You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by rl...@apache.org on 2015/11/18 19:43:08 UTC
[4/4] ambari git commit: AMBARI-13865. Add authorizations to
permissions so that the definition of a permission (or role) is explicit
(rlevas)
AMBARI-13865. Add authorizations to permissions so that the definition of a permission (or role) is explicit (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/d08107d7
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/d08107d7
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/d08107d7
Branch: refs/heads/trunk
Commit: d08107d70a71932a92fb9b7dc0b7652f0c365be7
Parents: 58b598a
Author: Robert Levas <rl...@hortonworks.com>
Authored: Wed Nov 18 13:42:51 2015 -0500
Committer: Robert Levas <rl...@hortonworks.com>
Committed: Wed Nov 18 13:42:58 2015 -0500
----------------------------------------------------------------------
.../api/services/RoleAuthorizationService.java | 6 +
.../api/services/UserAuthorizationService.java | 7 +
.../RoleAuthorizationResourceProvider.java | 160 +---------
.../UserAuthorizationResourceProvider.java | 154 +--------
.../server/orm/dao/RoleAuthorizationDAO.java | 67 ++++
.../server/orm/entities/PermissionEntity.java | 44 ++-
.../orm/entities/RoleAuthorizationEntity.java | 114 +++++++
.../server/upgrade/UpgradeCatalog220.java | 224 ++++++++++++-
.../main/resources/Ambari-DDL-MySQL-CREATE.sql | 234 +++++++++++++-
.../main/resources/Ambari-DDL-Oracle-CREATE.sql | 234 +++++++++++++-
.../resources/Ambari-DDL-Postgres-CREATE.sql | 234 +++++++++++++-
.../Ambari-DDL-Postgres-EMBEDDED-CREATE.sql | 236 +++++++++++++-
.../resources/Ambari-DDL-SQLAnywhere-CREATE.sql | 236 +++++++++++++-
.../resources/Ambari-DDL-SQLServer-CREATE.sql | 231 +++++++++++++-
.../src/main/resources/META-INF/persistence.xml | 1 +
.../services/RoleAuthorizationServiceTest.java | 86 +++++
.../services/UserAuthorizationServiceTest.java | 87 +++++
.../RoleAuthorizationResourceProviderTest.java | 202 ++++++++++++
.../UserAuthorizationResourceProviderTest.java | 315 +++++++++++++++++++
.../server/upgrade/UpgradeCatalog220Test.java | 185 ++++++++---
20 files changed, 2716 insertions(+), 341 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/d08107d7/ambari-server/src/main/java/org/apache/ambari/server/api/services/RoleAuthorizationService.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/services/RoleAuthorizationService.java b/ambari-server/src/main/java/org/apache/ambari/server/api/services/RoleAuthorizationService.java
index 082200d..60f8a36 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/api/services/RoleAuthorizationService.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/api/services/RoleAuthorizationService.java
@@ -32,6 +32,12 @@ import javax.ws.rs.core.UriInfo;
import java.util.HashMap;
import java.util.Map;
+/**
+ * RoleAuthorizationService is a read-only service responsible for role authorization resource requests.
+ * <p/>
+ * The result sets returned by this service are either the full set of available authorizations or
+ * those related to a particular permission.
+ */
@Path("/authorizations/")
public class RoleAuthorizationService extends BaseService {
private String permissionId;
http://git-wip-us.apache.org/repos/asf/ambari/blob/d08107d7/ambari-server/src/main/java/org/apache/ambari/server/api/services/UserAuthorizationService.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/services/UserAuthorizationService.java b/ambari-server/src/main/java/org/apache/ambari/server/api/services/UserAuthorizationService.java
index d6ee2fc..6861d3d 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/api/services/UserAuthorizationService.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/api/services/UserAuthorizationService.java
@@ -32,6 +32,13 @@ import javax.ws.rs.core.UriInfo;
import java.util.HashMap;
import java.util.Map;
+/**
+ * UserAuthorizationService is a read-only service responsible for user authorization resource requests.
+ * <p/>
+ * The result sets returned by this service represent the set of authorizations assigned to a given user.
+ * Authorizations are tied to a resource, so a user may have the multiple authorization entries for the
+ * same authorization id (for example VIEW.USE), however each will represnet a different view instance.
+ */
public class UserAuthorizationService extends BaseService {
/**
http://git-wip-us.apache.org/repos/asf/ambari/blob/d08107d7/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RoleAuthorizationResourceProvider.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RoleAuthorizationResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RoleAuthorizationResourceProvider.java
index 82981a9..1b08d85 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RoleAuthorizationResourceProvider.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RoleAuthorizationResourceProvider.java
@@ -30,7 +30,9 @@ import org.apache.ambari.server.controller.spi.Resource.Type;
import org.apache.ambari.server.controller.spi.SystemException;
import org.apache.ambari.server.controller.spi.UnsupportedPropertyException;
import org.apache.ambari.server.controller.utilities.PropertyHelper;
+import org.apache.ambari.server.orm.dao.RoleAuthorizationDAO;
import org.apache.ambari.server.orm.dao.PermissionDAO;
+import org.apache.ambari.server.orm.entities.RoleAuthorizationEntity;
import org.apache.ambari.server.orm.entities.PermissionEntity;
import org.apache.commons.lang.StringUtils;
@@ -79,10 +81,16 @@ public class RoleAuthorizationResourceProvider extends ReadOnlyResourceProvider
}
/**
+ * Data access object used to obtain authorization entities.
+ */
+ @Inject
+ private static RoleAuthorizationDAO roleAuthorizationDAO;
+
+ /**
* Data access object used to obtain permission entities.
*/
@Inject
- protected static PermissionDAO permissionDAO;
+ private static PermissionDAO permissionDAO;
/**
* Create a new resource provider.
@@ -127,39 +135,25 @@ public class RoleAuthorizationResourceProvider extends ReadOnlyResourceProvider
}
if (permissionId == null) {
- // TODO: ** This is stubbed out until the data layer catches up...
- // TODO: entities = roleAuthorizationDAO.findAll();
- authorizationEntities = createAdminAuthorizations();
+ authorizationEntities = roleAuthorizationDAO.findAll();
} else {
PermissionEntity permissionEntity = permissionDAO.findById(permissionId);
- if(permissionEntity == null)
+ if (permissionEntity == null) {
authorizationEntities = null;
- else
- {
- // TODO: ** This is stubbed out until the data layer catches up...
