[ https://issues.apache.org/jira/browse/ARTEMIS-4582?focusedWorklogId=905774&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-905774 ]
ASF GitHub Bot logged work on ARTEMIS-4582: ------------------------------------------- Author: ASF GitHub Bot Created on: 19/Feb/24 22:25 Start Date: 19/Feb/24 22:25 Worklog Time Spent: 10m Work Description: jbertram commented on PR #4820: URL: https://github.com/apache/activemq-artemis/pull/4820#issuecomment-1953228386 Couple of question... 1. One of the things that `management.xml` let you do was configure remote JMX connectivity. How do I do that with this? 2. One nice thing about `management.xml` is that you didn't have to muck around with system properties. Any chance this could be configured via `broker.xml` instead of `javax.management.builder.initial`? Perhaps a new `<management>` block would be useful here. 3. There is a fair bit of documentation about `management.xml` in `management.adoc`. Could you provide something analogous (or even more comprehensive) for this? A few simple use-cases with corresponding configuration would go a long way in helping users & developers understand how it works. 4. The existing default `management.xml` has recommended settings (e.g. read-only access to non-Artemis MBeans). I think we should have something similar for this as well. Is that possible? Issue Time Tracking ------------------- Worklog Id: (was: 905774) Time Spent: 20m (was: 10m) > add view and update permissions to augment the manage rbac for control > resources > -------------------------------------------------------------------------------- > > Key: ARTEMIS-4582 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4582 > Project: ActiveMQ Artemis > Issue Type: Improvement > Components: Broker, Configuration, JMX, Web Console > Affects Versions: 2.31.0 > Reporter: Gary Tully > Assignee: Gary Tully > Priority: Major > Time Spent: 20m > Remaining Estimate: 0h > > we have the manage permission that allows sending to the management address, > to access any control resource. We don't however distinguish what a user can > do. > We should segment control operations into categories: CRUD provides a basis > view for get/is (Read) > update for set or operations that mutate or modify. > We allow this sort of configuration via management.xml for jmx mbean access > but using a different model based on object name. > All of the mbeans delegate to the control resources. > If we add these two additional permissions then we can have a single rbac > model (that supports config reload) and more granularity on control resource > access from the management address. -- This message was sent by Atlassian Jira (v8.20.10#820010)