Home | History | Annotate | Download | only in etc 
      1 ######################################################################
      2 #     Default Access Control File for Remote JMX(TM) Monitoring
      3 ######################################################################
      4 #
      5 # Access control file for Remote JMX API access to monitoring.
      6 # This file defines the allowed access for different roles.  The
      7 # password file (jmxremote.password by default) defines the roles and their
      8 # passwords.  To be functional, a role must have an entry in
      9 # both the password and the access files.
     10 #
     11 # Default location of this file is $JRE/lib/management/jmxremote.access
     12 # You can specify an alternate location by specifying a property in 
     13 # the management config file $JRE/lib/management/management.properties
     14 # (See that file for details)
     15 #
     16 # The file format for password and access files is syntactically the same
     17 # as the Properties file format.  The syntax is described in the Javadoc
     18 # for java.util.Properties.load.
     19 # Typical access file has multiple  lines, where each line is blank,
     20 # a comment (like this one), or an access control entry.
     21 #
     22 # An access control entry consists of a role name, and an
     23 # associated access level.  The role name is any string that does not
     24 # itself contain spaces or tabs.  It corresponds to an entry in the
     25 # password file (jmxremote.password).  The access level is one of the
     26 # following:
     27 #       "readonly" grants access to read attributes of MBeans.
     28 #                   For monitoring, this means that a remote client in this
     29 #                   role can read measurements but cannot perform any action
     30 #                   that changes the environment of the running program.
     31 #       "readwrite" grants access to read and write attributes of MBeans,
     32 #                   to invoke operations on them, and to create or remove them.
     33 #		    This access should be granted to only trusted clients, 
     34 #                   since they can potentially interfere with the smooth
     35 #		    operation of a running program 
     36 #
     37 # A given role should have at most one entry in this file.  If a role
     38 # has no entry, it has no access.
     39 # If multiple entries are found for the same role name, then the last
     40 # access entry is used.
     41 #
     42 #
     43 # Default access control entries:
     44 # o The "monitorRole" role has readonly access.  
     45 # o The "controlRole" role has readwrite access.
     46 #
     47 # monitorRole   readonly
     48 # controlRole   readwrite
     49 
     50 guest   readonly
     51 admin   readwrite
     52