- // TODO: authorizationEntities = (permissionEntity == null)
- // TODO: ? null
- // TODO: : permissionEntity.getAuthorizations();
- String permissionName = permissionEntity.getPermissionName();
- if (permissionName.startsWith("AMBARI")) {
- authorizationEntities = createAdminAuthorizations();
- } else if (permissionName.startsWith("CLUSTER")) {
- authorizationEntities = createOperatorAuthorizations();
- } else {
- authorizationEntities = null;
- }
+ } else {
+ authorizationEntities = permissionEntity.getAuthorizations();
}
}
if (authorizationEntities != null) {
String authorizationId = (String) propertyMap.get(AUTHORIZATION_ID_PROPERTY_ID);
- if(!StringUtils.isEmpty(authorizationId)) {
+ if (!StringUtils.isEmpty(authorizationId)) {
// Filter the entities
Iterator<RoleAuthorizationEntity> iterator = authorizationEntities.iterator();
- while(iterator.hasNext()) {
- if(!authorizationId.equals(iterator.next().getAuthorizationId())) {
+ while (iterator.hasNext()) {
+ if (!authorizationId.equals(iterator.next().getAuthorizationId())) {
iterator.remove();
}
}
@@ -190,130 +184,10 @@ public class RoleAuthorizationResourceProvider extends ReadOnlyResourceProvider
private Resource toResource(Integer permissionId, RoleAuthorizationEntity entity, Set<String> requestedIds) {
Resource resource = new ResourceImpl(Type.RoleAuthorization);
setResourceProperty(resource, AUTHORIZATION_ID_PROPERTY_ID, entity.getAuthorizationId(), requestedIds);
- if(permissionId != null) {
+ if (permissionId != null) {
setResourceProperty(resource, PERMISSION_ID_PROPERTY_ID, permissionId, requestedIds);
}
setResourceProperty(resource, AUTHORIZATION_NAME_PROPERTY_ID, entity.getAuthorizationName(), requestedIds);
return resource;
}
-
- /**
- * Fills RoleAuthorizationEntities for an administrator user
- * <p/>
- * This is a temporary method until the data layer catches up
- * <p/>
- * TODO: Remove when the data later catches up
- *
- * @return an array of RoleAuthorizationEntity objects
- */
- private Collection<RoleAuthorizationEntity> createAdminAuthorizations() {
- Collection<RoleAuthorizationEntity> authorizationEntities = new ArrayList<RoleAuthorizationEntity>();
- authorizationEntities.add(new RoleAuthorizationEntity("VIEW.USE", "Use View"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_METRICS", "View metrics"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_STATUS_INFO", "View status information"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_CONFIGS", "View configurations"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.COMPARE_CONFIGS", "Compare configurations"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_ALERTS", "View service alerts"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.START_STOP", "Start/Stop/Restart Service"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.DECOMMISSION_RECOMMISSION", "Decommission/recommission"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.RUN_SERVICE_CHECK", "Run service checks"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.TOGGLE_MAINTENANCE", "Turn on/off maintenance mode"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.RUN_CUSTOM_COMMAND", "Perform service-specific tasks"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.MODIFY_CONFIGS", "Modify configurations"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.MANAGE_CONFIG_GROUPS", "Manage configuration groups"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.MOVE", "Move to another host"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.ENABLE_HA", "Enable HA"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.TOGGLE_ALERTS", "Enable/disable service alerts"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.ADD_DELETE_SERVICES", "Add Service to cluster"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.VIEW_METRICS", "View metrics"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.VIEW_STATUS_INFO", "View status information"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.VIEW_CONFIGS", "View configuration"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.COMPARE_CONFIGS", "Turn on/off maintenance mode"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.ADD_DELETE_COMPONENTS", "Install components"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.ADD_DELETE_HOSTS", "Add/Delete hosts"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_METRICS", "View metrics"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_STATUS_INFO", "View status information"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_CONFIGS", "View configuration"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_STACK_DETAILS", "View stack version details"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_ALERTS", "View alerts"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.TOGGLE_ALERTS", "Enable/disable alerts"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.TOGGLE_KERBEROS", "Enable/disable Kerberos"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.UPGRADE_DOWNGRADE_STACK", "Upgrade/downgrade stack"));
- authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.ADD_DELETE_CLUSTERS", "Create new clusters"));
- authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.SET_SERVICE_USERS_GROUPS", "Set service users and groups"));
- authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.RENAME_CLUSTER", "Rename clusters"));
- authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.MANAGE_USERS", "Manage users"));
- authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.MANAGE_GROUPS", "Manage groups"));
- authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.MANAGE_VIEWS", "Manage Ambari Views"));
- authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.ASSIGN_ROLES", "Assign roles"));
- authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.MANAGE_STACK_VERSIONS", "Manage stack versions"));
- authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.EDIT_STACK_REPOS", "Edit stack repository URLs"));
- return authorizationEntities;
- }
-
- /**
- * Fills RoleAuthorizationEntities for an administrator user
- * <p/>
- * This is a temporary method until the data layer catches up
- * <p/>
- * TODO: Remove when the data later catches up
- *
- * @return an array of RoleAuthorizationEntity objects
- */
- private Collection<RoleAuthorizationEntity> createOperatorAuthorizations() {
- Collection<RoleAuthorizationEntity> authorizationEntities = new ArrayList<RoleAuthorizationEntity>();
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_METRICS", "View metrics"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_STATUS_INFO", "View status information"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_CONFIGS", "View configurations"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.COMPARE_CONFIGS", "Compare configurations"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_ALERTS", "View service alerts"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.START_STOP", "Start/Stop/Restart Service"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.DECOMMISSION_RECOMMISSION", "Decommission/recommission"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.RUN_SERVICE_CHECK", "Run service checks"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.TOGGLE_MAINTENANCE", "Turn on/off maintenance mode"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.RUN_CUSTOM_COMMAND", "Perform service-specific tasks"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.MODIFY_CONFIGS", "Modify configurations"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.MANAGE_CONFIG_GROUPS", "Manage configuration groups"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.MOVE", "Move to another host"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.ENABLE_HA", "Enable HA"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.TOGGLE_ALERTS", "Enable/disable service alerts"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.ADD_DELETE_SERVICES", "Add Service to cluster"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.VIEW_METRICS", "View metrics"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.VIEW_STATUS_INFO", "View status information"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.VIEW_CONFIGS", "View configuration"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.COMPARE_CONFIGS", "Turn on/off maintenance mode"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.ADD_DELETE_COMPONENTS", "Install components"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.ADD_DELETE_HOSTS", "Add/Delete hosts"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_METRICS", "View metrics"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_STATUS_INFO", "View status information"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_CONFIGS", "View configuration"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_STACK_DETAILS", "View stack version details"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_ALERTS", "View alerts"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.TOGGLE_ALERTS", "Enable/disable alerts"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.TOGGLE_KERBEROS", "Enable/disable Kerberos"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.UPGRADE_DOWNGRADE_STACK", "Upgrade/downgrade stack"));
- return authorizationEntities;
- }
-
- /**
- * RoleAuthorizationEntity is a stubbed out Entity class to be replaced by a real Entity class
- * TODO: Replace with real RoleAuthorizationEntity class when the data later catches up
- */
- private static class RoleAuthorizationEntity {
- private final String authorizationId;
- private final String authorizationName;
-
- private RoleAuthorizationEntity(String authorizationId, String authorizationName) {
- this.authorizationId = authorizationId;
- this.authorizationName = authorizationName;
- }
-
- public String getAuthorizationId() {
- return authorizationId;
- }
-
- public String getAuthorizationName() {
- return authorizationName;
- }
- }
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/d08107d7/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserAuthorizationResourceProvider.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserAuthorizationResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserAuthorizationResourceProvider.java
index ec686e5..15aa0ec 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserAuthorizationResourceProvider.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserAuthorizationResourceProvider.java
@@ -38,6 +38,7 @@ import org.apache.ambari.server.orm.dao.PermissionDAO;
import org.apache.ambari.server.orm.dao.ResourceTypeDAO;
import org.apache.ambari.server.orm.entities.PermissionEntity;
import org.apache.ambari.server.orm.entities.ResourceTypeEntity;
+import org.apache.ambari.server.orm.entities.RoleAuthorizationEntity;
import java.util.ArrayList;
import java.util.Collection;
@@ -97,13 +98,13 @@ public class UserAuthorizationResourceProvider extends ReadOnlyResourceProvider
* Data access object used to obtain permission entities.
