# This file is used if the PropertiesUsernameRolesLoginModule is used
# as a delegate in the JAAS configuration *and* the 'roles.properties' option
# has not been specified for the login module.
#
# If that is the case, this file does two things:
#    1.  It maps user names to roles.
#    2.  Defines an optional recursive set of roles. This is useful in order to
#        define role sets. Users can then be members of such defined role sets.
#        Note that every line which does not have a user name (as defined in the
#        corresponding users.properties file) on the left hand side of the
#        equals sign ('='), represents a role.
#
# A user is assigned multiple roles by separating them by a comma ','. Every
# entity in this file which isn't a user name, will be implicitly defined as a
# role.
#
# Format is as follows:
#
# user1 = my-role, my-role2
# user2 = new-role, role1
# role1 = other-role
#
# Considering users 'user1' and 'user2' are defined in users.properties, the
# above would assign 'user1' the roles 'my-role' and 'my-role2'. 'user2' would
# be a member of 'new-role', 'role1' and 'other-role' (transitively via role1)
#
#
#
# Example recursive role definition allowed-to-do-everything agent-users. You
# can uncomment the following lines and assign your agent users this
# "thermostat-agent" role.
#thermostat-agent = thermostat-cmdc-verify, \
#                   thermostat-login, \
#                   thermostat-prepare-statement, \
#                   thermostat-purge, \
#                   thermostat-register-category, \
#                   thermostat-realm, \
#                   thermostat-save-file, \
#                   thermostat-write
#
# Example recursive role definition for allowed-to-see-everything client-users.
# You may uncomment the following lines and assign your client users this
# "thermostat-client" role.
#thermostat-client = thermostat-agents-grant-read-agentId-ALL, \
#                    thermostat-cmdc-generate, \
#                    thermostat-hosts-grant-read-hostname-ALL, \
#                    thermostat-load-file, \
#                    thermostat-login, \
#                    thermostat-prepare-statement, \
#                    thermostat-query, \
#                    thermostat-realm, \
#                    thermostat-register-category, \
#                    thermostat-vms-grant-read-username-ALL, \
#                    thermostat-vms-grant-read-vmId-ALL
#
# Example recursive role definition which allows thermostat users to
# use the clean-data command, which may perform global delete operations.
# Consider assigning this role to client users if they need to use the
# clean-data command. Note that other roles for thermostat client users
# grant read-only access - at various levels - only.
#thermostat-cmd-clean-data = thermostat-purge
#
# Example recursive role definition that grants all command channel privileges.
# You may uncomment the following lines and assign your client users this
# "thermostat-cmdc" role.
#thermostat-cmdc = thermostat-cmdc-grant-garbage-collect, \
#                  thermostat-cmdc-grant-dump-heap, \
#                  thermostat-cmdc-grant-thread-harvester, \
#                  thermostat-cmdc-grant-killvm, \
#                  thermostat-cmdc-grant-ping, \
#                  thermostat-cmdc-grant-jmx-toggle-notifications