This figure shows that when a JMX client attempts to change an MBean attribute or invoke an MBean operation that is secured by a JMX resource, the client must be authorized to access both the JMX resource as well as the MBean attribute itself.