By default, DiagnosticData is mapped to pegadiagnosticuser role within the application server.
When a user accesses the url which has call to DiagnosticData servlet, then basic authentication popup comes and when enter the credentials of pegadiagnosticuser role, then only you will be able to access the resources.
See web.xml in prweb application(inside prweb/WEB-INF)
Here is the servet mapping(default)
<description>A servlet used to serve files requested by a JMX client</description>