|
2
|
1 |
#
|
|
|
2 |
|
|
|
3 |
# Access control file for Remote JMX API access to MBeanServer resources.
|
|
|
4 |
# This file defines the allowed access for different roles.
|
|
|
5 |
|
|
|
6 |
# The file format for the access file is syntactically the same as the
|
|
|
7 |
# Properties file format. The syntax is described in the Javadoc for
|
|
|
8 |
# java.util.Properties.load.
|
|
|
9 |
|
|
|
10 |
# A typical access file has multiple lines, where each line is blank,
|
|
|
11 |
# a comment (like this one), or an access control entry.
|
|
|
12 |
|
|
|
13 |
# An access control entry consists of a role name, and an associated access
|
|
|
14 |
# level. The role name is any string that does not itself contain spaces or
|
|
|
15 |
# tabs. It corresponds to an entry in the password file. The access level
|
|
|
16 |
# is one of the following:
|
|
|
17 |
#
|
|
|
18 |
# "readonly" grants access to read attributes of MBeans.
|
|
|
19 |
# For monitoring, this means that a remote client in this
|
|
|
20 |
# role can read measurements but cannot perform any action
|
|
|
21 |
# that changes the environment of the running program.
|
|
|
22 |
#
|
|
|
23 |
# "readwrite" grants access to read and write attributes of MBeans, to
|
|
|
24 |
# invoke operations on them, and to create or remove them.
|
|
|
25 |
# This access should be only granted to trusted clients,
|
|
|
26 |
# since they can potentially interfere with the smooth
|
|
|
27 |
# operation of a running program.
|
|
|
28 |
|
|
|
29 |
# A given role should have at most one entry in this file. If a role has no
|
|
|
30 |
# entry, it has no access.
|
|
|
31 |
# If multiple entries are found for the same role name, then the last access
|
|
|
32 |
# entry is used.
|
|
|
33 |
|
|
|
34 |
# Access rights granted to the authenticated identity by the RMI connector
|
|
|
35 |
# in this example.
|
|
|
36 |
#
|
|
|
37 |
admin readwrite
|
|
|
38 |
user readonly
|