*/
@Inject
- protected static PermissionDAO permissionDAO;
+ private static PermissionDAO permissionDAO;
/**
* Data access object used to obtain resource type entities.
*/
@Inject
- protected static ResourceTypeDAO resourceTypeDAO;
+ private static ResourceTypeDAO resourceTypeDAO;
/**
* The ClusterController user to get access to other resource providers
@@ -149,17 +150,7 @@ public class UserAuthorizationResourceProvider extends ReadOnlyResourceProvider
if (permissionEntity == null) {
authorizationEntities = null;
} else {
- // TODO: ** This is stubbed out until the data layer catches up...
- // TODO: authorizationEntities = permissionEntity.getAuthorizations();
- if (permissionName.startsWith("AMBARI")) {
- authorizationEntities = createAdminAuthorizations();
- } else if (permissionName.startsWith("CLUSTER")) {
- authorizationEntities = createOperatorAuthorizations();
- } else if (permissionName.startsWith("VIEW")) {
- authorizationEntities = createViewUserAuthorizations();
- } else {
- authorizationEntities = null;
- }
+ authorizationEntities = permissionEntity.getAuthorizations();
}
if (authorizationEntities != null) {
@@ -296,141 +287,4 @@ public class UserAuthorizationResourceProvider extends ReadOnlyResourceProvider
resources.add(resource);
}
}
-
-
- /**
- * Fills RoleAuthorizationEntities for an administrator user
- * <p/>
- * This is a temporary method until the data layer catches up
- * <p/>
- * TODO: Remove when the data later catches up
- *
- * @return an array of RoleAuthorizationEntity objects
- */
- private Collection<RoleAuthorizationEntity> createAdminAuthorizations() {
- Collection<RoleAuthorizationEntity> authorizationEntities = new ArrayList<RoleAuthorizationEntity>();
- authorizationEntities.add(new RoleAuthorizationEntity("VIEW.USE", "Use View"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_METRICS", "View metrics"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_STATUS_INFO", "View status information"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_CONFIGS", "View configurations"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.COMPARE_CONFIGS", "Compare configurations"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_ALERTS", "View service alerts"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.START_STOP", "Start/Stop/Restart Service"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.DECOMMISSION_RECOMMISSION", "Decommission/recommission"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.RUN_SERVICE_CHECK", "Run service checks"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.TOGGLE_MAINTENANCE", "Turn on/off maintenance mode"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.RUN_CUSTOM_COMMAND", "Perform service-specific tasks"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.MODIFY_CONFIGS", "Modify configurations"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.MANAGE_CONFIG_GROUPS", "Manage configuration groups"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.MOVE", "Move to another host"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.ENABLE_HA", "Enable HA"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.TOGGLE_ALERTS", "Enable/disable service alerts"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.ADD_DELETE_SERVICES", "Add Service to cluster"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.VIEW_METRICS", "View metrics"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.VIEW_STATUS_INFO", "View status information"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.VIEW_CONFIGS", "View configuration"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.COMPARE_CONFIGS", "Turn on/off maintenance mode"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.ADD_DELETE_COMPONENTS", "Install components"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.ADD_DELETE_HOSTS", "Add/Delete hosts"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_METRICS", "View metrics"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_STATUS_INFO", "View status information"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_CONFIGS", "View configuration"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_STACK_DETAILS", "View stack version details"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_ALERTS", "View alerts"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.TOGGLE_ALERTS", "Enable/disable alerts"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.TOGGLE_KERBEROS", "Enable/disable Kerberos"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.UPGRADE_DOWNGRADE_STACK", "Upgrade/downgrade stack"));
- authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.ADD_DELETE_CLUSTERS", "Create new clusters"));
- authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.SET_SERVICE_USERS_GROUPS", "Set service users and groups"));
- authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.RENAME_CLUSTER", "Rename clusters"));
- authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.MANAGE_USERS", "Manage users"));
- authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.MANAGE_GROUPS", "Manage groups"));
- authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.MANAGE_VIEWS", "Manage Ambari Views"));
- authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.ASSIGN_ROLES", "Assign roles"));
- authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.MANAGE_STACK_VERSIONS", "Manage stack versions"));
- authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.EDIT_STACK_REPOS", "Edit stack repository URLs"));
- return authorizationEntities;
- }
-
- /**
- * Fills RoleAuthorizationEntities for an administrator user
- * <p/>
- * This is a temporary method until the data layer catches up
- * <p/>
- * TODO: Remove when the data later catches up
- *
- * @return an array of RoleAuthorizationEntity objects
- */
- private Collection<RoleAuthorizationEntity> createOperatorAuthorizations() {
- Collection<RoleAuthorizationEntity> authorizationEntities = new ArrayList<RoleAuthorizationEntity>();
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_METRICS", "View metrics"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_STATUS_INFO", "View status information"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_CONFIGS", "View configurations"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.COMPARE_CONFIGS", "Compare configurations"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_ALERTS", "View service alerts"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.START_STOP", "Start/Stop/Restart Service"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.DECOMMISSION_RECOMMISSION", "Decommission/recommission"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.RUN_SERVICE_CHECK", "Run service checks"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.TOGGLE_MAINTENANCE", "Turn on/off maintenance mode"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.RUN_CUSTOM_COMMAND", "Perform service-specific tasks"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.MODIFY_CONFIGS", "Modify configurations"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.MANAGE_CONFIG_GROUPS", "Manage configuration groups"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.MOVE", "Move to another host"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.ENABLE_HA", "Enable HA"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.TOGGLE_ALERTS", "Enable/disable service alerts"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.ADD_DELETE_SERVICES", "Add Service to cluster"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.VIEW_METRICS", "View metrics"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.VIEW_STATUS_INFO", "View status information"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.VIEW_CONFIGS", "View configuration"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.COMPARE_CONFIGS", "Turn on/off maintenance mode"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.ADD_DELETE_COMPONENTS", "Install components"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.ADD_DELETE_HOSTS", "Add/Delete hosts"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_METRICS", "View metrics"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_STATUS_INFO", "View status information"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_CONFIGS", "View configuration"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_STACK_DETAILS", "View stack version details"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_ALERTS", "View alerts"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.TOGGLE_ALERTS", "Enable/disable alerts"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.TOGGLE_KERBEROS", "Enable/disable Kerberos"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.UPGRADE_DOWNGRADE_STACK", "Upgrade/downgrade stack"));
- return authorizationEntities;
- }
-
- /**
- * Fills RoleAuthorizationEntities for a view user
- * <p/>
- * This is a temporary method until the data layer catches up
- * <p/>
- * TODO: Remove when the data later catches up
- *
- * @return an array of RoleAuthorizationEntity objects
- */
- private Collection<RoleAuthorizationEntity> createViewUserAuthorizations() {
- Collection<RoleAuthorizationEntity> authorizationEntities = new ArrayList<RoleAuthorizationEntity>();
- authorizationEntities.add(new RoleAuthorizationEntity("VIEW.USE", "Use View"));
- return authorizationEntities;
- }
-
-
- /**
- * RoleAuthorizationEntity is a stubbed out Entity class to be replaced by a real Entity class
- * TODO: Replace with real RoleAuthorizationEntity class when the data later catches up
- */
- private static class RoleAuthorizationEntity {
- private final String authorizationId;
- private final String authorizationName;
-
- private RoleAuthorizationEntity(String authorizationId, String authorizationName) {
- this.authorizationId = authorizationId;
- this.authorizationName = authorizationName;
- }
-
- public String getAuthorizationId() {
- return authorizationId;
- }
-
- public String getAuthorizationName() {
- return authorizationName;
- }
- }
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/d08107d7/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/RoleAuthorizationDAO.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/RoleAuthorizationDAO.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/RoleAuthorizationDAO.java
new file mode 100644
index 0000000..e549416
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/RoleAuthorizationDAO.java
@@ -0,0 +1,67 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing authorizations and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.orm.dao;
+
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+import com.google.inject.Singleton;
+import org.apache.ambari.server.orm.RequiresSession;
+import org.apache.ambari.server.orm.entities.RoleAuthorizationEntity;
+
+import javax.persistence.EntityManager;
+import javax.persistence.TypedQuery;
+import java.util.List;
+
+/**
+ * Authorization (definition) Data Access Object.
