You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by rl...@apache.org on 2015/11/18 19:43:05 UTC
[1/4] ambari git commit: AMBARI-13865. Add authorizations to
permissions so that the definition of a permission (or role) is explicit
(rlevas)
Repository: ambari
Updated Branches:
refs/heads/trunk 58b598a5b -> d08107d70
http://git-wip-us.apache.org/repos/asf/ambari/blob/d08107d7/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog220Test.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog220Test.java b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog220Test.java
index 87dbe03..0861878 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog220Test.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog220Test.java
@@ -17,25 +17,26 @@
*/
package org.apache.ambari.server.upgrade;
-import static org.easymock.EasyMock.capture;
-import static org.easymock.EasyMock.createNiceMock;
-import static org.easymock.EasyMock.eq;
-import static org.easymock.EasyMock.expect;
-import static org.easymock.EasyMock.expectLastCall;
-import static org.easymock.EasyMock.replay;
-import static org.easymock.EasyMock.verify;
+import static org.easymock.EasyMock.*;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import java.lang.reflect.Field;
+import java.util.List;
import org.apache.ambari.server.configuration.Configuration;
import org.apache.ambari.server.orm.DBAccessor;
+import org.apache.ambari.server.orm.dao.DaoUtils;
+import org.apache.ambari.server.orm.dao.PermissionDAO;
+import org.apache.ambari.server.orm.dao.ResourceTypeDAO;
import org.apache.ambari.server.orm.entities.PermissionEntity;
+import org.apache.ambari.server.orm.entities.ResourceTypeEntity;
import org.apache.ambari.server.state.stack.OsFamily;
import org.easymock.Capture;
import org.easymock.EasyMock;
+import org.easymock.EasyMockSupport;
import org.junit.Assert;
+import org.junit.Before;
import org.junit.Test;
import com.google.inject.Binder;
@@ -43,37 +44,76 @@ import com.google.inject.Guice;
import com.google.inject.Injector;
import com.google.inject.Module;
+import javax.persistence.EntityManager;
+
/**
* UpgradeCatalog220 tests.
*/
-public class UpgradeCatalog220Test {
+public class UpgradeCatalog220Test extends EasyMockSupport {
+
+ private Injector injector;
+ @Before
+ public void setup() {
+ resetAll();
+
+ Module module = new Module() {
+ @Override
+ public void configure(Binder binder) {
+ binder.bind(DBAccessor.class).toInstance(createNiceMock(DBAccessor.class));
+ binder.bind(OsFamily.class).toInstance(createNiceMock(OsFamily.class));
+ binder.bind(EntityManager.class).toInstance(createNiceMock(EntityManager.class));
+ binder.bind(DaoUtils.class).toInstance(createNiceMock(DaoUtils.class));
+ binder.bind(PermissionDAO.class).toInstance(createNiceMock(PermissionDAO.class));
+ binder.bind(ResourceTypeDAO.class).toInstance(createMock(ResourceTypeDAO.class));
+ }
+ };
+
+ injector = Guice.createInjector(module);
+ }
@Test
public void testExecuteDDLUpdates() throws Exception {
- final DBAccessor dbAccessor = createNiceMock(DBAccessor.class);
+ final DBAccessor dbAccessor = injector.getInstance(DBAccessor.class);
Configuration configuration = createNiceMock(Configuration.class);
expect(configuration.getDatabaseUrl()).andReturn(Configuration.JDBC_IN_MEMORY_URL).anyTimes();
- Capture<DBAccessor.DBColumnInfo> columnCapture = new Capture<DBAccessor.DBColumnInfo>();
+ Capture<DBAccessor.DBColumnInfo> columnCapture = EasyMock.newCapture();
Capture<DBAccessor.DBColumnInfo> columnCapturePermissionLabel = EasyMock.newCapture();
+ Capture<List<DBAccessor.DBColumnInfo>> columnsCaptureRoleAuthorization = EasyMock.newCapture();
+ Capture<List<DBAccessor.DBColumnInfo>> columnsCapturePermissionRoleAuthorization = EasyMock.newCapture();
dbAccessor.alterColumn(eq("host_role_command"), capture(columnCapture));
+ expectLastCall();
+
dbAccessor.addColumn(eq("adminpermission"), capture(columnCapturePermissionLabel));
expectLastCall();
+ dbAccessor.createTable(eq("roleauthorization"), capture(columnsCaptureRoleAuthorization), eq("authorization_id"));
+ expectLastCall();
+
+ dbAccessor.createTable(eq("permission_roleauthorization"), capture(columnsCapturePermissionRoleAuthorization), eq("permission_id"), eq("authorization_id"));
+ expectLastCall();
+
+ dbAccessor.addFKConstraint("permission_roleauthorization", "FK_permission_roleauthorization_permission_id",
+ "permission_id", "adminpermission", "permission_id", false);
+ expectLastCall();
+
+ dbAccessor.addFKConstraint("permission_roleauthorization", "FK_permission_roleauthorization_authorization_id",
+ "authorization_id", "roleauthorization", "authorization_id", false);
+ expectLastCall();
- replay(dbAccessor, configuration);
- AbstractUpgradeCatalog upgradeCatalog = getUpgradeCatalog(dbAccessor);
+ replayAll();
+ AbstractUpgradeCatalog upgradeCatalog = injector.getInstance(UpgradeCatalog220.class);
Class<?> c = AbstractUpgradeCatalog.class;
Field f = c.getDeclaredField("configuration");
f.setAccessible(true);
f.set(upgradeCatalog, configuration);
upgradeCatalog.executeDDLUpdates();
- verify(dbAccessor, configuration);
+ verifyAll();
assertTrue(columnCapture.getValue().isNullable());
@@ -81,12 +121,101 @@ public class UpgradeCatalog220Test {
assertEquals(columnCapturePermissionLabel.getValue().getType(), String.class);
assertEquals(columnCapturePermissionLabel.getValue().getLength(), Integer.valueOf(255));
assertEquals(columnCapturePermissionLabel.getValue().isNullable(), true);
+
+ List<DBAccessor.DBColumnInfo> columnInfos;
+ DBAccessor.DBColumnInfo columnInfo;
+
+ // Verify roleauthorization table
+ columnInfos = columnsCaptureRoleAuthorization.getValue();
+ assertEquals(2, columnInfos.size());
+
+ columnInfo = columnInfos.get(0);
+ assertEquals("authorization_id", columnInfo.getName());
+ assertEquals(String.class, columnInfo.getType());
+ assertEquals(Integer.valueOf(100), columnInfo.getLength());
+
+ columnInfo = columnInfos.get(1);
+ assertEquals("authorization_name", columnInfo.getName());
+ assertEquals(String.class, columnInfo.getType());
+ assertEquals(Integer.valueOf(255), columnInfo.getLength());
+
+ // Verify permission_roleauthorization table
+ columnInfos = columnsCapturePermissionRoleAuthorization.getValue();
+ assertEquals(2, columnInfos.size());
+
+ columnInfo = columnInfos.get(0);
+ assertEquals("permission_id", columnInfo.getName());
+ assertEquals(Long.class, columnInfo.getType());
+ assertEquals(null, columnInfo.getLength());
+
+ columnInfo = columnInfos.get(1);
+ assertEquals("authorization_id", columnInfo.getName());
+ assertEquals(String.class, columnInfo.getType());
+ assertEquals(Integer.valueOf(100), columnInfo.getLength());
}
@Test
public void testExecuteDMLUpdates() throws Exception {
- final DBAccessor dbAccessor = createNiceMock(DBAccessor.class);
- UpgradeCatalog220 upgradeCatalog = (UpgradeCatalog220) getUpgradeCatalog(dbAccessor);
+ final DBAccessor dbAccessor = injector.getInstance(DBAccessor.class);
+ UpgradeCatalog220 upgradeCatalog = injector.getInstance(UpgradeCatalog220.class);
+
+ final ResourceTypeEntity ambariResourceTypeEntity = createMock(ResourceTypeEntity.class);
+ expect(ambariResourceTypeEntity.getId()).andReturn(1).anyTimes();
+
+ final ResourceTypeEntity clusterResourceTypeEntity = createMock(ResourceTypeEntity.class);
+ expect(clusterResourceTypeEntity.getId()).andReturn(2).anyTimes();
+
+ final ResourceTypeEntity viewResourceTypeEntity = createMock(ResourceTypeEntity.class);
+ expect(viewResourceTypeEntity.getId()).andReturn(3).anyTimes();
+
+ final ResourceTypeDAO resourceTypeDAO = injector.getInstance(ResourceTypeDAO.class);
+ expect(resourceTypeDAO.findByName("AMBARI")).andReturn(ambariResourceTypeEntity).anyTimes();
+ expect(resourceTypeDAO.findByName("CLUSTER")).andReturn(clusterResourceTypeEntity).anyTimes();
+ expect(resourceTypeDAO.findByName("VIEW")).andReturn(viewResourceTypeEntity).anyTimes();
+
+ final PermissionEntity viewUserPermissionEntity = createMock(PermissionEntity.class);
+ expect(viewUserPermissionEntity.getId()).andReturn(1).anyTimes();
+
+ final PermissionEntity ambariAdministratorPermissionEntity = createMock(PermissionEntity.class);
+ expect(ambariAdministratorPermissionEntity.getId()).andReturn(2).anyTimes();
+
+ final PermissionEntity clusterUserPermissionEntity = createMock(PermissionEntity.class);
+ expect(clusterUserPermissionEntity.getId()).andReturn(3).anyTimes();
+
+ final PermissionEntity clusterOperatorPermissionEntity = createMock(PermissionEntity.class);
+ expect(clusterOperatorPermissionEntity.getId()).andReturn(4).anyTimes();
+
+ final PermissionEntity clusterAdministratorPermissionEntity = createMock(PermissionEntity.class);
+ expect(clusterAdministratorPermissionEntity.getId()).andReturn(5).anyTimes();
+
+ final PermissionEntity serviceAdministratorPermissionEntity = createMock(PermissionEntity.class);
+ expect(serviceAdministratorPermissionEntity.getId()).andReturn(6).anyTimes();
+
+ final PermissionEntity serviceOperatorPermissionEntity = createMock(PermissionEntity.class);
+ expect(serviceOperatorPermissionEntity.getId()).andReturn(7).anyTimes();
+
+ final PermissionDAO permissionDAO = injector.getInstance(PermissionDAO.class);
+ expect(permissionDAO.findPermissionByNameAndType("VIEW.USER", viewResourceTypeEntity))
+ .andReturn(viewUserPermissionEntity)
+ .anyTimes();
+ expect(permissionDAO.findPermissionByNameAndType("AMBARI.ADMINISTRATOR", ambariResourceTypeEntity))
+ .andReturn(ambariAdministratorPermissionEntity)
+ .anyTimes();
+ expect(permissionDAO.findPermissionByNameAndType("CLUSTER.USER", clusterResourceTypeEntity))
+ .andReturn(clusterUserPermissionEntity)
+ .anyTimes();
+ expect(permissionDAO.findPermissionByNameAndType("CLUSTER.OPERATOR", clusterResourceTypeEntity))
+ .andReturn(clusterOperatorPermissionEntity)
+ .anyTimes();
+ expect(permissionDAO.findPermissionByNameAndType("CLUSTER.ADMINISTRATOR", clusterResourceTypeEntity))
+ .andReturn(clusterAdministratorPermissionEntity)
+ .anyTimes();
+ expect(permissionDAO.findPermissionByNameAndType("SERVICE.ADMINISTRATOR", clusterResourceTypeEntity))
+ .andReturn(serviceAdministratorPermissionEntity)
+ .anyTimes();
+ expect(permissionDAO.findPermissionByNameAndType("SERVICE.OPERATOR", clusterResourceTypeEntity))
+ .andReturn(serviceOperatorPermissionEntity)
+ .anyTimes();
String updateQueryPattern;
@@ -97,7 +226,7 @@ public class UpgradeCatalog220Test {
.andReturn(1).once();
expect(dbAccessor.executeUpdate(String.format(updateQueryPattern,
"Cluster User", PermissionEntity.CLUSTER_USER_PERMISSION)))
- .andReturn(1).once();
+ .andReturn(1).once();
expect(dbAccessor.executeUpdate(String.format(updateQueryPattern,
"Cluster Administrator", PermissionEntity.CLUSTER_ADMINISTRATOR_PERMISSION)))
.andReturn(1).once();
@@ -120,37 +249,21 @@ public class UpgradeCatalog220Test {
PermissionEntity.VIEW_USER_PERMISSION_NAME, PermissionEntity.VIEW_USER_PERMISSION)))
.andReturn(1).once();
- replay(dbAccessor);
+ replayAll();
upgradeCatalog.executeDMLUpdates();
- verify(dbAccessor);
+ verifyAll();
}
@Test
public void testGetTargetVersion() throws Exception {
- final DBAccessor dbAccessor = createNiceMock(DBAccessor.class);
- UpgradeCatalog upgradeCatalog = getUpgradeCatalog(dbAccessor);
-
+ UpgradeCatalog upgradeCatalog = injector.getInstance(UpgradeCatalog220.class);
Assert.assertEquals("2.2.0", upgradeCatalog.getTargetVersion());
}
@Test
public void testGetSourceVersion() {
- final DBAccessor dbAccessor = createNiceMock(DBAccessor.class);
- UpgradeCatalog upgradeCatalog = getUpgradeCatalog(dbAccessor);
+ UpgradeCatalog upgradeCatalog = injector.getInstance(UpgradeCatalog220.class);
Assert.assertEquals("2.1.3", upgradeCatalog.getSourceVersion());
}
- private AbstractUpgradeCatalog getUpgradeCatalog(final DBAccessor dbAccessor) {
- Module module = new Module() {
- @Override
- public void configure(Binder binder) {
- binder.bind(DBAccessor.class).toInstance(dbAccessor);
- binder.bind(OsFamily.class).toInstance(createNiceMock(OsFamily.class));
- }
- };
- Injector injector = Guice.createInjector(module);
- return injector.getInstance(UpgradeCatalog220.class);
- }
-
-
}
[2/4] ambari git commit: AMBARI-13865. Add authorizations to
permissions so that the definition of a permission (or role) is explicit
(rlevas)
Posted by rl...@apache.org.
