1. 使用add-user.bat / add-user.sh添加2个Management Users(myadmin和myuser)
2. 启动standalone.bat / standalone.sh, 通过myadmin登录控制台http://localhost:9990/console/App.html
3. 切换到Administration页面, 添加Users:
User: myadmin
Realm: ManagementRealm
Roles: Administrator
User: myuser
Realm: ManagementRealm
Roles: Monitor
4. 启动jboss-cli.bat / jboss-cli.sh, 输入connect localhost:9999后回车
5. 输入/core-service=management/access=authorization:write-attribute(name=provider, value=rbac)回车
或修改\jboss-eap-6.4\standalone\configuration\standalone.xml的<access-control provider="simple">改成<access-control provider="rbac">
<access-control provider="rbac">
<role-mapping>
<role name="SuperUser">
<include>
<user name="$local"/>
</include>
</role>
<role name="Administrator">
<include>
<user realm="ManagementRealm" name="myadmin"/>
</include>
</role>
<role name="Monitor">
<include>
<user realm="ManagementRealm" name="myuser"/>
</include>
</role>
</role-mapping>
</access-control>
6. 重启JBoss
myuser就只有只读权限
https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.2/html-single/Administration_and_Configuration_Guide/index.html#About_Role-Based_Access_Control_RBAC
https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.2/html-single/Security_Guide/index.html#sect-Configuring_Role-Based_Access_Control