+ */
+@Singleton
+public class RoleAuthorizationDAO {
+
+ /**
+ * JPA entity manager
+ */
+ @Inject
+ Provider<EntityManager> entityManagerProvider;
+
+ @Inject
+ DaoUtils daoUtils;
+
+ /**
+ * Find a authorization entity with the given id.
+ *
+ * @param id type id
+ * @return a matching authorization entity or null
+ */
+ @RequiresSession
+ public RoleAuthorizationEntity findById(String id) {
+ return entityManagerProvider.get().find(RoleAuthorizationEntity.class, id);
+ }
+
+ /**
+ * Find all authorization entities.
+ *
+ * @return all entities or an empty List
+ */
+ @RequiresSession
+ public List<RoleAuthorizationEntity> findAll() {
+ TypedQuery<RoleAuthorizationEntity> query = entityManagerProvider.get().createNamedQuery("findAll", RoleAuthorizationEntity.class);
+ return daoUtils.selectList(query);
+ }
+}
http://git-wip-us.apache.org/repos/asf/ambari/blob/d08107d7/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PermissionEntity.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PermissionEntity.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PermissionEntity.java
index 976aecc..a692730 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PermissionEntity.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PermissionEntity.java
@@ -1,4 +1,4 @@
-/**
+/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
@@ -26,9 +26,12 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.JoinColumn;
import javax.persistence.JoinColumns;
+import javax.persistence.JoinTable;
+import javax.persistence.ManyToMany;
import javax.persistence.ManyToOne;
import javax.persistence.Table;
import javax.persistence.TableGenerator;
+import java.util.Collection;
/**
* Represents an admin permission.
@@ -38,7 +41,7 @@ import javax.persistence.TableGenerator;
@TableGenerator(name = "permission_id_generator",
table = "ambari_sequences", pkColumnName = "sequence_name", valueColumnName = "sequence_value"
, pkColumnValue = "permission_id_seq"
- , initialValue = 5
+ , initialValue = 8
)
public class PermissionEntity {
@@ -85,6 +88,20 @@ public class PermissionEntity {
})
private ResourceTypeEntity resourceType;
+ /**
+ * The set of authorizations related to this permission.
+ *
+ * This value declares the granular details for which operations this PermissionEntity grants
+ * access.
+ */
+ @ManyToMany
+ @JoinTable(
+ name = "permission_roleauthorization",
+ joinColumns = {@JoinColumn(name = "permission_id")},
+ inverseJoinColumns = {@JoinColumn(name = "authorization_id")}
+ )
+ private Collection<RoleAuthorizationEntity> authorizations;
+
// ----- PermissionEntity ---------------------------------------------------
@@ -160,8 +177,25 @@ public class PermissionEntity {
this.resourceType = resourceType;
}
+ /**
+ * Gets the collection of granular authorizations for this PermissionEntity
+ *
+ * @return a collection of granular authorizations
+ */
+ public Collection<RoleAuthorizationEntity> getAuthorizations() {
+ return authorizations;
+ }
+
+ /**
+ * Sets the collection of granular authorizations for this PermissionEntity
+ *
+ * @param authorizations a collection of granular authorizations
+ */
+ public void setAuthorizations(Collection<RoleAuthorizationEntity> authorizations) {
+ this.authorizations = authorizations;
+ }
- // ----- Object overrides --------------------------------------------------
+// ----- Object overrides --------------------------------------------------
@Override
public boolean equals(Object o) {
@@ -173,7 +207,8 @@ public class PermissionEntity {
return !(id != null ? !id.equals(that.id) : that.id != null) &&
!(permissionName != null ? !permissionName.equals(that.permissionName) : that.permissionName != null) &&
!(permissionLabel != null ? !permissionLabel.equals(that.permissionLabel) : that.permissionLabel != null) &&
- !(resourceType != null ? !resourceType.equals(that.resourceType) : that.resourceType != null);
+ !(resourceType != null ? !resourceType.equals(that.resourceType) : that.resourceType != null) &&
+ !(authorizations != null ? !authorizations.equals(that.authorizations) : that.authorizations != null);
}
@Override
@@ -182,6 +217,7 @@ public class PermissionEntity {
result = 31 * result + (permissionName != null ? permissionName.hashCode() : 0);
result = 31 * result + (permissionLabel != null ? permissionLabel.hashCode() : 0);
result = 31 * result + (resourceType != null ? resourceType.hashCode() : 0);
+ result = 31 * result + (authorizations != null ? authorizations.hashCode() : 0);
return result;
}
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/d08107d7/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/RoleAuthorizationEntity.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/RoleAuthorizationEntity.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/RoleAuthorizationEntity.java
new file mode 100644
index 0000000..2ad3384
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/RoleAuthorizationEntity.java
@@ -0,0 +1,114 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.orm.entities;
+
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.Id;
+import javax.persistence.NamedQueries;
+import javax.persistence.NamedQuery;
+import javax.persistence.Table;
+
+/**
+ * Represents an authorization (typically assigned to a permission)
+ */
+@Table(name = "roleauthorization")
+@Entity
+@NamedQueries({
+ @NamedQuery(name = "findAll", query = "SELECT a FROM RoleAuthorizationEntity a")
+})
+public class RoleAuthorizationEntity {
+
+ /**
+ * The authorization id.