http://git-wip-us.apache.org/repos/asf/ambari/blob/d08107d7/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql
index 1e64394..e3ae8fd 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql
@@ -523,6 +523,16 @@ CREATE TABLE adminpermission (
permission_label VARCHAR(255),
PRIMARY KEY(permission_id));
+CREATE TABLE roleauthorization (
+ authorization_id VARCHAR(100) NOT NULL,
+ authorization_name VARCHAR(255) NOT NULL,
+ PRIMARY KEY(authorization_id));
+
+CREATE TABLE permission_roleauthorization (
+ permission_id NUMERIC(19) NOT NULL,
+ authorization_id VARCHAR(100) NOT NULL,
+ PRIMARY KEY(permission_id, authorization_id));
+
CREATE TABLE adminprivilege (
privilege_id NUMERIC(19),
permission_id NUMERIC(19) NOT NULL,
@@ -709,6 +719,8 @@ ALTER TABLE viewentity ADD CONSTRAINT FK_viewentity_view_name FOREIGN KEY (view_
ALTER TABLE adminresource ADD CONSTRAINT FK_resource_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id);
ALTER TABLE adminprincipal ADD CONSTRAINT FK_principal_principal_type_id FOREIGN KEY (principal_type_id) REFERENCES adminprincipaltype(principal_type_id);
ALTER TABLE adminpermission ADD CONSTRAINT FK_permission_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id);
+ALTER TABLE permission_roleauthorization ADD CONSTRAINT FK_permission_roleauthorization_permission_id FOREIGN KEY (permission_id) REFERENCES adminpermission(permission_id);
+ALTER TABLE permission_roleauthorization ADD CONSTRAINT FK_permission_roleauthorization_authorization_id FOREIGN KEY (authorization_id) REFERENCES roleauthorization(authorization_id);
ALTER TABLE adminprivilege ADD CONSTRAINT FK_privilege_permission_id FOREIGN KEY (permission_id) REFERENCES adminpermission(permission_id);
ALTER TABLE adminprivilege ADD CONSTRAINT FK_privilege_resource_id FOREIGN KEY (resource_id) REFERENCES adminresource(resource_id);
ALTER TABLE viewmain ADD CONSTRAINT FK_view_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id);
@@ -986,8 +998,228 @@ insert into adminpermission(permission_id, permission_name, resource_type_id, pe
union all
select 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator'
union all
- select 4, 'VIEW.USER', 3, 'View User';
-
+ select 4, 'VIEW.USER', 3, 'View User'
+ union all
+ select 5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator'
+ union all
+ select 6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator'
+ union all
+ select 7, 'SERVICE.OPERATOR', 2, 'Service Operator';
+
+ INSERT INTO roleauthorization(authorization_id, authorization_name)
+ SELECT 'VIEW.USE', 'Use View' UNION ALL
+ SELECT 'SERVICE.VIEW_METRICS', 'View metrics' UNION ALL
+ SELECT 'SERVICE.VIEW_STATUS_INFO', 'View status information' UNION ALL
+ SELECT 'SERVICE.VIEW_CONFIGS', 'View configurations' UNION ALL
+ SELECT 'SERVICE.COMPARE_CONFIGS', 'Compare configurations' UNION ALL
+ SELECT 'SERVICE.VIEW_ALERTS', 'View service alerts' UNION ALL
+ SELECT 'SERVICE.START_STOP', 'Start/Stop/Restart Service' UNION ALL
+ SELECT 'SERVICE.DECOMMISSION_RECOMMISSION', 'Decommission/recommission' UNION ALL
+ SELECT 'SERVICE.RUN_SERVICE_CHECK', 'Run service checks' UNION ALL
+ SELECT 'SERVICE.TOGGLE_MAINTENANCE', 'Turn on/off maintenance mode' UNION ALL
+ SELECT 'SERVICE.RUN_CUSTOM_COMMAND', 'Perform service-specific tasks' UNION ALL
+ SELECT 'SERVICE.MODIFY_CONFIGS', 'Modify configurations' UNION ALL
+ SELECT 'SERVICE.MANAGE_CONFIG_GROUPS', 'Manage configuration groups' UNION ALL
+ SELECT 'SERVICE.MOVE', 'Move to another host' UNION ALL
+ SELECT 'SERVICE.ENABLE_HA', 'Enable HA' UNION ALL
+ SELECT 'SERVICE.TOGGLE_ALERTS', 'Enable/disable service alerts' UNION ALL
+ SELECT 'SERVICE.ADD_DELETE_SERVICES', 'Add Service to cluster' UNION ALL
+ SELECT 'HOST.VIEW_METRICS', 'View metrics' UNION ALL
+ SELECT 'HOST.VIEW_STATUS_INFO', 'View status information' UNION ALL
+ SELECT 'HOST.VIEW_CONFIGS', 'View configuration' UNION ALL
+ SELECT 'HOST.TOGGLE_MAINTENANCE', 'Turn on/off maintenance mode' UNION ALL
+ SELECT 'HOST.ADD_DELETE_COMPONENTS', 'Install components' UNION ALL
+ SELECT 'HOST.ADD_DELETE_HOSTS', 'Add/Delete hosts' UNION ALL
+ SELECT 'CLUSTER.VIEW_METRICS', 'View metrics' UNION ALL
+ SELECT 'CLUSTER.VIEW_STATUS_INFO', 'View status information' UNION ALL
+ SELECT 'CLUSTER.VIEW_CONFIGS', 'View configuration' UNION ALL
+ SELECT 'CLUSTER.VIEW_STACK_DETAILS', 'View stack version details' UNION ALL
+ SELECT 'CLUSTER.VIEW_ALERTS', 'View alerts' UNION ALL
+ SELECT 'CLUSTER.TOGGLE_ALERTS', 'Enable/disable alerts' UNION ALL
+ SELECT 'CLUSTER.TOGGLE_KERBEROS', 'Enable/disable Kerberos' UNION ALL
+ SELECT 'CLUSTER.UPGRADE_DOWNGRADE_STACK', 'Upgrade/downgrade stack' UNION ALL
+ SELECT 'AMBARI.ADD_DELETE_CLUSTERS', 'Create new clusters' UNION ALL
+ SELECT 'AMBARI.SET_SERVICE_USERS_GROUPS', 'Set service users and groups' UNION ALL
+ SELECT 'AMBARI.RENAME_CLUSTER', 'Rename clusters' UNION ALL
+ SELECT 'AMBARI.MANAGE_USERS', 'Manage users' UNION ALL
+ SELECT 'AMBARI.MANAGE_GROUPS', 'Manage groups' UNION ALL
+ SELECT 'AMBARI.MANAGE_VIEWS', 'Manage Ambari Views' UNION ALL
+ SELECT 'AMBARI.ASSIGN_ROLES', 'Assign roles' UNION ALL
+ SELECT 'AMBARI.MANAGE_STACK_VERSIONS', 'Manage stack versions' UNION ALL
+ SELECT 'AMBARI.EDIT_STACK_REPOS', 'Edit stack repository URLs';
+
+ -- Set authorizations for View User role
+ INSERT INTO permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'VIEW.USE' FROM adminpermission WHERE permission_name='VIEW.USER';
+
+ -- Set authorizations for Cluster User role
+ INSERT INTO permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'SERVICE.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'SERVICE.COMPARE_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.USER';
+
+ -- Set authorizations for Service Operator role
+ INSERT INTO permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'SERVICE.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.COMPARE_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.START_STOP' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.DECOMMISSION_RECOMMISSION' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_SERVICE_CHECK' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR';
+
+ -- Set authorizations for Service Administrator role
+ INSERT INTO permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'SERVICE.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.COMPARE_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.START_STOP' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.DECOMMISSION_RECOMMISSION' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_SERVICE_CHECK' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR';
+
+ -- Set authorizations for Cluster Operator role
+ INSERT INTO permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'SERVICE.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.COMPARE_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.START_STOP' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.DECOMMISSION_RECOMMISSION' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_SERVICE_CHECK' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.ADD_DELETE_COMPONENTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.ADD_DELETE_HOSTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR';
+
+ -- Set authorizations for Cluster Administrator role
+ INSERT INTO permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'SERVICE.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.COMPARE_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.START_STOP' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.DECOMMISSION_RECOMMISSION' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_SERVICE_CHECK' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.ADD_DELETE_SERVICES' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.ADD_DELETE_COMPONENTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.ADD_DELETE_HOSTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR';
+
+ -- Set authorizations for Administrator role
+ INSERT INTO permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'VIEW.USE' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_METRICS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.COMPARE_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.START_STOP' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.DECOMMISSION_RECOMMISSION' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_SERVICE_CHECK' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.ADD_DELETE_SERVICES' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.ADD_DELETE_COMPONENTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.ADD_DELETE_HOSTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_METRICS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.ADD_DELETE_CLUSTERS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.SET_SERVICE_USERS_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.RENAME_CLUSTER' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.MANAGE_USERS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.MANAGE_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.MANAGE_VIEWS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.ASSIGN_ROLES' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.MANAGE_STACK_VERSIONS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.EDIT_STACK_REPOS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR';
+
insert into adminprivilege (privilege_id, permission_id, resource_id, principal_id)
select 1, 1, 1, 1;
http://git-wip-us.apache.org/repos/asf/ambari/blob/d08107d7/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql
index 9cde02c..7dd9914 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql
@@ -621,6 +621,16 @@ CREATE TABLE adminpermission (
PRIMARY KEY CLUSTERED (permission_id)
);
+CREATE TABLE roleauthorization (
+ authorization_id VARCHAR(100) NOT NULL,
+ authorization_name VARCHAR(255) NOT NULL,
+ PRIMARY KEY(authorization_id));
+
+CREATE TABLE permission_roleauthorization (
+ permission_id BIGINT NOT NULL,
+ authorization_id VARCHAR(100) NOT NULL,
+ PRIMARY KEY(permission_id, authorization_id));
+
CREATE TABLE adminprivilege (
privilege_id BIGINT,
permission_id BIGINT NOT NULL,
@@ -817,6 +827,8 @@ ALTER TABLE viewentity ADD CONSTRAINT FK_viewentity_view_name FOREIGN KEY (view_
ALTER TABLE adminresource ADD CONSTRAINT FK_resource_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id);
ALTER TABLE adminprincipal ADD CONSTRAINT FK_principal_principal_type_id FOREIGN KEY (principal_type_id) REFERENCES adminprincipaltype(principal_type_id);
ALTER TABLE adminpermission ADD CONSTRAINT FK_permission_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id);
+ALTER TABLE permission_roleauthorization ADD CONSTRAINT FK_permission_roleauthorization_permission_id FOREIGN KEY (permission_id) REFERENCES adminpermission(permission_id);
+ALTER TABLE permission_roleauthorization ADD CONSTRAINT FK_permission_roleauthorization_authorization_id FOREIGN KEY (authorization_id) REFERENCES roleauthorization(authorization_id);
ALTER TABLE adminprivilege ADD CONSTRAINT FK_privilege_permission_id FOREIGN KEY (permission_id) REFERENCES adminpermission(permission_id);
ALTER TABLE adminprivilege ADD CONSTRAINT FK_privilege_resource_id FOREIGN KEY (resource_id) REFERENCES adminresource(resource_id);
ALTER TABLE viewmain ADD CONSTRAINT FK_view_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id);
@@ -1100,7 +1112,224 @@ BEGIN TRANSACTION
(1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator'),
(2, 'CLUSTER.USER', 2, 'Cluster User'),
(3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator'),
- (4, 'VIEW.USER', 3, 'View User');
+ (4, 'VIEW.USER', 3, 'View User'),
+ (5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator'),
+ (6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator'),
+ (7, 'SERVICE.OPERATOR', 2, 'Service Operator');
+
+ INSERT INTO roleauthorization(authorization_id, authorization_name)
+ SELECT 'VIEW.USE', 'Use View' UNION ALL
+ SELECT 'SERVICE.VIEW_METRICS', 'View metrics' UNION ALL
+ SELECT 'SERVICE.VIEW_STATUS_INFO', 'View status information' UNION ALL
+ SELECT 'SERVICE.VIEW_CONFIGS', 'View configurations' UNION ALL
+ SELECT 'SERVICE.COMPARE_CONFIGS', 'Compare configurations' UNION ALL
+ SELECT 'SERVICE.VIEW_ALERTS', 'View service alerts' UNION ALL
+ SELECT 'SERVICE.START_STOP', 'Start/Stop/Restart Service' UNION ALL
+ SELECT 'SERVICE.DECOMMISSION_RECOMMISSION', 'Decommission/recommission' UNION ALL
+ SELECT 'SERVICE.RUN_SERVICE_CHECK', 'Run service checks' UNION ALL
+ SELECT 'SERVICE.TOGGLE_MAINTENANCE', 'Turn on/off maintenance mode' UNION ALL
+ SELECT 'SERVICE.RUN_CUSTOM_COMMAND', 'Perform service-specific tasks' UNION ALL
+ SELECT 'SERVICE.MODIFY_CONFIGS', 'Modify configurations' UNION ALL
+ SELECT 'SERVICE.MANAGE_CONFIG_GROUPS', 'Manage configuration groups' UNION ALL
+ SELECT 'SERVICE.MOVE', 'Move service to another host' UNION ALL
+ SELECT 'SERVICE.ENABLE_HA', 'Enable HA' UNION ALL
+ SELECT 'SERVICE.TOGGLE_ALERTS', 'Enable/disable service alerts' UNION ALL
+ SELECT 'SERVICE.ADD_DELETE_SERVICES', 'Add Service to cluster' UNION ALL
+ SELECT 'HOST.VIEW_METRICS', 'View metrics' UNION ALL
+ SELECT 'HOST.VIEW_STATUS_INFO', 'View status information' UNION ALL
+ SELECT 'HOST.VIEW_CONFIGS', 'View configuration' UNION ALL
+ SELECT 'HOST.TOGGLE_MAINTENANCE', 'Turn on/off maintenance mode' UNION ALL
+ SELECT 'HOST.ADD_DELETE_COMPONENTS', 'Install components' UNION ALL
+ SELECT 'HOST.ADD_DELETE_HOSTS', 'Add/Delete hosts' UNION ALL
