| # |
| |
| # Access control file for Remote JMX API access to MBeanServer resources. |
| # This file defines the allowed access for different roles. |
| |
| # The file format for the access file is syntactically the same as the |
| # Properties file format. The syntax is described in the Javadoc for |
| # java.util.Properties.load. |
| |
| # A typical access file has multiple lines, where each line is blank, |
| # a comment (like this one), or an access control entry. |
| |
| # An access control entry consists of a role name, and an associated access |
| # level. The role name is any string that does not itself contain spaces or |
| # tabs. It corresponds to an entry in the password file. The access level |
| # is one of the following: |
| # |
| # "readonly" grants access to read attributes of MBeans. |
| # For monitoring, this means that a remote client in this |
| # role can read measurements but cannot perform any action |
| # that changes the environment of the running program. |
| # |
| # "readwrite" grants access to read and write attributes of MBeans, to |
| # invoke operations on them, and to create or remove them. |
| # This access should be only granted to trusted clients, |
| # since they can potentially interfere with the smooth |
| # operation of a running program. |
| |
| # A given role should have at most one entry in this file. If a role has no |
| # entry, it has no access. |
| # If multiple entries are found for the same role name, then the last access |
| # entry is used. |
| |
| # Access rights granted to the authenticated identity by the RMI connector |
| # in this example. |
| # |
| admin readwrite |
| user readonly |