Disabling privileges

Although the privilege subsystem in the server is a powerful feature, it might break some applications if they expect to perform an operation requiring a privilege that they do not have.

In the majority of these cases, you can assign the necessary privilege manually to the account used by that application. However, if this workaround isn’t sufficient, or if you need to remove a particular privilege, such as allowing anyone to access information through Java Management Extensions (JMX) without requiring the jmx-read privilege, then you can disable privileges on an individual basis.

The disabled-privilege property in the global configuration object controls the set of disabled privileges. By default, no privileges are disabled. If a privilege is disabled, then the server behaves as if all users have that privilege.