+ SELECT 'CLUSTER.VIEW_METRICS', 'View metrics' UNION ALL
+ SELECT 'CLUSTER.VIEW_STATUS_INFO', 'View status information' UNION ALL
+ SELECT 'CLUSTER.VIEW_CONFIGS', 'View configuration' UNION ALL
+ SELECT 'CLUSTER.VIEW_STACK_DETAILS', 'View stack version details' UNION ALL
+ SELECT 'CLUSTER.VIEW_ALERTS', 'View alerts' UNION ALL
+ SELECT 'CLUSTER.TOGGLE_ALERTS', 'Enable/disable alerts' UNION ALL
+ SELECT 'CLUSTER.TOGGLE_KERBEROS', 'Enable/disable Kerberos' UNION ALL
+ SELECT 'CLUSTER.UPGRADE_DOWNGRADE_STACK', 'Upgrade/downgrade stack' UNION ALL
+ SELECT 'AMBARI.ADD_DELETE_CLUSTERS', 'Create new clusters' UNION ALL
+ SELECT 'AMBARI.SET_SERVICE_USERS_GROUPS', 'Set service users and groups' UNION ALL
+ SELECT 'AMBARI.RENAME_CLUSTER', 'Rename clusters' UNION ALL
+ SELECT 'AMBARI.MANAGE_USERS', 'Manage users' UNION ALL
+ SELECT 'AMBARI.MANAGE_GROUPS', 'Manage groups' UNION ALL
+ SELECT 'AMBARI.MANAGE_VIEWS', 'Manage Ambari Views' UNION ALL
+ SELECT 'AMBARI.ASSIGN_ROLES', 'Assign roles' UNION ALL
+ SELECT 'AMBARI.MANAGE_STACK_VERSIONS', 'Manage stack versions' UNION ALL
+ SELECT 'AMBARI.EDIT_STACK_REPOS', 'Edit stack repository URLs';
+
+ -- Set authorizations for View User role
+ INSERT INTO permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'VIEW.USE' FROM adminpermission WHERE permission_name='VIEW.USER';
+
+ -- Set authorizations for Cluster User role
+ INSERT INTO permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'SERVICE.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'SERVICE.COMPARE_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.USER';
+
+ -- Set authorizations for Service Operator role
+ INSERT INTO permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'SERVICE.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.COMPARE_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.START_STOP' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.DECOMMISSION_RECOMMISSION' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_SERVICE_CHECK' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR';
+
+ -- Set authorizations for Service Administrator role
+ INSERT INTO permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'SERVICE.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.COMPARE_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.START_STOP' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.DECOMMISSION_RECOMMISSION' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_SERVICE_CHECK' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR';
+
+ -- Set authorizations for Cluster Operator role
+ INSERT INTO permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'SERVICE.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.COMPARE_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.START_STOP' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.DECOMMISSION_RECOMMISSION' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_SERVICE_CHECK' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.ADD_DELETE_COMPONENTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.ADD_DELETE_HOSTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR';
+
+ -- Set authorizations for Cluster Administrator role
+ INSERT INTO permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'SERVICE.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.COMPARE_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.START_STOP' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.DECOMMISSION_RECOMMISSION' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_SERVICE_CHECK' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.ADD_DELETE_SERVICES' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.ADD_DELETE_COMPONENTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.ADD_DELETE_HOSTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR';
+
+ -- Set authorizations for Administrator role
+ INSERT INTO permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'VIEW.USE' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_METRICS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.COMPARE_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.START_STOP' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.DECOMMISSION_RECOMMISSION' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_SERVICE_CHECK' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.ADD_DELETE_SERVICES' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.ADD_DELETE_COMPONENTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.ADD_DELETE_HOSTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_METRICS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.ADD_DELETE_CLUSTERS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.SET_SERVICE_USERS_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.RENAME_CLUSTER' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.MANAGE_USERS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.MANAGE_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.MANAGE_VIEWS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.ASSIGN_ROLES' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.MANAGE_STACK_VERSIONS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.EDIT_STACK_REPOS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR';
insert into adminprivilege (privilege_id, permission_id, resource_id, principal_id)
select 1, 1, 1, 1;
http://git-wip-us.apache.org/repos/asf/ambari/blob/d08107d7/ambari-server/src/main/resources/META-INF/persistence.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/META-INF/persistence.xml b/ambari-server/src/main/resources/META-INF/persistence.xml
index 3357f21..3979bc0 100644
--- a/ambari-server/src/main/resources/META-INF/persistence.xml
+++ b/ambari-server/src/main/resources/META-INF/persistence.xml
@@ -49,6 +49,7 @@
<class>org.apache.ambari.server.orm.entities.MemberEntity</class>
<class>org.apache.ambari.server.orm.entities.MetainfoEntity</class>
<class>org.apache.ambari.server.orm.entities.PermissionEntity</class>
+ <class>org.apache.ambari.server.orm.entities.RoleAuthorizationEntity</class>
<class>org.apache.ambari.server.orm.entities.PrincipalEntity</class>
<class>org.apache.ambari.server.orm.entities.PrincipalTypeEntity</class>
<class>org.apache.ambari.server.orm.entities.PrivilegeEntity</class>
http://git-wip-us.apache.org/repos/asf/ambari/blob/d08107d7/ambari-server/src/test/java/org/apache/ambari/server/api/services/RoleAuthorizationServiceTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/api/services/RoleAuthorizationServiceTest.java b/ambari-server/src/test/java/org/apache/ambari/server/api/services/RoleAuthorizationServiceTest.java
new file mode 100644
index 0000000..ed7b7c9
--- /dev/null
+++ b/ambari-server/src/test/java/org/apache/ambari/server/api/services/RoleAuthorizationServiceTest.java
@@ -0,0 +1,86 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.api.services;
+
+import org.apache.ambari.server.api.resources.ResourceInstance;
+import org.apache.ambari.server.api.services.parsers.RequestBodyParser;
+import org.apache.ambari.server.api.services.serializers.ResultSerializer;
+
+import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.UriInfo;
+import java.lang.reflect.Method;
+import java.util.ArrayList;
+import java.util.List;
+
+import static org.junit.Assert.assertEquals;
+
+
+/**
+ * Unit tests for RoleAuthorizationService.
+ */
+public class RoleAuthorizationServiceTest extends BaseServiceTest {
+
+ public List<ServiceTestInvocation> getTestInvocations() throws Exception {
+ List<ServiceTestInvocation> listInvocations = new ArrayList<ServiceTestInvocation>();
+
+ //getAuthorization
+ RoleAuthorizationService service = new TestRoleAuthorizationService("id");
+ Method m = service.getClass().getMethod("getAuthorization", HttpHeaders.class, UriInfo.class, String.class);
+ Object[] args = new Object[] {getHttpHeaders(), getUriInfo(), "id"};
+ listInvocations.add(new ServiceTestInvocation(Request.Type.GET, service, m, args, null));
+
+ //getAuthorizations
+ service = new TestRoleAuthorizationService(null);
+ m = service.getClass().getMethod("getAuthorizations", HttpHeaders.class, UriInfo.class);
+ args = new Object[] {getHttpHeaders(), getUriInfo()};
+ listInvocations.add(new ServiceTestInvocation(Request.Type.GET, service, m, args, null));
+
+ return listInvocations;
+ }
+
+
+ private class TestRoleAuthorizationService extends RoleAuthorizationService {
+ private String id;
+
+ private TestRoleAuthorizationService(String id) {
+ this.id = id;
+ }
+
+ @Override
+ protected ResourceInstance createAuthorizationResource(String id) {
+ assertEquals(this.id, id);
+ return getTestResource();
+ }
+
+ @Override
+ RequestFactory getRequestFactory() {
+ return getTestRequestFactory();
+ }
+
+ @Override
+ protected RequestBodyParser getBodyParser() {
+ return getTestBodyParser();
+ }
+
+ @Override
+ protected ResultSerializer getResultSerializer() {
+ return getTestResultSerializer();
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/ambari/blob/d08107d7/ambari-server/src/test/java/org/apache/ambari/server/api/services/UserAuthorizationServiceTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/api/services/UserAuthorizationServiceTest.java b/ambari-server/src/test/java/org/apache/ambari/server/api/services/UserAuthorizationServiceTest.java
new file mode 100644
index 0000000..9627d19
--- /dev/null
+++ b/ambari-server/src/test/java/org/apache/ambari/server/api/services/UserAuthorizationServiceTest.java
@@ -0,0 +1,87 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.api.services;
+
+import org.apache.ambari.server.api.resources.ResourceInstance;
+import org.apache.ambari.server.api.services.parsers.RequestBodyParser;
+import org.apache.ambari.server.api.services.serializers.ResultSerializer;
+
+import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.UriInfo;
+import java.lang.reflect.Method;
+import java.util.ArrayList;
+import java.util.List;
+
+import static org.junit.Assert.assertEquals;
+
+
+/**
+ * Unit tests for UserAuthorizationService.
+ */
+public class UserAuthorizationServiceTest extends BaseServiceTest {
+
+ public List<ServiceTestInvocation> getTestInvocations() throws Exception {
+ List<ServiceTestInvocation> listInvocations = new ArrayList<ServiceTestInvocation>();
+
+ //getAuthorization
+ UserAuthorizationService service = new TestUserAuthorizationService("id");
+ Method m = service.getClass().getMethod("getAuthorization", HttpHeaders.class, UriInfo.class, String.class);
+ Object[] args = new Object[] {getHttpHeaders(), getUriInfo(), "id"};
+ listInvocations.add(new ServiceTestInvocation(Request.Type.GET, service, m, args, null));
+
+ //getAuthorizations
+ service = new TestUserAuthorizationService(null);
+ m = service.getClass().getMethod("getAuthorizations", HttpHeaders.class, UriInfo.class);
+ args = new Object[] {getHttpHeaders(), getUriInfo()};
+ listInvocations.add(new ServiceTestInvocation(Request.Type.GET, service, m, args, null));
+
+ return listInvocations;
+ }
+
+
+ private class TestUserAuthorizationService extends UserAuthorizationService {
+ private String id;
+
+ private TestUserAuthorizationService(String id) {
+ super("jdoe");
+ this.id = id;
+ }
+
+ @Override
+ protected ResourceInstance createAuthorizationResource(String id) {
+ assertEquals(this.id, id);
+ return getTestResource();
+ }
+
+ @Override
+ RequestFactory getRequestFactory() {
+ return getTestRequestFactory();
+ }
+
+ @Override
+ protected RequestBodyParser getBodyParser() {
+ return getTestBodyParser();
+ }
+
+ @Override
+ protected ResultSerializer getResultSerializer() {
+ return getTestResultSerializer();
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/ambari/blob/d08107d7/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/RoleAuthorizationResourceProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/RoleAuthorizationResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/RoleAuthorizationResourceProviderTest.java
new file mode 100644
index 0000000..23afa8f
--- /dev/null
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/RoleAuthorizationResourceProviderTest.java
@@ -0,0 +1,202 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.controller.internal;
+
+import com.google.inject.AbstractModule;
+import com.google.inject.Guice;
+import com.google.inject.Injector;
+import com.google.inject.util.Modules;
+import org.apache.ambari.server.controller.AmbariManagementController;
+import org.apache.ambari.server.controller.spi.Predicate;
+import org.apache.ambari.server.controller.spi.Request;
+import org.apache.ambari.server.controller.spi.Resource;
+import org.apache.ambari.server.controller.utilities.PredicateBuilder;
+import org.apache.ambari.server.controller.utilities.PropertyHelper;
+import org.apache.ambari.server.orm.DBAccessor;
+import org.apache.ambari.server.orm.InMemoryDefaultTestModule;
+import org.apache.ambari.server.orm.dao.PermissionDAO;
+import org.apache.ambari.server.orm.dao.ResourceTypeDAO;
+import org.apache.ambari.server.orm.dao.RoleAuthorizationDAO;
+import org.apache.ambari.server.orm.entities.PermissionEntity;
+import org.apache.ambari.server.orm.entities.RoleAuthorizationEntity;
+import org.easymock.EasyMockSupport;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+
+import javax.persistence.EntityManager;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Set;
+
+import static org.easymock.EasyMock.*;
+
+
+/**
+ * RoleAuthorizationResourceProvider tests.
