The management.xml file controls RBAC for *all* MBeans, not just those for addresses. You can therefore take the name of the MBean and restrict method and attribute access to whatever roles you like, e.g.:
<match domain="org.apache.activemq.artemis" key="component=acceptors"> <access method="*" roles="amq"/> </match> With this configuration only users in the role "amq" will be allowed to do anything with any acceptor. Also, I noticed you sent this same question to the list yesterday. Please don't send the same question to the list repeatedly. Thanks! Justin On Tue, Nov 8, 2022 at 10:14 AM Ekta Awasthi <ekta.awas...@theodpcorp.com.invalid> wrote: > Hello All, > > Seeking some guidance on how to revoke all the write access to Artemis > Management Console(*Jolokia*). I understand we can control the rbac for > the addresses by playing around in the management.xml but I am unable to > determine on how to control the acceptors folder which includes the Artemis > + cluster folder configuration from the management console (*Jolokia*). > Recently, we had a team member who closed all the open sessions from > management console by navigating to *acceptors* folder and under the > *session* column, which caused a big outage for the company. > > We would like to completely revoke write access to acceptors folder + > columns including Connections, sessions, consumers, etc so that no one can > take any actions such as closing connections sessions. > > > > > If anyone knows how to handle this, would really help us out. Thanks In > advance. > > Thanks > Ekta > > CONFIDENTIALITY NOTICE: The information contained in this email and > attached document(s) may contain confidential information that is intended > only for the addressee(s). If you are not the intended recipient, you are > hereby advised that any disclosure, copying, distribution or the taking of > any action in reliance upon the information is prohibited. If you have > received this email in error, please immediately notify the sender and > delete it from your system. >