially interfere with the smooth
|
27565
|
35 |
# operation of a running program
|
2
|
36 |
#
|
|
37 |
# A given role should have at most one entry in this file. If a role
|
|
38 |
# has no entry, it has no access.
|
|
39 |
# If multiple entries are found for the same role name, then the last
|
|
40 |
# access entry is used.
|
|
41 |
#
|
|
42 |
#
|
|
43 |
# Default access control entries:
|
27565
|
44 |
# o The "monitorRole" role has readonly access.
|
2
|
45 |
# o The "controlRole" role has readwrite access.
|
|
46 |
#
|
|
47 |
# monitorRole readonly
|
|
48 |
# controlRole readwrite
|
|
49 |
|
|
50 |
guest readonly
|
|
51 |
admin readwrite
|