+ */
+public class RoleAuthorizationResourceProviderTest extends EasyMockSupport {
+ private static Injector injector;
+
+ @Before
+ public void setup() {
+ reset();
+
+ injector = Guice.createInjector(Modules.override(new InMemoryDefaultTestModule())
+ .with(new AbstractModule() {
+ @Override
+ protected void configure() {
+ AmbariManagementController managementController = createNiceMock(AmbariManagementController.class);
+
+ bind(AmbariManagementController.class).toInstance(managementController);
+ bind(DBAccessor.class).toInstance(createNiceMock(DBAccessor.class));
+ bind(EntityManager.class).toInstance(createNiceMock(EntityManager.class));
+ bind(PermissionDAO.class).toInstance(createStrictMock(PermissionDAO.class));
+ bind(RoleAuthorizationDAO.class).toInstance(createStrictMock(RoleAuthorizationDAO.class));
+ }
+ }));
+ }
+
+
+ @Test
+ public void testGetResources() throws Exception {
+ RoleAuthorizationEntity roleAuthorizationEntity = createNiceMock(RoleAuthorizationEntity.class);
+ expect(roleAuthorizationEntity.getAuthorizationId()).andReturn("TEST.DO_SOMETHING");
+ expect(roleAuthorizationEntity.getAuthorizationName()).andReturn("Do Something");
+
+ List<RoleAuthorizationEntity> authorizationEntities = new ArrayList<RoleAuthorizationEntity>();
+ authorizationEntities.add(roleAuthorizationEntity);
+
+ RoleAuthorizationDAO roleAuthorizationDAO = injector.getInstance(RoleAuthorizationDAO.class);
+ expect(roleAuthorizationDAO.findAll()).andReturn(authorizationEntities);
+
+ replayAll();
+
+ AmbariManagementController managementController = injector.getInstance(AmbariManagementController.class);
+ RoleAuthorizationResourceProvider provider = new RoleAuthorizationResourceProvider(managementController);
+ injector.injectMembers(provider);
+
+ Set<Resource> resources = provider.getResources(PropertyHelper.getReadRequest(), null);
+
+ Assert.assertEquals(1, resources.size());
+ Resource resource = resources.iterator().next();
+
+ Assert.assertEquals("TEST.DO_SOMETHING", resource.getPropertyValue(RoleAuthorizationResourceProvider.AUTHORIZATION_ID_PROPERTY_ID));
+ Assert.assertEquals("Do Something", resource.getPropertyValue(RoleAuthorizationResourceProvider.AUTHORIZATION_NAME_PROPERTY_ID));
+ Assert.assertNull(resource.getPropertyValue(RoleAuthorizationResourceProvider.PERMISSION_ID_PROPERTY_ID));
+
+ verifyAll();
+ }
+
+ @Test
+ public void testGetResourcesForPermission() throws Exception {
+ RoleAuthorizationEntity roleAuthorizationEntity = createNiceMock(RoleAuthorizationEntity.class);
+ expect(roleAuthorizationEntity.getAuthorizationId()).andReturn("TEST.DO_SOMETHING").once();
+ expect(roleAuthorizationEntity.getAuthorizationName()).andReturn("Do Something").once();
+
+ List<RoleAuthorizationEntity> authorizationEntities = new ArrayList<RoleAuthorizationEntity>();
+ authorizationEntities.add(roleAuthorizationEntity);
+
+ PermissionEntity permissionEntry = createStrictMock(PermissionEntity.class);
+ expect(permissionEntry.getAuthorizations()).andReturn(authorizationEntities).once();
+
+ PermissionDAO permissionDAO = injector.getInstance(PermissionDAO.class);
+ expect(permissionDAO.findById(1)).andReturn(permissionEntry).once();
+
+ replayAll();
+
+ AmbariManagementController managementController = injector.getInstance(AmbariManagementController.class);
+ RoleAuthorizationResourceProvider provider = new RoleAuthorizationResourceProvider(managementController);
+
+ Predicate predicate = new PredicateBuilder()
+ .property(RoleAuthorizationResourceProvider.PERMISSION_ID_PROPERTY_ID).equals("1")
+ .toPredicate();
+
+ Set<Resource> resources = provider.getResources(PropertyHelper.getReadRequest(), predicate);
+
+ Assert.assertEquals(1, resources.size());
+ Resource resource = resources.iterator().next();
+
+ Assert.assertEquals("TEST.DO_SOMETHING", resource.getPropertyValue(RoleAuthorizationResourceProvider.AUTHORIZATION_ID_PROPERTY_ID));
+ Assert.assertEquals("Do Something", resource.getPropertyValue(RoleAuthorizationResourceProvider.AUTHORIZATION_NAME_PROPERTY_ID));
+ Assert.assertEquals(1, resource.getPropertyValue(RoleAuthorizationResourceProvider.PERMISSION_ID_PROPERTY_ID));
+
+ verifyAll();
+ }
+
+ @Test
+ public void testGetResource() throws Exception {
+ RoleAuthorizationEntity roleAuthorizationEntity1 = createNiceMock(RoleAuthorizationEntity.class);
+ expect(roleAuthorizationEntity1.getAuthorizationId()).andReturn("TEST.DO_SOMETHING").anyTimes();
+ expect(roleAuthorizationEntity1.getAuthorizationName()).andReturn("Do Something").anyTimes();
+
+ RoleAuthorizationEntity roleAuthorizationEntity2 = createNiceMock(RoleAuthorizationEntity.class);
+ expect(roleAuthorizationEntity2.getAuthorizationId()).andReturn("TEST.DO_SOMETHING_ELSE").anyTimes();
+ expect(roleAuthorizationEntity2.getAuthorizationName()).andReturn("Do Something Else").anyTimes();
+
+ List<RoleAuthorizationEntity> authorizationEntities = new ArrayList<RoleAuthorizationEntity>();
+ authorizationEntities.add(roleAuthorizationEntity1);
+ authorizationEntities.add(roleAuthorizationEntity2);
+
+ PermissionEntity permissionEntry = createStrictMock(PermissionEntity.class);
+ expect(permissionEntry.getAuthorizations()).andReturn(authorizationEntities).once();
+
+ PermissionDAO permissionDAO = injector.getInstance(PermissionDAO.class);
+ expect(permissionDAO.findById(1)).andReturn(permissionEntry).once();
+
+ replayAll();
+
+ AmbariManagementController managementController = injector.getInstance(AmbariManagementController.class);
+ RoleAuthorizationResourceProvider provider = new RoleAuthorizationResourceProvider(managementController);
+
+ Predicate predicate = new PredicateBuilder().begin()
+ .property(RoleAuthorizationResourceProvider.AUTHORIZATION_ID_PROPERTY_ID).equals("TEST.DO_SOMETHING")
+ .and()
+ .property(RoleAuthorizationResourceProvider.PERMISSION_ID_PROPERTY_ID).equals("1")
+ .end()
+ .toPredicate();
+
+ Set<Resource> resources = provider.getResources(PropertyHelper.getReadRequest(), predicate);
+
+ Assert.assertEquals(1, resources.size());
+ Resource resource = resources.iterator().next();
+
+ Assert.assertEquals("TEST.DO_SOMETHING", resource.getPropertyValue(RoleAuthorizationResourceProvider.AUTHORIZATION_ID_PROPERTY_ID));
+ Assert.assertEquals("Do Something", resource.getPropertyValue(RoleAuthorizationResourceProvider.AUTHORIZATION_NAME_PROPERTY_ID));
+ Assert.assertEquals(1, resource.getPropertyValue(RoleAuthorizationResourceProvider.PERMISSION_ID_PROPERTY_ID));
+
+ verifyAll();
+ }
+
+ @Test(expected = org.apache.ambari.server.controller.spi.SystemException.class)
+ public void testUpdateResources() throws Exception {
+ replayAll();
+ AmbariManagementController managementController = injector.getInstance(AmbariManagementController.class);
+ RoleAuthorizationResourceProvider provider = new RoleAuthorizationResourceProvider(managementController);
+ provider.updateResources(createNiceMock(Request.class), null);
+ }
+
+ @Test(expected = org.apache.ambari.server.controller.spi.SystemException.class)
+ public void testDeleteResources() throws Exception {
+ replayAll();
+ AmbariManagementController managementController = injector.getInstance(AmbariManagementController.class);
+ RoleAuthorizationResourceProvider provider = new RoleAuthorizationResourceProvider(managementController);
+ provider.deleteResources(null);
+ }
+}
http://git-wip-us.apache.org/repos/asf/ambari/blob/d08107d7/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserAuthorizationResourceProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserAuthorizationResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserAuthorizationResourceProviderTest.java
new file mode 100644
index 0000000..e71c219
--- /dev/null
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserAuthorizationResourceProviderTest.java
@@ -0,0 +1,315 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.controller.internal;
+
+import com.google.inject.AbstractModule;
+import com.google.inject.Guice;
+import com.google.inject.Injector;
+import com.google.inject.util.Modules;
+import org.apache.ambari.server.controller.AmbariManagementController;
+import org.apache.ambari.server.controller.spi.ClusterController;
+import org.apache.ambari.server.controller.spi.Predicate;
+import org.apache.ambari.server.controller.spi.Request;
+import org.apache.ambari.server.controller.spi.Resource;
+import org.apache.ambari.server.controller.spi.ResourceProvider;
+import org.apache.ambari.server.controller.utilities.PredicateBuilder;
+import org.apache.ambari.server.controller.utilities.PropertyHelper;
+import org.apache.ambari.server.orm.DBAccessor;
+import org.apache.ambari.server.orm.InMemoryDefaultTestModule;
+import org.apache.ambari.server.orm.dao.PermissionDAO;
+import org.apache.ambari.server.orm.dao.ResourceTypeDAO;
+import org.apache.ambari.server.orm.entities.PermissionEntity;
+import org.apache.ambari.server.orm.entities.ResourceTypeEntity;
+import org.apache.ambari.server.orm.entities.RoleAuthorizationEntity;
+import org.easymock.EasyMockSupport;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+
+import javax.persistence.EntityManager;
+import java.lang.reflect.Field;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.LinkedList;
+import java.util.Set;
+
+import static org.easymock.EasyMock.*;
+
+
+/**
+ * UserAuthorizationResourceProvider tests.