+ */
+ @Id
+ @Column(name = "authorization_id")
+ private String authorizationId;
+
+
+ /**
+ * The authorization name.
+ */
+ @Column(name = "authorization_name")
+ private String authorizationName;
+
+ // ----- RoleAuthorizationEntity ---------------------------------------------------
+
+ /**
+ * Get the authorization id.
+ *
+ * @return the authorization id.
+ */
+ public String getAuthorizationId() {
+ return authorizationId;
+ }
+
+ /**
+ * Set the authorization id.
+ *
+ * @param authorizationId the type id.
+ */
+ public void setAuthorizationId(String authorizationId) {
+ this.authorizationId = authorizationId;
+ }
+
+ /**
+ * Get the authorization name.
+ *
+ * @return the authorization name
+ */
+ public String getAuthorizationName() {
+ return authorizationName;
+ }
+
+ /**
+ * Set the authorization name.
+ *
+ * @param authorizationName the authorization name
+ */
+ public void setAuthorizationName(String authorizationName) {
+ this.authorizationName = authorizationName;
+ }
+
+ // ----- Object overrides --------------------------------------------------
+
+ @Override
+ public boolean equals(Object o) {
+ if (this == o) {
+ return true;
+ }
+ if (o == null || getClass() != o.getClass()) {
+ return false;
+ }
+
+ RoleAuthorizationEntity that = (RoleAuthorizationEntity) o;
+
+ return !(authorizationId != null ? !authorizationId.equals(that.authorizationId) : that.authorizationId != null) &&
+ !(authorizationName != null ? !authorizationName.equals(that.authorizationName) : that.authorizationName != null);
+ }
+
+ @Override
+ public int hashCode() {
+ int result = authorizationId != null ? authorizationId.hashCode() : 0;
+ result = 31 * result + (authorizationName != null ? authorizationName.hashCode() : 0);
+ return result;
+ }
+}
http://git-wip-us.apache.org/repos/asf/ambari/blob/d08107d7/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog220.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog220.java b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog220.java
index 4251111..5f7e850 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog220.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog220.java
@@ -19,10 +19,17 @@
package org.apache.ambari.server.upgrade;
import java.sql.SQLException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
import org.apache.ambari.server.AmbariException;
import org.apache.ambari.server.orm.DBAccessor.DBColumnInfo;
import org.apache.ambari.server.orm.dao.DaoUtils;
+import org.apache.ambari.server.orm.dao.PermissionDAO;
+import org.apache.ambari.server.orm.dao.ResourceTypeDAO;
import org.apache.ambari.server.orm.entities.PermissionEntity;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -46,6 +53,11 @@ public class UpgradeCatalog220 extends AbstractUpgradeCatalog {
private static final String PERMISSION_NAME_COL = "permission_name";
private static final String PERMISSION_LABEL_COL = "permission_label";
+ private static final String ROLE_AUTHORIZATION_TABLE = "roleauthorization";
+ private static final String PERMISSION_ROLE_AUTHORIZATION_TABLE = "permission_roleauthorization";
+ private static final String ROLE_AUTHORIZATION_ID_COL = "authorization_id";
+ private static final String ROLE_AUTHORIZATION_NAME_COL = "authorization_name";
+
@Inject
DaoUtils daoUtils;
@@ -100,8 +112,8 @@ public class UpgradeCatalog220 extends AbstractUpgradeCatalog {
dbAccessor.addUniqueConstraint(USERS_TABLE, "UNQ_users_0", "user_name", "user_type");
-
updateAdminPermissionTable();
+ createRoleAuthorizationTables();
}
@Override
@@ -112,6 +124,191 @@ public class UpgradeCatalog220 extends AbstractUpgradeCatalog {
protected void executeDMLUpdates() throws AmbariException, SQLException {
setPermissionLabels();
updatePermissionNames();
+ addNewPermissions();
+ createRoleAuthorizations();
+ createPermissionRoleAuthorizationMap();
+ }
+
+ private void addNewPermissions() throws SQLException {
+ LOG.info("Adding new permissions: CLUSTER.OPERATOR, SERVICE.ADMINISTRATOR, SERVICE.OPERATOR");
+
+ PermissionDAO permissionDAO = injector.getInstance(PermissionDAO.class);
+ ResourceTypeDAO resourceTypeDAO = injector.getInstance(ResourceTypeDAO.class);
+ PermissionEntity permissionEntity = new PermissionEntity();
+
+ // CLUSTER.OPERATOR: Cluster Operator
+ permissionEntity.setId(null);
+ permissionEntity.setPermissionName("CLUSTER.OPERATOR");
+ permissionEntity.setPermissionLabel("Cluster Operator");
+ permissionEntity.setResourceType(resourceTypeDAO.findByName("CLUSTER"));
+ permissionDAO.create(permissionEntity);
+
+ // SERVICE.ADMINISTRATOR: Service Administrator
+ permissionEntity.setId(null);
+ permissionEntity.setPermissionName("SERVICE.ADMINISTRATOR");
+ permissionEntity.setPermissionLabel("Service Administrator");
+ permissionEntity.setResourceType(resourceTypeDAO.findByName("CLUSTER"));
+ permissionDAO.create(permissionEntity);
+
+ // SERVICE.OPERATOR: Service Operator
+ permissionEntity.setId(null);
+ permissionEntity.setPermissionName("SERVICE.OPERATOR");
+ permissionEntity.setPermissionLabel("Service Operator");
+ permissionEntity.setResourceType(resourceTypeDAO.findByName("CLUSTER"));
+ permissionDAO.create(permissionEntity);
+ }
+
+
+ private void createRoleAuthorizations() throws SQLException {
+ LOG.info("Adding authorizations");
+
+ String[] columnNames = new String[]{ROLE_AUTHORIZATION_ID_COL, ROLE_AUTHORIZATION_NAME_COL};
+
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'VIEW.USE'", "'Use View'"}, false);
+
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.VIEW_METRICS'", "'View metrics'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.VIEW_STATUS_INFO'", "'View status information'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.VIEW_CONFIGS'", "'View configurations'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.COMPARE_CONFIGS'", "'Compare configurations'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.VIEW_ALERTS'", "'View service alerts'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.START_STOP'", "'Start/Stop/Restart Service'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.DECOMMISSION_RECOMMISSION'", "'Decommission/recommission'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.RUN_SERVICE_CHECK'", "'Run service checks'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.TOGGLE_MAINTENANCE'", "'Turn on/off maintenance mode'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.RUN_CUSTOM_COMMAND'", "'Perform service-specific tasks'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.MODIFY_CONFIGS'", "'Modify configurations'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.MANAGE_CONFIG_GROUPS'", "'Manage configuration groups'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.MOVE'", "'Move to another host'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.ENABLE_HA'", "'Enable HA'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.TOGGLE_ALERTS'", "'Enable/disable service alerts'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.ADD_DELETE_SERVICES'", "'Add Service to cluster'"}, false);
