Red Hat Training
A Red Hat training course is available for Red Hat JBoss Enterprise Application Platform
6.7. About JMX and Role-Based Access Control
Role-Based Access Control applies to JMX in three ways:
- The Management API of JBoss EAP 6 is exposed as JMX Management Beans. These Management Beans are referred to as "core mbeans" and access to them is controlled and filtered exactly the same as the underlying Management API itself.
- The JMX subsystem is configured with write permissions being "sensitive". This means only users of the Administrator and SuperUser roles can make changes to that subsystem. Users of the Auditor role can also read this subsystem configuration.
- By default Management Beans registered by deployed applications and services (non-core mbeans) can be accessed by all management users, but only users of the Maintainer, Operator, Administrator, SuperUser roles can write to them.
Note
Users can receive JMX notifications from a JMX client, such as jconsole. This feature is limited to local JMX connections. The JMX client must be connected either inside the same JVM as the application server, or on the same machine and use the Attach agent to connect to the application server (as jconsole does). JMX notifications for MBean registration/unregistration and attribute value changes are now also generated for MBeans in jboss.as and jboss.as.expr domains.
