1 ######################################################################
2 # Default Access Control File for Remote JMX(TM) Monitoring
3 ######################################################################
5 # Access control file for Remote JMX API access to monitoring.
6 # This file defines the allowed access for different roles. The
7 # password file (jmxremote.password by default) defines the roles and their
8 # passwords. To be functional, a role must have an entry in
9 # both the password and the access files.
11 # Default location of this file is $JRE/lib/management/jmxremote.access
12 # You can specify an alternate location by specifying a property in
13 # the management config file $JRE/lib/management/management.properties
14 # (See that file for details)
16 # The file format for password and access files is syntactically the same
17 # as the Properties file format. The syntax is described in the Javadoc
18 # for java.util.Properties.load.
19 # Typical access file has multiple lines, where each line is blank,
20 # a comment (like this one), or an access control entry.
22 # An access control entry consists of a role name, and an
23 # associated access level. The role name is any string that does not
24 # itself contain spaces or tabs. It corresponds to an entry in the
25 # password file (jmxremote.password). The access level is one of the
27 # "readonly" grants access to read attributes of MBeans.
28 # For monitoring, this means that a remote client in this
29 # role can read measurements but cannot perform any action
30 # that changes the environment of the running program.
31 # "readwrite" grants access to read and write attributes of MBeans,
32 # to invoke operations on them, and to create or remove them.
33 # This access should be granted to only trusted clients,
34 # since they can potentially interfere with the smooth
35 # operation of a running program
37 # A given role should have at most one entry in this file. If a role
38 # has no entry, it has no access.
39 # If multiple entries are found for the same role name, then the last
40 # access entry is used.
43 # Default access control entries:
44 # o The "monitorRole" role has readonly access.
45 # o The "controlRole" role has readwrite access.