The management.xml file controls RBAC for *all* MBeans, not just those for
addresses. You can therefore take the name of the MBean and restrict method
and attribute access to whatever roles you like, e.g.:
<match domain="org.apache.activemq.artemis"
key="component=acceptors">
<access method="*" roles="amq"/>
</match>
With this configuration only users in the role "amq" will be allowed to do
anything with any acceptor.
Also, I noticed you sent this same question to the list yesterday. Please
don't send the same question to the list repeatedly. Thanks!
Justin
On Tue, Nov 8, 2022 at 10:14 AM Ekta Awasthi
<ekta.awas...@theodpcorp.com.invalid> wrote:
> Hello All,
>
> Seeking some guidance on how to revoke all the write access to Artemis
> Management Console(*Jolokia*). I understand we can control the rbac for
> the addresses by playing around in the management.xml but I am unable to
> determine on how to control the acceptors folder which includes the Artemis
> + cluster folder configuration from the management console (*Jolokia*).
> Recently, we had a team member who closed all the open sessions from
> management console by navigating to *acceptors* folder and under the
> *session* column, which caused a big outage for the company.
>
> We would like to completely revoke write access to acceptors folder +
> columns including Connections, sessions, consumers, etc so that no one can
> take any actions such as closing connections sessions.
>
>
>
>
> If anyone knows how to handle this, would really help us out. Thanks In
> advance.
>
> Thanks
> Ekta
>
> CONFIDENTIALITY NOTICE: The information contained in this email and
> attached document(s) may contain confidential information that is intended
> only for the addressee(s). If you are not the intended recipient, you are
> hereby advised that any disclosure, copying, distribution or the taking of
> any action in reliance upon the information is prohibited. If you have
> received this email in error, please immediately notify the sender and
> delete it from your system.
>
