I see the same behavior. This looks like a bug. I think all the list, fetch, show, etc. operations should be allowed to a read-only user.
The ReadOpFileAccessController should be controlling access to these operations using: invoke(ObjectName name, String operationName, Object params[], String signature[]) That method compares the input operationName to a regular expression of allowed read-only operations, but it always fails because the input operation is 'processCommand' instead of 'list members' (for example). The first argument to the params is the real operation. I tried a quick hack that used params[0] instead of operationName, and it worked ok. I'll file a bug on this issue. Thanks, Barry Oglesby On Tue, Aug 16, 2016 at 10:33 AM, Nikhil Chandrappa <nchandra...@pivotal.io> wrote: > Hi, > > I am working on enabling authentication for JMX manager. I have a user > "gemfireuser" and configured readonly access to it. > > I have configured the property jmx-manager-access-file and have the > following configuration in accessfile > > #gemfireuser has readonly access > gemfireuser readonly > > I logged into gfsh as gemfireuser. When I try to execute commands like > list regions, list members or run an OQL query, I get access denied > exception. > > I am wondering what access permission does a user with "readonly" access > have. > > Thanks, > Nikhil > > -- > > *Nikhil Chandrappa *| Data Engineer | New York > > (315) 396 - 3789 | nchandra...@pivotal.io | Pivotal Software Inc. > <http://www.pivotal.io/> >