+ */
+public class UserAuthorizationResourceProviderTest extends EasyMockSupport {
+ private Injector injector;
+
+ @Before
+ public void setup() {
+ reset();
+
+ injector = Guice.createInjector(Modules.override(new InMemoryDefaultTestModule())
+ .with(new AbstractModule() {
+ @Override
+ protected void configure() {
+ AmbariManagementController managementController = createNiceMock(AmbariManagementController.class);
+
+ bind(AmbariManagementController.class).toInstance(managementController);
+ bind(DBAccessor.class).toInstance(createNiceMock(DBAccessor.class));
+ bind(EntityManager.class).toInstance(createNiceMock(EntityManager.class));
+ bind(PermissionDAO.class).toInstance(createMock(PermissionDAO.class));
+ bind(ResourceTypeDAO.class).toInstance(createMock(ResourceTypeDAO.class));
+ }
+ }));
+ }
+
+
+ @Test
+ public void testGetResources() throws Exception {
+
+ Resource clusterResource = createMock(Resource.class);
+ expect(clusterResource.getPropertyValue(UserPrivilegeResourceProvider.PRIVILEGE_PERMISSION_NAME_PROPERTY_ID))
+ .andReturn("CLUSTER.DO_SOMETHING")
+ .anyTimes();
+ expect(clusterResource.getPropertyValue(UserPrivilegeResourceProvider.PRIVILEGE_TYPE_PROPERTY_ID))
+ .andReturn("CLUSTER")
+ .anyTimes();
+ expect(clusterResource.getPropertyValue(UserPrivilegeResourceProvider.PRIVILEGE_CLUSTER_NAME_PROPERTY_ID))
+ .andReturn("Cluster Name")
+ .anyTimes();
+
+ Resource viewResource = createMock(Resource.class);
+ expect(viewResource.getPropertyValue(UserPrivilegeResourceProvider.PRIVILEGE_PERMISSION_NAME_PROPERTY_ID))
+ .andReturn("VIEW.DO_SOMETHING")
+ .anyTimes();
+ expect(viewResource.getPropertyValue(UserPrivilegeResourceProvider.PRIVILEGE_TYPE_PROPERTY_ID))
+ .andReturn("VIEW")
+ .anyTimes();
+ expect(viewResource.getPropertyValue(UserPrivilegeResourceProvider.PRIVILEGE_VIEW_NAME_PROPERTY_ID))
+ .andReturn("View Name")
+ .anyTimes();
+ expect(viewResource.getPropertyValue(UserPrivilegeResourceProvider.PRIVILEGE_VIEW_VERSION_PROPERTY_ID))
+ .andReturn("View Version")
+ .anyTimes();
+ expect(viewResource.getPropertyValue(UserPrivilegeResourceProvider.PRIVILEGE_INSTANCE_NAME_PROPERTY_ID))
+ .andReturn("View Instance Name")
+ .anyTimes();
+
+ Resource adminResource = createMock(Resource.class);
+ expect(adminResource.getPropertyValue(UserPrivilegeResourceProvider.PRIVILEGE_PERMISSION_NAME_PROPERTY_ID))
+ .andReturn("ADMIN.DO_SOMETHING")
+ .anyTimes();
+ expect(adminResource.getPropertyValue(UserPrivilegeResourceProvider.PRIVILEGE_TYPE_PROPERTY_ID))
+ .andReturn("ADMIN")
+ .anyTimes();
+ expect(adminResource.getPropertyValue(UserPrivilegeResourceProvider.PRIVILEGE_CLUSTER_NAME_PROPERTY_ID))
+ .andReturn(null)
+ .anyTimes();
+
+ Resource emptyResource = createMock(Resource.class);
+ expect(emptyResource.getPropertyValue(UserPrivilegeResourceProvider.PRIVILEGE_PERMISSION_NAME_PROPERTY_ID))
+ .andReturn("EMPTY.DO_SOMETHING")
+ .anyTimes();
+ expect(emptyResource.getPropertyValue(UserPrivilegeResourceProvider.PRIVILEGE_TYPE_PROPERTY_ID))
+ .andReturn("ADMIN")
+ .anyTimes();
+ expect(emptyResource.getPropertyValue(UserPrivilegeResourceProvider.PRIVILEGE_CLUSTER_NAME_PROPERTY_ID))
+ .andReturn(null)
+ .anyTimes();
+
+ Resource nullResource = createMock(Resource.class);
+ expect(nullResource.getPropertyValue(UserPrivilegeResourceProvider.PRIVILEGE_PERMISSION_NAME_PROPERTY_ID))
+ .andReturn("NULL.DO_SOMETHING")
+ .anyTimes();
+ expect(nullResource.getPropertyValue(UserPrivilegeResourceProvider.PRIVILEGE_TYPE_PROPERTY_ID))
+ .andReturn("ADMIN")
+ .anyTimes();
+ expect(nullResource.getPropertyValue(UserPrivilegeResourceProvider.PRIVILEGE_CLUSTER_NAME_PROPERTY_ID))
+ .andReturn(null)
+ .anyTimes();
+
+ Set<Resource> userPrivilegeResources = new HashSet<Resource>();
+ userPrivilegeResources.add(clusterResource);
+ userPrivilegeResources.add(viewResource);
+ userPrivilegeResources.add(adminResource);
+ userPrivilegeResources.add(emptyResource);
+ userPrivilegeResources.add(nullResource);
+
+ ResourceProvider userPrivilegeProvider = createMock(ResourceProvider.class);
+ expect(userPrivilegeProvider.getResources(anyObject(Request.class), anyObject(Predicate.class)))
+ .andReturn(userPrivilegeResources);
+
+ ClusterController clusterController = createMock(ClusterController.class);
+ expect(clusterController.ensureResourceProvider(Resource.Type.UserPrivilege))
+ .andReturn(userPrivilegeProvider)
+ .anyTimes();
+
+ ResourceTypeEntity clusterResourceTypeEntity = createMock(ResourceTypeEntity.class);
+ expect(clusterResourceTypeEntity.getId()).andReturn(1).anyTimes();
+
+ ResourceTypeEntity viewResourceTypeEntity = createMock(ResourceTypeEntity.class);
+ expect(viewResourceTypeEntity.getId()).andReturn(2).anyTimes();
+
+ ResourceTypeEntity adminResourceTypeEntity = createMock(ResourceTypeEntity.class);
+ expect(adminResourceTypeEntity.getId()).andReturn(3).anyTimes();
+
+ ResourceTypeDAO resourceTypeDAO = injector.getInstance(ResourceTypeDAO.class);
+ expect(resourceTypeDAO.findByName("CLUSTER")).andReturn(clusterResourceTypeEntity).anyTimes();
+ expect(resourceTypeDAO.findByName("VIEW")).andReturn(viewResourceTypeEntity).anyTimes();
+ expect(resourceTypeDAO.findByName("ADMIN")).andReturn(adminResourceTypeEntity).anyTimes();
+
+ RoleAuthorizationEntity clusterRoleAuthorizationEntity = createMock(RoleAuthorizationEntity.class);
+ expect(clusterRoleAuthorizationEntity.getAuthorizationId()).andReturn("CLUSTER.DO_SOMETHING").anyTimes();
+ expect(clusterRoleAuthorizationEntity.getAuthorizationName()).andReturn("CLUSTER DO_SOMETHING").anyTimes();
+
+ RoleAuthorizationEntity viewRoleAuthorizationEntity = createMock(RoleAuthorizationEntity.class);
+ expect(viewRoleAuthorizationEntity.getAuthorizationId()).andReturn("VIEW.DO_SOMETHING").anyTimes();
+ expect(viewRoleAuthorizationEntity.getAuthorizationName()).andReturn("VIEW DO_SOMETHING").anyTimes();
+
+ RoleAuthorizationEntity adminRoleAuthorizationEntity = createMock(RoleAuthorizationEntity.class);
+ expect(adminRoleAuthorizationEntity.getAuthorizationId()).andReturn("ADMIN.DO_SOMETHING").anyTimes();
+ expect(adminRoleAuthorizationEntity.getAuthorizationName()).andReturn("ADMIN DO_SOMETHING").anyTimes();
+
+ Collection<RoleAuthorizationEntity> clusterPermissionAuthorizations = Collections.singleton(clusterRoleAuthorizationEntity);
+ Collection<RoleAuthorizationEntity> viewPermissionAuthorizations = Collections.singleton(viewRoleAuthorizationEntity);
+ Collection<RoleAuthorizationEntity> adminPermissionAuthorizations = Collections.singleton(adminRoleAuthorizationEntity);
+
+ PermissionEntity clusterPermissionEntity = createMock(PermissionEntity.class);
+ expect(clusterPermissionEntity.getAuthorizations())
+ .andReturn(clusterPermissionAuthorizations)
+ .anyTimes();
+
+ PermissionEntity viewPermissionEntity = createMock(PermissionEntity.class);
+ expect(viewPermissionEntity.getAuthorizations())
+ .andReturn(viewPermissionAuthorizations)
+ .anyTimes();
+
+ PermissionEntity adminPermissionEntity = createMock(PermissionEntity.class);
+ expect(adminPermissionEntity.getAuthorizations())
+ .andReturn(adminPermissionAuthorizations)
+ .anyTimes();
+
+ PermissionEntity emptyPermissionEntity = createMock(PermissionEntity.class);
+ expect(emptyPermissionEntity.getAuthorizations())
+ .andReturn(Collections.<RoleAuthorizationEntity>emptyList())
+ .anyTimes();
+
+ PermissionEntity nullPermissionEntity = createMock(PermissionEntity.class);
+ expect(nullPermissionEntity.getAuthorizations())
+ .andReturn(null)
+ .anyTimes();
+
+ PermissionDAO permissionDAO = injector.getInstance(PermissionDAO.class);
+ expect(permissionDAO.findPermissionByNameAndType("CLUSTER.DO_SOMETHING", clusterResourceTypeEntity))
+ .andReturn(clusterPermissionEntity)
+ .anyTimes();
+ expect(permissionDAO.findPermissionByNameAndType("VIEW.DO_SOMETHING", viewResourceTypeEntity))
+ .andReturn(viewPermissionEntity)
+ .anyTimes();
+ expect(permissionDAO.findPermissionByNameAndType("ADMIN.DO_SOMETHING", adminResourceTypeEntity))
+ .andReturn(adminPermissionEntity)
+ .anyTimes();
+ expect(permissionDAO.findPermissionByNameAndType("EMPTY.DO_SOMETHING", adminResourceTypeEntity))
+ .andReturn(emptyPermissionEntity)
+ .anyTimes();
+ expect(permissionDAO.findPermissionByNameAndType("NULL.DO_SOMETHING", adminResourceTypeEntity))
+ .andReturn(nullPermissionEntity)
+ .anyTimes();
+
+ replayAll();
+
+ AmbariManagementController managementController = injector.getInstance(AmbariManagementController.class);
+ UserAuthorizationResourceProvider provider = new UserAuthorizationResourceProvider(managementController);
+ setClusterController(provider, clusterController);
+
+ Predicate predicate = new PredicateBuilder()
+ .property(UserAuthorizationResourceProvider.USERNAME_PROPERTY_ID).equals("jdoe")
+ .toPredicate();
+
+ Set<Resource> resources = provider.getResources(PropertyHelper.getReadRequest(), predicate);
+
+ Assert.assertEquals(3, resources.size());
+
+ LinkedList<String> expectedIds = new LinkedList<String>();
+ expectedIds.add("CLUSTER.DO_SOMETHING");
+ expectedIds.add("VIEW.DO_SOMETHING");
+ expectedIds.add("ADMIN.DO_SOMETHING");
+
+ for (Resource resource : resources) {
+ String authorizationId = (String) resource.getPropertyValue(UserAuthorizationResourceProvider.AUTHORIZATION_ID_PROPERTY_ID);
+
+ switch (authorizationId) {
+ case "CLUSTER.DO_SOMETHING":
+ Assert.assertEquals("CLUSTER DO_SOMETHING", resource.getPropertyValue(UserAuthorizationResourceProvider.AUTHORIZATION_NAME_PROPERTY_ID));
+ Assert.assertEquals("CLUSTER", resource.getPropertyValue(UserAuthorizationResourceProvider.AUTHORIZATION_RESOURCE_TYPE_PROPERTY_ID));
+ Assert.assertEquals("Cluster Name", resource.getPropertyValue(UserAuthorizationResourceProvider.AUTHORIZATION_CLUSTER_NAME_PROPERTY_ID));
+ Assert.assertNull(resource.getPropertyValue(UserAuthorizationResourceProvider.AUTHORIZATION_VIEW_NAME_PROPERTY_ID));
+ Assert.assertNull(resource.getPropertyValue(UserAuthorizationResourceProvider.AUTHORIZATION_VIEW_VERSION_PROPERTY_ID));
+ Assert.assertNull(resource.getPropertyValue(UserAuthorizationResourceProvider.AUTHORIZATION_VIEW_INSTANCE_NAME_PROPERTY_ID));
+ break;
+ case "VIEW.DO_SOMETHING":
+ Assert.assertEquals("VIEW DO_SOMETHING", resource.getPropertyValue(UserAuthorizationResourceProvider.AUTHORIZATION_NAME_PROPERTY_ID));
+ Assert.assertEquals("VIEW", resource.getPropertyValue(UserAuthorizationResourceProvider.AUTHORIZATION_RESOURCE_TYPE_PROPERTY_ID));
+ Assert.assertEquals("View Name", resource.getPropertyValue(UserAuthorizationResourceProvider.AUTHORIZATION_VIEW_NAME_PROPERTY_ID));
+ Assert.assertEquals("View Version", resource.getPropertyValue(UserAuthorizationResourceProvider.AUTHORIZATION_VIEW_VERSION_PROPERTY_ID));
+ Assert.assertEquals("View Instance Name", resource.getPropertyValue(UserAuthorizationResourceProvider.AUTHORIZATION_VIEW_INSTANCE_NAME_PROPERTY_ID));
+ Assert.assertNull(resource.getPropertyValue(UserAuthorizationResourceProvider.AUTHORIZATION_CLUSTER_NAME_PROPERTY_ID));
+ break;
+ case "ADMIN.DO_SOMETHING":
+ Assert.assertEquals("ADMIN DO_SOMETHING", resource.getPropertyValue(UserAuthorizationResourceProvider.AUTHORIZATION_NAME_PROPERTY_ID));
+ Assert.assertEquals("ADMIN", resource.getPropertyValue(UserAuthorizationResourceProvider.AUTHORIZATION_RESOURCE_TYPE_PROPERTY_ID));
+ Assert.assertNull(resource.getPropertyValue(UserAuthorizationResourceProvider.AUTHORIZATION_CLUSTER_NAME_PROPERTY_ID));
+ Assert.assertNull(resource.getPropertyValue(UserAuthorizationResourceProvider.AUTHORIZATION_VIEW_NAME_PROPERTY_ID));
+ Assert.assertNull(resource.getPropertyValue(UserAuthorizationResourceProvider.AUTHORIZATION_VIEW_VERSION_PROPERTY_ID));
+ Assert.assertNull(resource.getPropertyValue(UserAuthorizationResourceProvider.AUTHORIZATION_VIEW_INSTANCE_NAME_PROPERTY_ID));
+ break;
+ }
+
+ expectedIds.remove();
+ }
+
+ Assert.assertEquals(0, expectedIds.size());
+
+ verifyAll();
+ }
+
+ @Test(expected = org.apache.ambari.server.controller.spi.SystemException.class)
+ public void testUpdateResources() throws Exception {
+ replayAll();
+ AmbariManagementController managementController = injector.getInstance(AmbariManagementController.class);
+ UserAuthorizationResourceProvider provider = new UserAuthorizationResourceProvider(managementController);
+ provider.updateResources(createNiceMock(Request.class), null);
+ }
+
+ @Test(expected = org.apache.ambari.server.controller.spi.SystemException.class)
+ public void testDeleteResources() throws Exception {
+ replayAll();
+ AmbariManagementController managementController = injector.getInstance(AmbariManagementController.class);
+ UserAuthorizationResourceProvider provider = new UserAuthorizationResourceProvider(managementController);
+ provider.deleteResources(null);
+ }
+
+
+ private void setClusterController(UserAuthorizationResourceProvider provider, ClusterController clusterController) throws Exception {
+ Class<?> c = provider.getClass();
+ Field f = c.getDeclaredField("clusterController");
+ f.setAccessible(true);
+ f.set(provider, clusterController);
+ }
+
+}
[3/4] ambari git commit: AMBARI-13865. Add authorizations to
permissions so that the definition of a permission (or role) is explicit
(rlevas)
Posted by rl...@apache.org.
