The JMX lets you set access rights for users in a file called jmxremote.access (you can find the template in <JAVA INSTALL>/jre/lib/management). In there you can specify for each user if the user has..
"readonly" grants access to read attributes of MBeans.
For monitoring, this means that a remote client in this
role can read measurements but cannot perform any action
that changes the environment of the running program.
or..
"readwrite" grants access to read and write attributes of MBeans,
to invoke operations on them, and optionally
to create or remove them. This access should be granted
only to trusted clients, since they can potentially
interfere with the smooth operation of a running program.
.. permissions.
Now, I'd like to activate this access control feature for the JXM user which I use via JMC to access the flight recorder data -- with the idea of giving this user as few rights as necessary, as per default security standard.
--> Is it enough to give the user readonly permissions or does the Java Flight Recorder also need to write stuff somewhere?
JFR needs some specific readwrite permissions:
your-role-name-goes-here readwrite \
create com.sun.management.*,com.oracle.jrockit.* \
unregister
Answer from: https://community.oracle.com/thread/2588377