+
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'HOST.VIEW_METRICS'", "'View metrics'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'HOST.VIEW_STATUS_INFO'", "'View status information'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'HOST.VIEW_CONFIGS'", "'View configuration'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'HOST.TOGGLE_MAINTENANCE'", "'Turn on/off maintenance mode'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'HOST.ADD_DELETE_COMPONENTS'", "'Install components'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'HOST.ADD_DELETE_HOSTS'", "'Add/Delete hosts'"}, false);
+
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'CLUSTER.VIEW_METRICS'", "'View metrics'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'CLUSTER.VIEW_STATUS_INFO'", "'View status information'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'CLUSTER.VIEW_CONFIGS'", "'View configuration'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'CLUSTER.VIEW_STACK_DETAILS'", "'View stack version details'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'CLUSTER.VIEW_ALERTS'", "'View alerts'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'CLUSTER.TOGGLE_ALERTS'", "'Enable/disable alerts'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'CLUSTER.TOGGLE_KERBEROS'", "'Enable/disable Kerberos'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'CLUSTER.UPGRADE_DOWNGRADE_STACK'", "'Upgrade/downgrade stack'"}, false);
+
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'AMBARI.ADD_DELETE_CLUSTERS'", "'Create new clusters'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'AMBARI.SET_SERVICE_USERS_GROUPS'", "'Set service users and groups'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'AMBARI.RENAME_CLUSTER'", "'Rename clusters'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'AMBARI.MANAGE_USERS'", "'Manage users'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'AMBARI.MANAGE_GROUPS'", "'Manage groups'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'AMBARI.MANAGE_VIEWS'", "'Manage Ambari Views'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'AMBARI.ASSIGN_ROLES'", "'Assign roles'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'AMBARI.MANAGE_STACK_VERSIONS'", "'Manage stack versions'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'AMBARI.EDIT_STACK_REPOS'", "'Edit stack repository URLs'"}, false);
+ }
+
+ private void createPermissionRoleAuthorizationMap() throws SQLException {
+ LOG.info("Creating permission to authorizations map");
+
+ String[] columnNames = new String[] {PERMISSION_ID_COL, ROLE_AUTHORIZATION_ID_COL};
+
+ // Determine the role Ids"
+ PermissionDAO permissionDAO = injector.getInstance(PermissionDAO.class);
+ ResourceTypeDAO resourceTypeDAO = injector.getInstance(ResourceTypeDAO.class);
+
+ String viewPermissionId = permissionDAO.findPermissionByNameAndType("VIEW.USER", resourceTypeDAO.findByName("VIEW")).getId().toString();
+ String administratorPermissionId = permissionDAO.findPermissionByNameAndType("AMBARI.ADMINISTRATOR", resourceTypeDAO.findByName("AMBARI")).getId().toString();
+ String clusterUserPermissionId = permissionDAO.findPermissionByNameAndType("CLUSTER.USER", resourceTypeDAO.findByName("CLUSTER")).getId().toString();
+ String clusterOperatorPermissionId = permissionDAO.findPermissionByNameAndType("CLUSTER.OPERATOR", resourceTypeDAO.findByName("CLUSTER")).getId().toString();
+ String clusterAdministratorPermissionId = permissionDAO.findPermissionByNameAndType("CLUSTER.ADMINISTRATOR", resourceTypeDAO.findByName("CLUSTER")).getId().toString();
+ String serviceAdministratorPermissionId = permissionDAO.findPermissionByNameAndType("SERVICE.ADMINISTRATOR", resourceTypeDAO.findByName("CLUSTER")).getId().toString();
+ String serviceOperatorPermissionId = permissionDAO.findPermissionByNameAndType("SERVICE.OPERATOR", resourceTypeDAO.findByName("CLUSTER")).getId().toString();
+
+ // Create role groups
+ List<String> viewUserOnly = Arrays.asList(viewPermissionId);
+ List<String> clusterUserAndUp = Arrays.asList(
+ clusterUserPermissionId,
+ serviceOperatorPermissionId,
+ serviceAdministratorPermissionId,
+ clusterOperatorPermissionId,
+ clusterAdministratorPermissionId,
+ administratorPermissionId);
+ List<String> serviceOperatorAndUp = Arrays.asList(
+ serviceOperatorPermissionId,
+ serviceAdministratorPermissionId,
+ clusterOperatorPermissionId,
+ clusterAdministratorPermissionId,
+ administratorPermissionId);
+ List<String> serviceAdministratorAndUp = Arrays.asList(
+ serviceAdministratorPermissionId,
+ clusterOperatorPermissionId,
+ clusterAdministratorPermissionId,
+ administratorPermissionId);
+ List<String> clusterOperatorAndUp = Arrays.asList(
+ clusterOperatorPermissionId,
+ clusterAdministratorPermissionId,
+ administratorPermissionId);
+ List<String> clusterAdministratorAndUp = Arrays.asList(
+ clusterAdministratorPermissionId,
+ administratorPermissionId);
+ List<String> administratorOnly = Arrays.asList(administratorPermissionId);
+
+ // A map of the authorizations to the relevant roles
+ Map<String, List<String>> map = new HashMap<String, List<String>>();
+ map.put("VIEW.USE", viewUserOnly);
+ map.put("SERVICE.VIEW_METRICS", clusterUserAndUp);
+ map.put("SERVICE.VIEW_STATUS_INFO", clusterUserAndUp);
+ map.put("SERVICE.VIEW_CONFIGS", clusterUserAndUp);
+ map.put("SERVICE.COMPARE_CONFIGS", clusterUserAndUp);
+ map.put("SERVICE.VIEW_ALERTS", clusterUserAndUp);
+ map.put("SERVICE.START_STOP", serviceOperatorAndUp);
+ map.put("SERVICE.DECOMMISSION_RECOMMISSION", serviceOperatorAndUp);
+ map.put("SERVICE.RUN_SERVICE_CHECK", serviceOperatorAndUp);
+ map.put("SERVICE.TOGGLE_MAINTENANCE", serviceOperatorAndUp);
+ map.put("SERVICE.RUN_CUSTOM_COMMAND", serviceOperatorAndUp);
+ map.put("SERVICE.MODIFY_CONFIGS", serviceAdministratorAndUp);
+ map.put("SERVICE.MANAGE_CONFIG_GROUPS", serviceAdministratorAndUp);
+ map.put("SERVICE.MOVE", serviceAdministratorAndUp);
+ map.put("SERVICE.ENABLE_HA", serviceAdministratorAndUp);
+ map.put("SERVICE.TOGGLE_ALERTS", serviceAdministratorAndUp);