http://git-wip-us.apache.org/repos/asf/ambari/blob/d08107d7/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql
index 626b47a..bcf6d01 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql
@@ -523,6 +523,16 @@ CREATE TABLE adminpermission (
permission_label VARCHAR(255),
PRIMARY KEY(permission_id));
+CREATE TABLE roleauthorization (
+ authorization_id VARCHAR(100) NOT NULL,
+ authorization_name VARCHAR(255) NOT NULL,
+ PRIMARY KEY(authorization_id));
+
+CREATE TABLE permission_roleauthorization (
+ permission_id NUMBER(19) NOT NULL,
+ authorization_id VARCHAR(100) NOT NULL,
+ PRIMARY KEY(permission_id, authorization_id));
+
CREATE TABLE adminprivilege (
privilege_id NUMBER(19),
permission_id NUMBER(19) NOT NULL,
@@ -708,6 +718,8 @@ ALTER TABLE viewentity ADD CONSTRAINT FK_viewentity_view_name FOREIGN KEY (view_
ALTER TABLE adminresource ADD CONSTRAINT FK_resource_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id);
ALTER TABLE adminprincipal ADD CONSTRAINT FK_principal_principal_type_id FOREIGN KEY (principal_type_id) REFERENCES adminprincipaltype(principal_type_id);
ALTER TABLE adminpermission ADD CONSTRAINT FK_permission_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id);
+ALTER TABLE permission_roleauthorization ADD CONSTRAINT FK_permission_roleauthorization_permission_id FOREIGN KEY (permission_id) REFERENCES adminpermission(permission_id);
+ALTER TABLE permission_roleauthorization ADD CONSTRAINT FK_permission_roleauthorization_authorization_id FOREIGN KEY (authorization_id) REFERENCES roleauthorization(authorization_id);
ALTER TABLE adminprivilege ADD CONSTRAINT FK_privilege_permission_id FOREIGN KEY (permission_id) REFERENCES adminpermission(permission_id);
ALTER TABLE adminprivilege ADD CONSTRAINT FK_privilege_resource_id FOREIGN KEY (resource_id) REFERENCES adminresource(resource_id);
ALTER TABLE viewmain ADD CONSTRAINT FK_view_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id);
@@ -990,7 +1002,227 @@ insert into adminpermission(permission_id, permission_name, resource_type_id, pe
union all
select 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator' from dual
union all
- select 4, 'VIEW.USER', 3, 'View User' from dual;
+ select 4, 'VIEW.USER', 3, 'View User' from dual
+ union all
+ select 5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator' from dual
+ union all
+ select 6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator' from dual
+ union all
+ select 7, 'SERVICE.OPERATOR', 2, 'Service Operator' from dual;
+
+INSERT INTO roleauthorization(authorization_id, authorization_name)
+ SELECT 'VIEW.USE', 'Use View' FROM dual UNION ALL
+ SELECT 'SERVICE.VIEW_METRICS', 'View metrics' FROM dual UNION ALL
+ SELECT 'SERVICE.VIEW_STATUS_INFO', 'View status information' FROM dual UNION ALL
+ SELECT 'SERVICE.VIEW_CONFIGS', 'View configurations' FROM dual UNION ALL
+ SELECT 'SERVICE.COMPARE_CONFIGS', 'Compare configurations' FROM dual UNION ALL
+ SELECT 'SERVICE.VIEW_ALERTS', 'View service alerts' FROM dual UNION ALL
+ SELECT 'SERVICE.START_STOP', 'Start/Stop/Restart Service' FROM dual UNION ALL
+ SELECT 'SERVICE.DECOMMISSION_RECOMMISSION', 'Decommission/recommission' FROM dual UNION ALL
+ SELECT 'SERVICE.RUN_SERVICE_CHECK', 'Run service checks' FROM dual UNION ALL
+ SELECT 'SERVICE.TOGGLE_MAINTENANCE', 'Turn on/off maintenance mode' FROM dual UNION ALL
+ SELECT 'SERVICE.RUN_CUSTOM_COMMAND', 'Perform service-specific tasks' FROM dual UNION ALL
+ SELECT 'SERVICE.MODIFY_CONFIGS', 'Modify configurations' FROM dual UNION ALL
+ SELECT 'SERVICE.MANAGE_CONFIG_GROUPS', 'Manage configuration groups' FROM dual UNION ALL
+ SELECT 'SERVICE.MOVE', 'Move to another host' FROM dual UNION ALL
+ SELECT 'SERVICE.ENABLE_HA', 'Enable HA' FROM dual UNION ALL
+ SELECT 'SERVICE.TOGGLE_ALERTS', 'Enable/disable service alerts' FROM dual UNION ALL
+ SELECT 'SERVICE.ADD_DELETE_SERVICES', 'Add Service to cluster' FROM dual UNION ALL
+ SELECT 'HOST.VIEW_METRICS', 'View metrics' FROM dual UNION ALL
+ SELECT 'HOST.VIEW_STATUS_INFO', 'View status information' FROM dual UNION ALL
+ SELECT 'HOST.VIEW_CONFIGS', 'View configuration' FROM dual UNION ALL
+ SELECT 'HOST.TOGGLE_MAINTENANCE', 'Turn on/off maintenance mode' FROM dual UNION ALL
+ SELECT 'HOST.ADD_DELETE_COMPONENTS', 'Install components' FROM dual UNION ALL
+ SELECT 'HOST.ADD_DELETE_HOSTS', 'Add/Delete hosts' FROM dual UNION ALL
+ SELECT 'CLUSTER.VIEW_METRICS', 'View metrics' FROM dual UNION ALL
+ SELECT 'CLUSTER.VIEW_STATUS_INFO', 'View status information' FROM dual UNION ALL
+ SELECT 'CLUSTER.VIEW_CONFIGS', 'View configuration' FROM dual UNION ALL
+ SELECT 'CLUSTER.VIEW_STACK_DETAILS', 'View stack version details' FROM dual UNION ALL
+ SELECT 'CLUSTER.VIEW_ALERTS', 'View alerts' FROM dual UNION ALL
+ SELECT 'CLUSTER.TOGGLE_ALERTS', 'Enable/disable alerts' FROM dual UNION ALL
+ SELECT 'CLUSTER.TOGGLE_KERBEROS', 'Enable/disable Kerberos' FROM dual UNION ALL
+ SELECT 'CLUSTER.UPGRADE_DOWNGRADE_STACK', 'Upgrade/downgrade stack' FROM dual UNION ALL
+ SELECT 'AMBARI.ADD_DELETE_CLUSTERS', 'Create new clusters' FROM dual UNION ALL
+ SELECT 'AMBARI.SET_SERVICE_USERS_GROUPS', 'Set service users and groups' FROM dual UNION ALL
+ SELECT 'AMBARI.RENAME_CLUSTER', 'Rename clusters' FROM dual UNION ALL
+ SELECT 'AMBARI.MANAGE_USERS', 'Manage users' FROM dual UNION ALL
+ SELECT 'AMBARI.MANAGE_GROUPS', 'Manage groups' FROM dual UNION ALL
+ SELECT 'AMBARI.MANAGE_VIEWS', 'Manage Ambari Views' FROM dual UNION ALL
+ SELECT 'AMBARI.ASSIGN_ROLES', 'Assign roles' FROM dual UNION ALL
+ SELECT 'AMBARI.MANAGE_STACK_VERSIONS', 'Manage stack versions' FROM dual UNION ALL
+ SELECT 'AMBARI.EDIT_STACK_REPOS', 'Edit stack repository URLs' FROM dual;
+
+-- Set authorizations for View User role
+INSERT INTO permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'VIEW.USE' FROM adminpermission WHERE permission_name='VIEW.USER';
+
+-- Set authorizations for Cluster User role
+INSERT INTO permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'SERVICE.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'SERVICE.COMPARE_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.USER';
+
+-- Set authorizations for Service Operator role
+INSERT INTO permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'SERVICE.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.COMPARE_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.START_STOP' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.DECOMMISSION_RECOMMISSION' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_SERVICE_CHECK' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR';
+
+-- Set authorizations for Service Administrator role
+INSERT INTO permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'SERVICE.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.COMPARE_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.START_STOP' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.DECOMMISSION_RECOMMISSION' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_SERVICE_CHECK' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR';
+
+-- Set authorizations for Cluster Operator role
+INSERT INTO permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'SERVICE.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.COMPARE_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.START_STOP' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.DECOMMISSION_RECOMMISSION' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_SERVICE_CHECK' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.ADD_DELETE_COMPONENTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.ADD_DELETE_HOSTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR';
+
+-- Set authorizations for Cluster Administrator role
+INSERT INTO permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'SERVICE.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.COMPARE_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.START_STOP' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.DECOMMISSION_RECOMMISSION' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_SERVICE_CHECK' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.ADD_DELETE_SERVICES' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.ADD_DELETE_COMPONENTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.ADD_DELETE_HOSTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR';
+
+-- Set authorizations for Administrator role
+INSERT INTO permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'VIEW.USE' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_METRICS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.COMPARE_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.START_STOP' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.DECOMMISSION_RECOMMISSION' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_SERVICE_CHECK' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.ADD_DELETE_SERVICES' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.ADD_DELETE_COMPONENTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.ADD_DELETE_HOSTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_METRICS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.ADD_DELETE_CLUSTERS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.SET_SERVICE_USERS_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.RENAME_CLUSTER' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.MANAGE_USERS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.MANAGE_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.MANAGE_VIEWS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.ASSIGN_ROLES' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.MANAGE_STACK_VERSIONS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.EDIT_STACK_REPOS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR';
insert into adminprivilege (privilege_id, permission_id, resource_id, principal_id)
select 1, 1, 1, 1 from dual;
http://git-wip-us.apache.org/repos/asf/ambari/blob/d08107d7/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql
index d42fc9f..547c40f 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql
@@ -526,6 +526,16 @@ CREATE TABLE adminpermission (
permission_label VARCHAR(255),
PRIMARY KEY(permission_id));
+CREATE TABLE roleauthorization (
+ authorization_id VARCHAR(100) NOT NULL,
+ authorization_name VARCHAR(255) NOT NULL,
+ PRIMARY KEY(authorization_id));
+
+CREATE TABLE permission_roleauthorization (
+ permission_id BIGINT NOT NULL,
+ authorization_id VARCHAR(100) NOT NULL,
+ PRIMARY KEY(permission_id, authorization_id));
+
CREATE TABLE adminprivilege (
privilege_id BIGINT,
permission_id BIGINT NOT NULL,
@@ -706,6 +716,8 @@ ALTER TABLE viewentity ADD CONSTRAINT FK_viewentity_view_name FOREIGN KEY (view_
ALTER TABLE adminresource ADD CONSTRAINT FK_resource_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id);
ALTER TABLE adminprincipal ADD CONSTRAINT FK_principal_principal_type_id FOREIGN KEY (principal_type_id) REFERENCES adminprincipaltype(principal_type_id);
ALTER TABLE adminpermission ADD CONSTRAINT FK_permission_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id);
+ALTER TABLE permission_roleauthorization ADD CONSTRAINT FK_permission_roleauthorization_permission_id FOREIGN KEY (permission_id) REFERENCES adminpermission(permission_id);
+ALTER TABLE permission_roleauthorization ADD CONSTRAINT FK_permission_roleauthorization_authorization_id FOREIGN KEY (authorization_id) REFERENCES roleauthorization(authorization_id);
ALTER TABLE adminprivilege ADD CONSTRAINT FK_privilege_permission_id FOREIGN KEY (permission_id) REFERENCES adminpermission(permission_id);
ALTER TABLE adminprivilege ADD CONSTRAINT FK_privilege_resource_id FOREIGN KEY (resource_id) REFERENCES adminresource(resource_id);
ALTER TABLE viewmain ADD CONSTRAINT FK_view_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id);
@@ -1034,7 +1046,227 @@ insert into adminpermission(permission_id, permission_name, resource_type_id, pe
UNION ALL
SELECT 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator'
UNION ALL
- SELECT 4, 'VIEW.USER', 3, 'View User';
+ SELECT 4, 'VIEW.USER', 3, 'View User'
+ UNION ALL
+ SELECT 5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator'
+ UNION ALL
+ SELECT 6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator'
+ UNION ALL
+ SELECT 7, 'SERVICE.OPERATOR', 2, 'Service Operator';
+
+INSERT INTO roleauthorization(authorization_id, authorization_name)
+ SELECT 'VIEW.USE', 'Use View' UNION ALL
+ SELECT 'SERVICE.VIEW_METRICS', 'View metrics' UNION ALL
+ SELECT 'SERVICE.VIEW_STATUS_INFO', 'View status information' UNION ALL
+ SELECT 'SERVICE.VIEW_CONFIGS', 'View configurations' UNION ALL
+ SELECT 'SERVICE.COMPARE_CONFIGS', 'Compare configurations' UNION ALL
+ SELECT 'SERVICE.VIEW_ALERTS', 'View service alerts' UNION ALL
+ SELECT 'SERVICE.START_STOP', 'Start/Stop/Restart Service' UNION ALL
+ SELECT 'SERVICE.DECOMMISSION_RECOMMISSION', 'Decommission/recommission' UNION ALL
+ SELECT 'SERVICE.RUN_SERVICE_CHECK', 'Run service checks' UNION ALL
+ SELECT 'SERVICE.TOGGLE_MAINTENANCE', 'Turn on/off maintenance mode' UNION ALL
+ SELECT 'SERVICE.RUN_CUSTOM_COMMAND', 'Perform service-specific tasks' UNION ALL
+ SELECT 'SERVICE.MODIFY_CONFIGS', 'Modify configurations' UNION ALL
+ SELECT 'SERVICE.MANAGE_CONFIG_GROUPS', 'Manage configuration groups' UNION ALL
+ SELECT 'SERVICE.MOVE', 'Move to another host' UNION ALL
+ SELECT 'SERVICE.ENABLE_HA', 'Enable HA' UNION ALL
+ SELECT 'SERVICE.TOGGLE_ALERTS', 'Enable/disable service alerts' UNION ALL
+ SELECT 'SERVICE.ADD_DELETE_SERVICES', 'Add Service to cluster' UNION ALL
+ SELECT 'HOST.VIEW_METRICS', 'View metrics' UNION ALL
+ SELECT 'HOST.VIEW_STATUS_INFO', 'View status information' UNION ALL
+ SELECT 'HOST.VIEW_CONFIGS', 'View configuration' UNION ALL
+ SELECT 'HOST.TOGGLE_MAINTENANCE', 'Turn on/off maintenance mode' UNION ALL
+ SELECT 'HOST.ADD_DELETE_COMPONENTS', 'Install components' UNION ALL
+ SELECT 'HOST.ADD_DELETE_HOSTS', 'Add/Delete hosts' UNION ALL
+ SELECT 'CLUSTER.VIEW_METRICS', 'View metrics' UNION ALL
+ SELECT 'CLUSTER.VIEW_STATUS_INFO', 'View status information' UNION ALL
+ SELECT 'CLUSTER.VIEW_CONFIGS', 'View configuration' UNION ALL
+ SELECT 'CLUSTER.VIEW_STACK_DETAILS', 'View stack version details' UNION ALL
+ SELECT 'CLUSTER.VIEW_ALERTS', 'View alerts' UNION ALL
+ SELECT 'CLUSTER.TOGGLE_ALERTS', 'Enable/disable alerts' UNION ALL
+ SELECT 'CLUSTER.TOGGLE_KERBEROS', 'Enable/disable Kerberos' UNION ALL
+ SELECT 'CLUSTER.UPGRADE_DOWNGRADE_STACK', 'Upgrade/downgrade stack' UNION ALL
+ SELECT 'AMBARI.ADD_DELETE_CLUSTERS', 'Create new clusters' UNION ALL
+ SELECT 'AMBARI.SET_SERVICE_USERS_GROUPS', 'Set service users and groups' UNION ALL
+ SELECT 'AMBARI.RENAME_CLUSTER', 'Rename clusters' UNION ALL
+ SELECT 'AMBARI.MANAGE_USERS', 'Manage users' UNION ALL
+ SELECT 'AMBARI.MANAGE_GROUPS', 'Manage groups' UNION ALL
+ SELECT 'AMBARI.MANAGE_VIEWS', 'Manage Ambari Views' UNION ALL
+ SELECT 'AMBARI.ASSIGN_ROLES', 'Assign roles' UNION ALL
+ SELECT 'AMBARI.MANAGE_STACK_VERSIONS', 'Manage stack versions' UNION ALL
+ SELECT 'AMBARI.EDIT_STACK_REPOS', 'Edit stack repository URLs';
+
+-- Set authorizations for View User role
+INSERT INTO permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'VIEW.USE' FROM adminpermission WHERE permission_name='VIEW.USER';
+
+-- Set authorizations for Cluster User role
+INSERT INTO permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'SERVICE.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'SERVICE.COMPARE_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.USER';
+
+-- Set authorizations for Service Operator role
+INSERT INTO permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'SERVICE.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.COMPARE_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.START_STOP' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.DECOMMISSION_RECOMMISSION' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_SERVICE_CHECK' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR';
+
+-- Set authorizations for Service Administrator role
+INSERT INTO permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'SERVICE.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.COMPARE_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.START_STOP' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.DECOMMISSION_RECOMMISSION' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_SERVICE_CHECK' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR';
+
+-- Set authorizations for Cluster Operator role
