JMRI® is...
DecoderPro®
A great tool for programming decoders, simplifying the job of configuring DCC decoders from your computer
PanelPro™
Design and Operate control panels that reflect the real-time state of your railroad and let you control it
DispatcherPro™
A system for Dispatching, grouping your Roster and Throttles
OperationsPro™
Build Trains from your Roster and print Train Manifests that detail the work your train crews will perform
SoundPro™
A set of tools for using Audio with JMRI
Cool Uses
People have used JMRI to do some great things for the model railroad community.
Our Gallery page highlights some of these.
Also, there are many apps with JMRI connections.
Tools
JMRI tools for working with your layout:
Layout Automation
Use JMRI to automate parts of your layout and operations:
Supported Hardware
Devices, command stations, networks, and protocols:
JMRI Setup and Installation
JMRI environments...

JMRI Help:

Contents Index
Glossary FAQ

Donate to JMRI.org

since 5.9.3

Permissions

Permissions is used to protect sensitive parts of JMRI, for example preventing the loading and storing of the table content and panels file by unauthorized users.

Settings

Edit ⇒ Preferences ⇒ Permissions has the configuration for the permission manager.

permissions preferences dialog

Options

Enable permission manager
If selected, the permission manager will be active. You need to restart JMRI for the login/logout menu items to be available on the File menu. By default, the permission manager is disabled.
Allow empty passwords
If selected, empty passwords are allowed. By default, empty passwords are not allowed.

Default users

The current default users are

UserPasswordRole
adminjmriAdministrator
guestGuest
remote guestRemote guest

These three users cannot be deleted. If you don't want to use the admin user, you can unselect all the roles. It will then not have any permissions at all.

New users will get the Standard user role when created.

Note that the guest and remote guest users cannot have a password.

Default permissions

The current permissions are

PermissionRoles with this permission as standard
Edit preferencesAdministrator
Edit permissionsAdministrator
Change user's own passwordAdministrator and Standard user
Load table content and panels fileAdministrator
Store table content and panels fileAdministrator

since 5.9.5Panels

The Panels permission can provide control of a set of panel actions.

The Panels permission is currently applied to all panels. Future changes will include the ability assign specific roles to a panel.

Default
Not implemented yet. When selected it defaults to None
None
Displays a panel with only Permission denied Login to view the panel".
View
Displays a panel. Clicking on the panel will display a Panel is read only dialog.
View and control
Not implemented yet. When selected it defaults to View, control and edit.
View, control and edit
Full access to the panel. This is the initial setting for all roles.

I have locked myself out! What do I do?

There are two options.

The simplest way is to delete the file .permissions.xml in the PREFERENCES folder. Note: This is the Settings Location in Help ⇒ File Locations.

By deleting the file, the permission configuration is removed.

The second option is to edit that file with a text editor or an xml editor. The beginning of the file looks like this:

<Permissions>
  <Settings>
    <Enabled>no</Enabled>
    <AllowEmptyPasswords>no</AllowEmptyPasswords>
  </Settings>
  ...
</Permissions>
      

Change <Enabled>yes</Enabled> to <Enabled>no</Enabled>. It disables permission checking but retains the permission configuration.

Securing the preferences

If an unauthorized user is able to delete or edit files on the computer running JMRI, he might be able to disable the permissions and then override them. See the section I have looked myself out! above.

If you want to protect from that, you could protect that file from being changed. On Linux, it can be done by changing the owner of the file to root and to have it read only for other users. This assumes that the OS user that runs JMRI does not have OS administrative authority.

sudo chown root ~/.jmri/.permissions.xml
sudo chmod 644 ~/.jmri/.permissions.xml
      

On Linux the .permissions.xml file can deleted even when write access is denied. To prevent this, the .jmri parent directory also needs to be protected. However, doing so can result in JMRI errors.

Connection failure during startup of JMRI

If JMRI is unable to connect to the layout during startup, a dialog is shown with the options Quit PanelPro, Continue and Edit connections. If the permission manager is enabled, a user with the Guest role probably doesn't have the permission to edit the connections. In this case, select Continue to start JMRI. When you do, a dialog will open with the message Permission denied. Ignore that, log in with an authorized user and then open the preferences. Now edit the connection.

Permission failure during PanelPro shutdown

The normal PanelPro shutdown process checks for changes that have not been stored. If change detection is enabled, changes have been made and the user is not authorized to store changes, a dialog is displayed.

abort shutdown question

If it is possible to login with the necessary authority, then click on Yes, login and do the store process. If not, click on No.

For production environments, change detection can be disabled. This will eliminate shutdown issues. See the Shutdown preference.