2.3. Configuring Roles for the Administrative Protocols
Overview
By configuring each of the administrative functions to use a different role for authorization, you can provide fine grained control over who can monitor and manipulate running containers.
Administration protocols
You can independently configure roles for the following different administrative protocols:
- SSH (remote console login)
- JMX management
- Web console
Default role
The default role name for all of the administration protocols is set by the
karaf.admin.role
property in the Red Hat JBoss A-MQ's etc/system.properties
file. For example, the default setting of karaf.admin.role
is:
karaf.admin.role=admin
You have the option of overriding the default
admin
role set by karaf.admin.role
for each of the administrative protocols.
Changing the remote console's role
To override the default role for the remote console add a
sshRole
property to the org.apache.karaf.shell
PID. The following sets the role to admin
:
sshRole=admin
Changing the JMX role
To override the default role for JMX add a
jmxRole
property to the org.apache.karaf.management
PID. The following sets the role to jmx
:
jmxRole=jmx