+ map.put("SERVICE.ADD_DELETE_SERVICES", clusterAdministratorAndUp);
+ map.put("HOST.VIEW_METRICS",clusterUserAndUp);
+ map.put("HOST.VIEW_STATUS_INFO", clusterUserAndUp);
+ map.put("HOST.VIEW_CONFIGS", clusterUserAndUp);
+ map.put("HOST.TOGGLE_MAINTENANCE", clusterOperatorAndUp);
+ map.put("HOST.ADD_DELETE_COMPONENTS", clusterOperatorAndUp);
+ map.put("HOST.ADD_DELETE_HOSTS", clusterOperatorAndUp);
+ map.put("CLUSTER.VIEW_METRICS", clusterUserAndUp);
+ map.put("CLUSTER.VIEW_STATUS_INFO", clusterUserAndUp);
+ map.put("CLUSTER.VIEW_CONFIGS", clusterUserAndUp);
+ map.put("CLUSTER.VIEW_STACK_DETAILS", clusterUserAndUp);
+ map.put("CLUSTER.VIEW_ALERTS", clusterUserAndUp);
+ map.put("CLUSTER.TOGGLE_ALERTS", clusterAdministratorAndUp);
+ map.put("CLUSTER.TOGGLE_KERBEROS", clusterAdministratorAndUp);
+ map.put("CLUSTER.UPGRADE_DOWNGRADE_STACK", clusterAdministratorAndUp);
+ map.put("AMBARI.ADD_DELETE_CLUSTERS", administratorOnly);
+ map.put("AMBARI.SET_SERVICE_USERS_GROUPS", administratorOnly);
+ map.put("AMBARI.RENAME_CLUSTER", administratorOnly);
+ map.put("AMBARI.MANAGE_USERS", administratorOnly);
+ map.put("AMBARI.MANAGE_GROUPS", administratorOnly);
+ map.put("AMBARI.MANAGE_VIEWS", administratorOnly);
+ map.put("AMBARI.ASSIGN_ROLES", administratorOnly);
+ map.put("AMBARI.MANAGE_STACK_VERSIONS", administratorOnly);
+ map.put("AMBARI.EDIT_STACK_REPOS", administratorOnly);
+
+ // Iterate over the map of authorizations to role to find the set of roles to map to each
+ // authorization and then add the relevant record
+ for(Map.Entry<String,List<String>> entry: map.entrySet()) {
+ String authorizationId = entry.getKey();
+
+ for(String permissionId : entry.getValue()) {
+ dbAccessor.insertRow(PERMISSION_ROLE_AUTHORIZATION_TABLE, columnNames,
+ new String[]{permissionId, "'" + authorizationId + "'"}, false);
+ }
+ }
}
@@ -122,6 +319,31 @@ public class UpgradeCatalog220 extends AbstractUpgradeCatalog {
dbAccessor.addColumn(ADMIN_PERMISSION_TABLE, new DBColumnInfo(PERMISSION_LABEL_COL, String.class, 255, null, true));
}
+ private void createRoleAuthorizationTables() throws SQLException {
+
+ ArrayList<DBColumnInfo> columns;
+
+ // Add roleauthorization table
+ LOG.info("Creating " + ROLE_AUTHORIZATION_TABLE + " table");
+ columns = new ArrayList<DBColumnInfo>();
+ columns.add(new DBColumnInfo(ROLE_AUTHORIZATION_ID_COL, String.class, 100, null, false));
+ columns.add(new DBColumnInfo(ROLE_AUTHORIZATION_NAME_COL, String.class, 255, null, false));
+ dbAccessor.createTable(ROLE_AUTHORIZATION_TABLE, columns, ROLE_AUTHORIZATION_ID_COL);
+
+ // Add permission_roleauthorization table to map roleauthorizations to permissions (aka roles)
+ LOG.info("Creating " + PERMISSION_ROLE_AUTHORIZATION_TABLE + " table");
+ columns = new ArrayList<DBColumnInfo>();
+ columns.add(new DBColumnInfo(PERMISSION_ID_COL, Long.class, null, null, false));
+ columns.add(new DBColumnInfo(ROLE_AUTHORIZATION_ID_COL, String.class, 100, null, false));
+ dbAccessor.createTable(PERMISSION_ROLE_AUTHORIZATION_TABLE, columns, PERMISSION_ID_COL, ROLE_AUTHORIZATION_ID_COL);
+
+ dbAccessor.addFKConstraint(PERMISSION_ROLE_AUTHORIZATION_TABLE, "FK_permission_roleauthorization_permission_id",
+ PERMISSION_ID_COL, ADMIN_PERMISSION_TABLE, PERMISSION_ID_COL, false);
+
+ dbAccessor.addFKConstraint(PERMISSION_ROLE_AUTHORIZATION_TABLE, "FK_permission_roleauthorization_authorization_id",
+ ROLE_AUTHORIZATION_ID_COL, ROLE_AUTHORIZATION_TABLE, ROLE_AUTHORIZATION_ID_COL, false);
+ }
+
private void setPermissionLabels() throws SQLException {
String updateStatement = "UPDATE " + ADMIN_PERMISSION_TABLE + " SET " + PERMISSION_LABEL_COL + "='%s' WHERE " + PERMISSION_ID_COL + "=%d";
http://git-wip-us.apache.org/repos/asf/ambari/blob/d08107d7/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql
index 65dacd1..f7d6927 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql
@@ -534,6 +534,16 @@ CREATE TABLE adminpermission (
permission_label VARCHAR(255),
PRIMARY KEY(permission_id));
+CREATE TABLE roleauthorization (
+ authorization_id VARCHAR(100) NOT NULL,
+ authorization_name VARCHAR(255) NOT NULL,
+ PRIMARY KEY(authorization_id));
+
+CREATE TABLE permission_roleauthorization (
+ permission_id BIGINT NOT NULL,
+ authorization_id VARCHAR(100) NOT NULL,
+ PRIMARY KEY(permission_id, authorization_id));
+
CREATE TABLE adminprivilege (
privilege_id BIGINT,
permission_id BIGINT NOT NULL,
@@ -719,6 +729,8 @@ ALTER TABLE viewentity ADD CONSTRAINT FK_viewentity_view_name FOREIGN KEY (view_
ALTER TABLE adminresource ADD CONSTRAINT FK_resource_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id);
ALTER TABLE adminprincipal ADD CONSTRAINT FK_principal_principal_type_id FOREIGN KEY (principal_type_id) REFERENCES adminprincipaltype(principal_type_id);
ALTER TABLE adminpermission ADD CONSTRAINT FK_permission_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id);
+ALTER TABLE permission_roleauthorization ADD CONSTRAINT FK_permission_roleauthorization_permission_id FOREIGN KEY (permission_id) REFERENCES adminpermission(permission_id);
+ALTER TABLE permission_roleauthorization ADD CONSTRAINT FK_permission_roleauthorization_authorization_id FOREIGN KEY (authorization_id) REFERENCES roleauthorization(authorization_id);
ALTER TABLE adminprivilege ADD CONSTRAINT FK_privilege_permission_id FOREIGN KEY (permission_id) REFERENCES adminpermission(permission_id);
ALTER TABLE adminprivilege ADD CONSTRAINT FK_privilege_resource_id FOREIGN KEY (resource_id) REFERENCES adminresource(resource_id);
ALTER TABLE viewmain ADD CONSTRAINT FK_view_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id);
@@ -998,7 +1010,227 @@ insert into adminpermission(permission_id, permission_name, resource_type_id, pe
union all
select 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator'
union all
- select 4, 'VIEW.USER', 3, 'View User';
+ select 4, 'VIEW.USER', 3, 'View User'
+ union all
+ select 5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator'
+ union all
+ select 6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator'
+ union all
+ select 7, 'SERVICE.OPERATOR', 2, 'Service Operator';
+
+INSERT INTO roleauthorization(authorization_id, authorization_name)
+ SELECT 'VIEW.USE', 'Use View' UNION ALL
+ SELECT 'SERVICE.VIEW_METRICS', 'View metrics' UNION ALL
+ SELECT 'SERVICE.VIEW_STATUS_INFO', 'View status information' UNION ALL
+ SELECT 'SERVICE.VIEW_CONFIGS', 'View configurations' UNION ALL
+ SELECT 'SERVICE.COMPARE_CONFIGS', 'Compare configurations' UNION ALL
+ SELECT 'SERVICE.VIEW_ALERTS', 'View service alerts' UNION ALL