+INSERT INTO permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'SERVICE.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.COMPARE_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.START_STOP' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.DECOMMISSION_RECOMMISSION' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_SERVICE_CHECK' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.ADD_DELETE_COMPONENTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.ADD_DELETE_HOSTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR';
+
+-- Set authorizations for Cluster Administrator role
+INSERT INTO permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'SERVICE.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.COMPARE_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.START_STOP' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.DECOMMISSION_RECOMMISSION' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_SERVICE_CHECK' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.ADD_DELETE_SERVICES' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.ADD_DELETE_COMPONENTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.ADD_DELETE_HOSTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR';
+
+-- Set authorizations for Administrator role
+INSERT INTO permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'VIEW.USE' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_METRICS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.COMPARE_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.START_STOP' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.DECOMMISSION_RECOMMISSION' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_SERVICE_CHECK' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.ADD_DELETE_SERVICES' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.ADD_DELETE_COMPONENTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.ADD_DELETE_HOSTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_METRICS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.ADD_DELETE_CLUSTERS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.SET_SERVICE_USERS_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.RENAME_CLUSTER' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.MANAGE_USERS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.MANAGE_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.MANAGE_VIEWS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.ASSIGN_ROLES' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.MANAGE_STACK_VERSIONS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.EDIT_STACK_REPOS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR';
INSERT INTO adminprivilege (privilege_id, permission_id, resource_id, principal_id)
SELECT 1, 1, 1, 1;
http://git-wip-us.apache.org/repos/asf/ambari/blob/d08107d7/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql
index 3981ab2..e78aa17 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql
@@ -587,6 +587,16 @@ CREATE TABLE ambari.adminpermission (
permission_label VARCHAR(255),
PRIMARY KEY(permission_id));
+CREATE TABLE ambari.roleauthorization (
+ authorization_id VARCHAR(100) NOT NULL,
+ authorization_name VARCHAR(255) NOT NULL,
+ PRIMARY KEY(authorization_id));
+
+CREATE TABLE ambari.permission_roleauthorization (
+ permission_id BIGINT NOT NULL,
+ authorization_id VARCHAR(100) NOT NULL,
+ PRIMARY KEY(permission_id, authorization_id));
+
CREATE TABLE ambari.adminprivilege (
privilege_id BIGINT,
permission_id BIGINT NOT NULL,
@@ -599,6 +609,8 @@ GRANT ALL PRIVILEGES ON TABLE ambari.adminresource TO :username;
GRANT ALL PRIVILEGES ON TABLE ambari.adminprincipaltype TO :username;
GRANT ALL PRIVILEGES ON TABLE ambari.adminprincipal TO :username;
GRANT ALL PRIVILEGES ON TABLE ambari.adminpermission TO :username;
+GRANT ALL PRIVILEGES ON TABLE ambari.roleauthorization TO :username;
+GRANT ALL PRIVILEGES ON TABLE ambari.permission_roleauthorization TO :username;
GRANT ALL PRIVILEGES ON TABLE ambari.adminprivilege TO :username;
CREATE TABLE ambari.repo_version (
@@ -789,6 +801,8 @@ ALTER TABLE ambari.serviceconfighosts ADD CONSTRAINT FK_scvhosts_host_id FOREIGN
ALTER TABLE ambari.adminresource ADD CONSTRAINT FK_resource_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES ambari.adminresourcetype(resource_type_id);
ALTER TABLE ambari.adminprincipal ADD CONSTRAINT FK_principal_principal_type_id FOREIGN KEY (principal_type_id) REFERENCES ambari.adminprincipaltype(principal_type_id);
ALTER TABLE ambari.adminpermission ADD CONSTRAINT FK_permission_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES ambari.adminresourcetype(resource_type_id);
+ALTER TABLE ambari.permission_roleauthorization ADD CONSTRAINT FK_permission_roleauthorization_permission_id FOREIGN KEY (permission_id) REFERENCES ambari.adminpermission(permission_id);
+ALTER TABLE ambari.permission_roleauthorization ADD CONSTRAINT FK_permission_roleauthorization_authorization_id FOREIGN KEY (authorization_id) REFERENCES ambari.roleauthorization(authorization_id);
ALTER TABLE ambari.adminprivilege ADD CONSTRAINT FK_privilege_permission_id FOREIGN KEY (permission_id) REFERENCES ambari.adminpermission(permission_id);
ALTER TABLE ambari.adminprivilege ADD CONSTRAINT FK_privilege_resource_id FOREIGN KEY (resource_id) REFERENCES ambari.adminresource(resource_id);
ALTER TABLE ambari.viewmain ADD CONSTRAINT FK_view_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES ambari.adminresourcetype(resource_type_id);
@@ -1130,7 +1144,227 @@ insert into ambari.adminpermission(permission_id, permission_name, resource_type
UNION ALL
SELECT 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator'
UNION ALL
- SELECT 4, 'VIEW.USER', 3, 'View User';
+ SELECT 4, 'VIEW.USER', 3, 'View User'
+ UNION ALL
+ SELECT 5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator'
+ UNION ALL
+ SELECT 6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator'
+ UNION ALL
+ SELECT 7, 'SERVICE.OPERATOR', 2, 'Service Operator';
+
+INSERT INTO ambari.roleauthorization(authorization_id, authorization_name)
+ SELECT 'VIEW.USE', 'Use View' UNION ALL
+ SELECT 'SERVICE.VIEW_METRICS', 'View metrics' UNION ALL
+ SELECT 'SERVICE.VIEW_STATUS_INFO', 'View status information' UNION ALL
+ SELECT 'SERVICE.VIEW_CONFIGS', 'View configurations' UNION ALL
+ SELECT 'SERVICE.COMPARE_CONFIGS', 'Compare configurations' UNION ALL
+ SELECT 'SERVICE.VIEW_ALERTS', 'View service alerts' UNION ALL
+ SELECT 'SERVICE.START_STOP', 'Start/Stop/Restart Service' UNION ALL
+ SELECT 'SERVICE.DECOMMISSION_RECOMMISSION', 'Decommission/recommission' UNION ALL
+ SELECT 'SERVICE.RUN_SERVICE_CHECK', 'Run service checks' UNION ALL
+ SELECT 'SERVICE.TOGGLE_MAINTENANCE', 'Turn on/off maintenance mode' UNION ALL
+ SELECT 'SERVICE.RUN_CUSTOM_COMMAND', 'Perform service-specific tasks' UNION ALL
+ SELECT 'SERVICE.MODIFY_CONFIGS', 'Modify configurations' UNION ALL
+ SELECT 'SERVICE.MANAGE_CONFIG_GROUPS', 'Manage configuration groups' UNION ALL
+ SELECT 'SERVICE.MOVE', 'Move to another host' UNION ALL
+ SELECT 'SERVICE.ENABLE_HA', 'Enable HA' UNION ALL
+ SELECT 'SERVICE.TOGGLE_ALERTS', 'Enable/disable service alerts' UNION ALL
+ SELECT 'SERVICE.ADD_DELETE_SERVICES', 'Add Service to cluster' UNION ALL
+ SELECT 'HOST.VIEW_METRICS', 'View metrics' UNION ALL
+ SELECT 'HOST.VIEW_STATUS_INFO', 'View status information' UNION ALL
+ SELECT 'HOST.VIEW_CONFIGS', 'View configuration' UNION ALL
+ SELECT 'HOST.TOGGLE_MAINTENANCE', 'Turn on/off maintenance mode' UNION ALL
+ SELECT 'HOST.ADD_DELETE_COMPONENTS', 'Install components' UNION ALL
+ SELECT 'HOST.ADD_DELETE_HOSTS', 'Add/Delete hosts' UNION ALL
+ SELECT 'CLUSTER.VIEW_METRICS', 'View metrics' UNION ALL
+ SELECT 'CLUSTER.VIEW_STATUS_INFO', 'View status information' UNION ALL
+ SELECT 'CLUSTER.VIEW_CONFIGS', 'View configuration' UNION ALL
+ SELECT 'CLUSTER.VIEW_STACK_DETAILS', 'View stack version details' UNION ALL
+ SELECT 'CLUSTER.VIEW_ALERTS', 'View alerts' UNION ALL
+ SELECT 'CLUSTER.TOGGLE_ALERTS', 'Enable/disable alerts' UNION ALL
+ SELECT 'CLUSTER.TOGGLE_KERBEROS', 'Enable/disable Kerberos' UNION ALL
+ SELECT 'CLUSTER.UPGRADE_DOWNGRADE_STACK', 'Upgrade/downgrade stack' UNION ALL
+ SELECT 'AMBARI.ADD_DELETE_CLUSTERS', 'Create new clusters' UNION ALL
+ SELECT 'AMBARI.SET_SERVICE_USERS_GROUPS', 'Set service users and groups' UNION ALL
+ SELECT 'AMBARI.RENAME_CLUSTER', 'Rename clusters' UNION ALL
+ SELECT 'AMBARI.MANAGE_USERS', 'Manage users' UNION ALL
+ SELECT 'AMBARI.MANAGE_GROUPS', 'Manage groups' UNION ALL
+ SELECT 'AMBARI.MANAGE_VIEWS', 'Manage Ambari Views' UNION ALL
+ SELECT 'AMBARI.ASSIGN_ROLES', 'Assign roles' UNION ALL
+ SELECT 'AMBARI.MANAGE_STACK_VERSIONS', 'Manage stack versions' UNION ALL
+ SELECT 'AMBARI.EDIT_STACK_REPOS', 'Edit stack repository URLs';
+
+-- Set authorizations for View User role
+INSERT INTO ambari.permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'VIEW.USE' FROM ambari.adminpermission WHERE permission_name='VIEW.USER';
+
+-- Set authorizations for Cluster User role
+INSERT INTO ambari.permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'SERVICE.VIEW_METRICS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_STATUS_INFO' FROM ambari.adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_CONFIGS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'SERVICE.COMPARE_CONFIGS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_ALERTS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_METRICS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM ambari.adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_METRICS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM ambari.adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.USER';
+
+-- Set authorizations for Service Operator role
+INSERT INTO ambari.permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'SERVICE.VIEW_METRICS' FROM ambari.adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_STATUS_INFO' FROM ambari.adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_CONFIGS' FROM ambari.adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.COMPARE_CONFIGS' FROM ambari.adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_ALERTS' FROM ambari.adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.START_STOP' FROM ambari.adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.DECOMMISSION_RECOMMISSION' FROM ambari.adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_SERVICE_CHECK' FROM ambari.adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_MAINTENANCE' FROM ambari.adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM ambari.adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_METRICS' FROM ambari.adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM ambari.adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM ambari.adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_METRICS' FROM ambari.adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM ambari.adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM ambari.adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM ambari.adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM ambari.adminpermission WHERE permission_name='SERVICE.OPERATOR';
+
+-- Set authorizations for Service Administrator role
+INSERT INTO ambari.permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'SERVICE.VIEW_METRICS' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_STATUS_INFO' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_CONFIGS' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.COMPARE_CONFIGS' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_ALERTS' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.START_STOP' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.DECOMMISSION_RECOMMISSION' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_SERVICE_CHECK' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_MAINTENANCE' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MOVE' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.ENABLE_HA' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_METRICS' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_METRICS' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR';
+
+-- Set authorizations for Cluster Operator role
+INSERT INTO ambari.permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'SERVICE.VIEW_METRICS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_STATUS_INFO' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_CONFIGS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.COMPARE_CONFIGS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_ALERTS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.START_STOP' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.DECOMMISSION_RECOMMISSION' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_SERVICE_CHECK' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_MAINTENANCE' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MOVE' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.ENABLE_HA' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_METRICS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.TOGGLE_MAINTENANCE' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.ADD_DELETE_COMPONENTS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.ADD_DELETE_HOSTS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_METRICS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR';
+
+-- Set authorizations for Cluster Administrator role
+INSERT INTO ambari.permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'SERVICE.VIEW_METRICS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_STATUS_INFO' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_CONFIGS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.COMPARE_CONFIGS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_ALERTS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.START_STOP' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.DECOMMISSION_RECOMMISSION' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_SERVICE_CHECK' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_MAINTENANCE' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MOVE' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.ENABLE_HA' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.ADD_DELETE_SERVICES' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_METRICS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.TOGGLE_MAINTENANCE' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.ADD_DELETE_COMPONENTS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.ADD_DELETE_HOSTS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_METRICS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR';
+
+-- Set authorizations for Administrator role
+INSERT INTO ambari.permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'VIEW.USE' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_METRICS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_STATUS_INFO' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_CONFIGS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.COMPARE_CONFIGS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_ALERTS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.START_STOP' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.DECOMMISSION_RECOMMISSION' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_SERVICE_CHECK' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_MAINTENANCE' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MOVE' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.ENABLE_HA' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.ADD_DELETE_SERVICES' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_METRICS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.TOGGLE_MAINTENANCE' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.ADD_DELETE_COMPONENTS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.ADD_DELETE_HOSTS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_METRICS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.ADD_DELETE_CLUSTERS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.SET_SERVICE_USERS_GROUPS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.RENAME_CLUSTER' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.MANAGE_USERS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.MANAGE_GROUPS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.MANAGE_VIEWS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.ASSIGN_ROLES' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.MANAGE_STACK_VERSIONS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.EDIT_STACK_REPOS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR';
INSERT INTO ambari.adminprivilege (privilege_id, permission_id, resource_id, principal_id)
SELECT 1, 1, 1, 1;
[4/4] ambari git commit: AMBARI-13865. Add authorizations to
permissions so that the definition of a permission (or role) is explicit
(rlevas)
Posted by rl...@apache.org.
