• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1######################################################################
2#     Default Access Control File for Remote JMX(TM) Monitoring
3######################################################################
4#
5# Access control file for Remote JMX API access to monitoring.
6# This file defines the allowed access for different roles.  The
7# password file (jmxremote.password by default) defines the roles and their
8# passwords.  To be functional, a role must have an entry in
9# both the password and the access files.
10#
11# Default location of this file is $JRE/lib/management/jmxremote.access
12# You can specify an alternate location by specifying a property in
13# the management config file $JRE/lib/management/management.properties
14# (See that file for details)
15#
16# The file format for password and access files is syntactically the same
17# as the Properties file format.  The syntax is described in the Javadoc
18# for java.util.Properties.load.
19# Typical access file has multiple  lines, where each line is blank,
20# a comment (like this one), or an access control entry.
21#
22# An access control entry consists of a role name, and an
23# associated access level.  The role name is any string that does not
24# itself contain spaces or tabs.  It corresponds to an entry in the
25# password file (jmxremote.password).  The access level is one of the
26# following:
27#       "readonly" grants access to read attributes of MBeans.
28#                   For monitoring, this means that a remote client in this
29#                   role can read measurements but cannot perform any action
30#                   that changes the environment of the running program.
31#       "readwrite" grants access to read and write attributes of MBeans,
32#                   to invoke operations on them, and to create or remove them.
33#		    This access should be granted to only trusted clients,
34#                   since they can potentially interfere with the smooth
35#		    operation of a running program
36#
37# A given role should have at most one entry in this file.  If a role
38# has no entry, it has no access.
39# If multiple entries are found for the same role name, then the last
40# access entry is used.
41#
42#
43# Default access control entries:
44# o The "monitorRole" role has readonly access.
45# o The "controlRole" role has readwrite access.
46#
47# monitorRole   readonly
48# controlRole   readwrite
49
50guest   readonly
51admin   readwrite
52