+ SELECT 'SERVICE.START_STOP', 'Start/Stop/Restart Service' UNION ALL
+ SELECT 'SERVICE.DECOMMISSION_RECOMMISSION', 'Decommission/recommission' UNION ALL
+ SELECT 'SERVICE.RUN_SERVICE_CHECK', 'Run service checks' UNION ALL
+ SELECT 'SERVICE.TOGGLE_MAINTENANCE', 'Turn on/off maintenance mode' UNION ALL
+ SELECT 'SERVICE.RUN_CUSTOM_COMMAND', 'Perform service-specific tasks' UNION ALL
+ SELECT 'SERVICE.MODIFY_CONFIGS', 'Modify configurations' UNION ALL
+ SELECT 'SERVICE.MANAGE_CONFIG_GROUPS', 'Manage configuration groups' UNION ALL
+ SELECT 'SERVICE.MOVE', 'Move to another host' UNION ALL
+ SELECT 'SERVICE.ENABLE_HA', 'Enable HA' UNION ALL
+ SELECT 'SERVICE.TOGGLE_ALERTS', 'Enable/disable service alerts' UNION ALL
+ SELECT 'SERVICE.ADD_DELETE_SERVICES', 'Add Service to cluster' UNION ALL
+ SELECT 'HOST.VIEW_METRICS', 'View metrics' UNION ALL
+ SELECT 'HOST.VIEW_STATUS_INFO', 'View status information' UNION ALL
+ SELECT 'HOST.VIEW_CONFIGS', 'View configuration' UNION ALL
+ SELECT 'HOST.TOGGLE_MAINTENANCE', 'Turn on/off maintenance mode' UNION ALL
+ SELECT 'HOST.ADD_DELETE_COMPONENTS', 'Install components' UNION ALL
+ SELECT 'HOST.ADD_DELETE_HOSTS', 'Add/Delete hosts' UNION ALL
+ SELECT 'CLUSTER.VIEW_METRICS', 'View metrics' UNION ALL
+ SELECT 'CLUSTER.VIEW_STATUS_INFO', 'View status information' UNION ALL
+ SELECT 'CLUSTER.VIEW_CONFIGS', 'View configuration' UNION ALL
+ SELECT 'CLUSTER.VIEW_STACK_DETAILS', 'View stack version details' UNION ALL
+ SELECT 'CLUSTER.VIEW_ALERTS', 'View alerts' UNION ALL
+ SELECT 'CLUSTER.TOGGLE_ALERTS', 'Enable/disable alerts' UNION ALL
+ SELECT 'CLUSTER.TOGGLE_KERBEROS', 'Enable/disable Kerberos' UNION ALL
+ SELECT 'CLUSTER.UPGRADE_DOWNGRADE_STACK', 'Upgrade/downgrade stack' UNION ALL
+ SELECT 'AMBARI.ADD_DELETE_CLUSTERS', 'Create new clusters' UNION ALL
+ SELECT 'AMBARI.SET_SERVICE_USERS_GROUPS', 'Set service users and groups' UNION ALL
+ SELECT 'AMBARI.RENAME_CLUSTER', 'Rename clusters' UNION ALL
+ SELECT 'AMBARI.MANAGE_USERS', 'Manage users' UNION ALL
+ SELECT 'AMBARI.MANAGE_GROUPS', 'Manage groups' UNION ALL
+ SELECT 'AMBARI.MANAGE_VIEWS', 'Manage Ambari Views' UNION ALL
+ SELECT 'AMBARI.ASSIGN_ROLES', 'Assign roles' UNION ALL
+ SELECT 'AMBARI.MANAGE_STACK_VERSIONS', 'Manage stack versions' UNION ALL
+ SELECT 'AMBARI.EDIT_STACK_REPOS', 'Edit stack repository URLs' FROM adminresourcetype WHERE resource_type_name='AMBARI';
+
+-- Set authorizations for View User role
+INSERT INTO permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'VIEW.USE' FROM adminpermission WHERE permission_name='VIEW.USER';
+
+-- Set authorizations for Cluster User role
+INSERT INTO permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'SERVICE.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'SERVICE.COMPARE_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.USER';
+
+-- Set authorizations for Service Operator role
+INSERT INTO permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'SERVICE.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.COMPARE_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.START_STOP' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.DECOMMISSION_RECOMMISSION' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_SERVICE_CHECK' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR';
+
+-- Set authorizations for Service Administrator role
+INSERT INTO permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'SERVICE.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.COMPARE_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.START_STOP' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.DECOMMISSION_RECOMMISSION' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_SERVICE_CHECK' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR';
+
+-- Set authorizations for Cluster Operator role
+INSERT INTO permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'SERVICE.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.COMPARE_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.START_STOP' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.DECOMMISSION_RECOMMISSION' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_SERVICE_CHECK' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.ADD_DELETE_COMPONENTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.ADD_DELETE_HOSTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR';
+
+-- Set authorizations for Cluster Administrator role
+INSERT INTO permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'SERVICE.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.COMPARE_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.START_STOP' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.DECOMMISSION_RECOMMISSION' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_SERVICE_CHECK' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.ADD_DELETE_SERVICES' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.ADD_DELETE_COMPONENTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.ADD_DELETE_HOSTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR';
+
+-- Set authorizations for Administrator role
+INSERT INTO permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'VIEW.USE' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_METRICS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.COMPARE_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.START_STOP' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.DECOMMISSION_RECOMMISSION' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_SERVICE_CHECK' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.ADD_DELETE_SERVICES' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.ADD_DELETE_COMPONENTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.ADD_DELETE_HOSTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_METRICS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.ADD_DELETE_CLUSTERS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.SET_SERVICE_USERS_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.RENAME_CLUSTER' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.MANAGE_USERS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.MANAGE_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.MANAGE_VIEWS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.ASSIGN_ROLES' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.MANAGE_STACK_VERSIONS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.EDIT_STACK_REPOS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR';
insert into adminprivilege (privilege_id, permission_id, resource_id, principal_id)
select 1, 1, 1, 1;