OK, now I see that the JMX management docs are separate from the security docs. Sorry, the linking in the static docs version is confusing. I'll dig deeper.
Jan Šmucr DevOps Engineer Mobile +420 737 186 293 aimtecglobal.com -----Původní zpráva----- Od: Jan Šmucr <[email protected]> Odesláno: úterý 17. února 2026 10:10 Komu: [email protected] Kopie: Vilius Šumskas <[email protected]> Předmět: RE: Adding a JMX read-only user Dear Vilius, LLMs tend to be way better in understanding text and code. If they don't understand it, then chances are the text may be unclear to a mere human without an additional context. Which happens to be me. I did not understand it, nor did the LLM. Hence I ask here. This mailing list cannot handle screenshots, so to clarify: After opening jconsole, I can log in and see the MBeans tree. I then expand "org.apache.activemq.artemis" and "<server name>", and click the "Attributes" item. A table appears on the right side of the window, revealing all server-related attributes with their values stating "Unavailable", written in red. Steps that I had performed were listed in the previous e-mail. Given that I can log into the jconsole, the account has been set up properly to allow me for at least that. Since the documentation completely omits the basics, one of my attempts had to be intuitive, and that is to have the new "view" share its capabilities with the default "amq": <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <management-context xmlns="http://activemq.apache.org/schema";> <connector connector-port="1099"/> <authorisation> <allowlist> <entry domain="hawtio"/> </allowlist> <default-access> <access method="list*" roles="amq,view"/> <access method="get*" roles="amq,view"/> <access method="is*" roles="amq,view"/> </default-access> <role-access> <match domain="org.apache.activemq.artemis"> <access method="list*" roles="amq,view"/> <access method="get*" roles="amq,view"/> <access method="is*" roles="amq,view"/> <access method="set*" roles="amq,view"/> <access method="browse*" roles="amq,view"/> <access method="count*" roles="amq,view"/> <access method="*" roles="amq,view"/> </match> </role-access> </authorisation> </management-context> But not even this simple adjustment made any difference. Jan Šmucr DevOps Engineer Mobile +420 737 186 293 aimtecglobal.com -----Původní zpráva----- Od: Vilius Šumskas via users <[email protected]> Odesláno: úterý 17. února 2026 9:08 Komu: [email protected] Kopie: Vilius Šumskas <[email protected]> Předmět: RE: Adding a JMX read-only user And that‘s why you don‘t use generative AI tools to solve a deterministic problem. What specifically you didn’t understand on https://artemis.apache.org/components/artemis/documentation/latest/security.html ? Have you read the linking https://artemis.apache.org/components/artemis/documentation/latest/management.html#configuring-jmx ? If you want help on the mailing list, you need to be more specific what steps you tried and what was the end result (errors, screenshots, etc.) -- Vilius From: Jan Šmucr <[email protected]> Sent: Tuesday, February 17, 2026 9:32 AM To: [email protected] Subject: Adding a JMX read-only user Hello. I’d like to ask you for help with adding a user capable of monitoring basic attributes exposed by an Artemis instance. I couldn’t understand the documentation here: https://artemis.apache.org/components/artemis/documentation/latest/security.html I even had ChatGPT read it for me, and compose a step-by-step guide, but with no luck either. 1. I started with creating a new instance: apache-artemis-2.51.0/bin/artemis create '--name=test' '--host=0.0.0.0' '--http-host=0.0.0.0' '--relax-jolokia' '--require-login' '--user=admin' '--password=test' 'test' 2. I added a new “view = zabbix” role to etc/artemis-roles.properties 3. I added a new user “zabbix = ENC(…)” to etc/artemis-users.properties 4. Now I was able to log in using the jconsole, but I didn’t see any attribute values 5. I did many different attempts to adjust the role’s capabilities in etc/management.xml, but none of them got me anywhere What am I missing? TIA Jan Šmucr DevOps Engineer Integration Business Unit [cid:[email protected]] Aimtec U Prazdroje 2807/8, 301 00 Pilsen, Czech Republic Reception +420 377 225 215, Support +420 377 240 400 Mobile +420 737 186 293 aimtecglobal.com <https://hubs.la/H0JdDtt0> [cid:[email protected]]<https://www.facebook.com/aimtecCZ>[cid:[email protected]]<https://www.instagram.com/aimteclife/> [cid:[email protected]] <https://www.linkedin.com/company/aimtec-a-s-/> [cid:[email protected]] <https://www.youtube.com/channel/UCorq-8h-Q8WrTmQHo1gdD1Q> [cid:[email protected]]<https://hubs.la/Q03vLqWF0> --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] For further information, visit: https://activemq.apache.org/contact
