By default, if there's no ACL policy for a certain karaf command, this command is allowed to access
without the RBAC, this is convenient as normally we needn't add ACL files for all the karaf command, however, for some case we wanna the behavior to be opposite . We can change this behavior by introduce the following property,

karaf.secured.command.compulsory.roles=role1,role2...

which means if a karaf command has no corresponding ACL then access it must have one of the karaf.secured.command.compulsory.roles