6.4. Configuring Roles for the Administrative Protocols

By configuring each of the administrative functions to use a different role for authorization, you can provide fine grained control over who can monitor and manipulate running containers.

You can independently configure roles for the following different administrative protocols:

The default role name for all of the administration protocols is set by the karaf.admin.role property in the broker's etc/system.properties file. For example, the default setting of karaf.admin.role is:

karaf.admin.role=admin

karaf.admin.role=admin

You have the option of overriding the default admin role set by karaf.admin.role for each of the administrative protocols.

To override the default role for the remote console add a sshRole property to the etc/org.apache.karaf.shell.cfg file. The following sets the role to admin:

sshRole=admin

sshRole=admin

To override the default role for JMX add a jmxRole property to the etc/org.apache.karaf.management.cfg file.