AMBARI-13865. Add authorizations to permissions so that the definition of a permission (or role) is explicit (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/d08107d7
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/d08107d7
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/d08107d7
Branch: refs/heads/trunk
Commit: d08107d70a71932a92fb9b7dc0b7652f0c365be7
Parents: 58b598a
Author: Robert Levas <rl...@hortonworks.com>
Authored: Wed Nov 18 13:42:51 2015 -0500
Committer: Robert Levas <rl...@hortonworks.com>
Committed: Wed Nov 18 13:42:58 2015 -0500
----------------------------------------------------------------------
.../api/services/RoleAuthorizationService.java | 6 +
.../api/services/UserAuthorizationService.java | 7 +
.../RoleAuthorizationResourceProvider.java | 160 +---------
.../UserAuthorizationResourceProvider.java | 154 +--------
.../server/orm/dao/RoleAuthorizationDAO.java | 67 ++++
.../server/orm/entities/PermissionEntity.java | 44 ++-
.../orm/entities/RoleAuthorizationEntity.java | 114 +++++++
.../server/upgrade/UpgradeCatalog220.java | 224 ++++++++++++-
.../main/resources/Ambari-DDL-MySQL-CREATE.sql | 234 +++++++++++++-
.../main/resources/Ambari-DDL-Oracle-CREATE.sql | 234 +++++++++++++-
.../resources/Ambari-DDL-Postgres-CREATE.sql | 234 +++++++++++++-
.../Ambari-DDL-Postgres-EMBEDDED-CREATE.sql | 236 +++++++++++++-
.../resources/Ambari-DDL-SQLAnywhere-CREATE.sql | 236 +++++++++++++-
.../resources/Ambari-DDL-SQLServer-CREATE.sql | 231 +++++++++++++-
.../src/main/resources/META-INF/persistence.xml | 1 +
.../services/RoleAuthorizationServiceTest.java | 86 +++++
.../services/UserAuthorizationServiceTest.java | 87 +++++
.../RoleAuthorizationResourceProviderTest.java | 202 ++++++++++++
.../UserAuthorizationResourceProviderTest.java | 315 +++++++++++++++++++
.../server/upgrade/UpgradeCatalog220Test.java | 185 ++++++++---
20 files changed, 2716 insertions(+), 341 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/d08107d7/ambari-server/src/main/java/org/apache/ambari/server/api/services/RoleAuthorizationService.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/services/RoleAuthorizationService.java b/ambari-server/src/main/java/org/apache/ambari/server/api/services/RoleAuthorizationService.java
index 082200d..60f8a36 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/api/services/RoleAuthorizationService.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/api/services/RoleAuthorizationService.java
@@ -32,6 +32,12 @@ import javax.ws.rs.core.UriInfo;
import java.util.HashMap;
import java.util.Map;
+/**
+ * RoleAuthorizationService is a read-only service responsible for role authorization resource requests.
+ * <p/>
+ * The result sets returned by this service are either the full set of available authorizations or
+ * those related to a particular permission.
+ */
@Path("/authorizations/")
public class RoleAuthorizationService extends BaseService {
private String permissionId;
http://git-wip-us.apache.org/repos/asf/ambari/blob/d08107d7/ambari-server/src/main/java/org/apache/ambari/server/api/services/UserAuthorizationService.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/services/UserAuthorizationService.java b/ambari-server/src/main/java/org/apache/ambari/server/api/services/UserAuthorizationService.java
index d6ee2fc..6861d3d 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/api/services/UserAuthorizationService.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/api/services/UserAuthorizationService.java
@@ -32,6 +32,13 @@ import javax.ws.rs.core.UriInfo;
import java.util.HashMap;
import java.util.Map;
+/**
+ * UserAuthorizationService is a read-only service responsible for user authorization resource requests.
+ * <p/>
+ * The result sets returned by this service represent the set of authorizations assigned to a given user.
+ * Authorizations are tied to a resource, so a user may have the multiple authorization entries for the
+ * same authorization id (for example VIEW.USE), however each will represnet a different view instance.
+ */
public class UserAuthorizationService extends BaseService {
/**
http://git-wip-us.apache.org/repos/asf/ambari/blob/d08107d7/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RoleAuthorizationResourceProvider.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RoleAuthorizationResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RoleAuthorizationResourceProvider.java
index 82981a9..1b08d85 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RoleAuthorizationResourceProvider.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RoleAuthorizationResourceProvider.java
@@ -30,7 +30,9 @@ import org.apache.ambari.server.controller.spi.Resource.Type;
import org.apache.ambari.server.controller.spi.SystemException;
import org.apache.ambari.server.controller.spi.UnsupportedPropertyException;
import org.apache.ambari.server.controller.utilities.PropertyHelper;
+import org.apache.ambari.server.orm.dao.RoleAuthorizationDAO;
import org.apache.ambari.server.orm.dao.PermissionDAO;
+import org.apache.ambari.server.orm.entities.RoleAuthorizationEntity;
import org.apache.ambari.server.orm.entities.PermissionEntity;
import org.apache.commons.lang.StringUtils;
@@ -79,10 +81,16 @@ public class RoleAuthorizationResourceProvider extends ReadOnlyResourceProvider
}
/**
+ * Data access object used to obtain authorization entities.
+ */
+ @Inject
+ private static RoleAuthorizationDAO roleAuthorizationDAO;
+
+ /**
* Data access object used to obtain permission entities.
*/
@Inject
- protected static PermissionDAO permissionDAO;
+ private static PermissionDAO permissionDAO;
/**
* Create a new resource provider.
@@ -127,39 +135,25 @@ public class RoleAuthorizationResourceProvider extends ReadOnlyResourceProvider
}
if (permissionId == null) {
- // TODO: ** This is stubbed out until the data layer catches up...
- // TODO: entities = roleAuthorizationDAO.findAll();
- authorizationEntities = createAdminAuthorizations();
+ authorizationEntities = roleAuthorizationDAO.findAll();
} else {
PermissionEntity permissionEntity = permissionDAO.findById(permissionId);
- if(permissionEntity == null)
+ if (permissionEntity == null) {
authorizationEntities = null;
- else
- {
- // TODO: ** This is stubbed out until the data layer catches up...
- // TODO: authorizationEntities = (permissionEntity == null)
- // TODO: ? null
- // TODO: : permissionEntity.getAuthorizations();
- String permissionName = permissionEntity.getPermissionName();
- if (permissionName.startsWith("AMBARI")) {
- authorizationEntities = createAdminAuthorizations();
- } else if (permissionName.startsWith("CLUSTER")) {
- authorizationEntities = createOperatorAuthorizations();
- } else {
- authorizationEntities = null;
- }
+ } else {
+ authorizationEntities = permissionEntity.getAuthorizations();
}
}
if (authorizationEntities != null) {
String authorizationId = (String) propertyMap.get(AUTHORIZATION_ID_PROPERTY_ID);
- if(!StringUtils.isEmpty(authorizationId)) {
+ if (!StringUtils.isEmpty(authorizationId)) {
// Filter the entities
Iterator<RoleAuthorizationEntity> iterator = authorizationEntities.iterator();
- while(iterator.hasNext()) {
- if(!authorizationId.equals(iterator.next().getAuthorizationId())) {
+ while (iterator.hasNext()) {
+ if (!authorizationId.equals(iterator.next().getAuthorizationId())) {
iterator.remove();
}
}
@@ -190,130 +184,10 @@ public class RoleAuthorizationResourceProvider extends ReadOnlyResourceProvider
private Resource toResource(Integer permissionId, RoleAuthorizationEntity entity, Set<String> requestedIds) {
Resource resource = new ResourceImpl(Type.RoleAuthorization);
setResourceProperty(resource, AUTHORIZATION_ID_PROPERTY_ID, entity.getAuthorizationId(), requestedIds);
- if(permissionId != null) {
+ if (permissionId != null) {
setResourceProperty(resource, PERMISSION_ID_PROPERTY_ID, permissionId, requestedIds);
}
setResourceProperty(resource, AUTHORIZATION_NAME_PROPERTY_ID, entity.getAuthorizationName(), requestedIds);
return resource;
}
-
- /**
- * Fills RoleAuthorizationEntities for an administrator user
- * <p/>
- * This is a temporary method until the data layer catches up
- * <p/>
- * TODO: Remove when the data later catches up
- *
- * @return an array of RoleAuthorizationEntity objects
- */
- private Collection<RoleAuthorizationEntity> createAdminAuthorizations() {
- Collection<RoleAuthorizationEntity> authorizationEntities = new ArrayList<RoleAuthorizationEntity>();
- authorizationEntities.add(new RoleAuthorizationEntity("VIEW.USE", "Use View"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_METRICS", "View metrics"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_STATUS_INFO", "View status information"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_CONFIGS", "View configurations"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.COMPARE_CONFIGS", "Compare configurations"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_ALERTS", "View service alerts"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.START_STOP", "Start/Stop/Restart Service"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.DECOMMISSION_RECOMMISSION", "Decommission/recommission"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.RUN_SERVICE_CHECK", "Run service checks"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.TOGGLE_MAINTENANCE", "Turn on/off maintenance mode"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.RUN_CUSTOM_COMMAND", "Perform service-specific tasks"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.MODIFY_CONFIGS", "Modify configurations"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.MANAGE_CONFIG_GROUPS", "Manage configuration groups"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.MOVE", "Move to another host"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.ENABLE_HA", "Enable HA"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.TOGGLE_ALERTS", "Enable/disable service alerts"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.ADD_DELETE_SERVICES", "Add Service to cluster"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.VIEW_METRICS", "View metrics"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.VIEW_STATUS_INFO", "View status information"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.VIEW_CONFIGS", "View configuration"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.COMPARE_CONFIGS", "Turn on/off maintenance mode"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.ADD_DELETE_COMPONENTS", "Install components"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.ADD_DELETE_HOSTS", "Add/Delete hosts"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_METRICS", "View metrics"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_STATUS_INFO", "View status information"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_CONFIGS", "View configuration"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_STACK_DETAILS", "View stack version details"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_ALERTS", "View alerts"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.TOGGLE_ALERTS", "Enable/disable alerts"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.TOGGLE_KERBEROS", "Enable/disable Kerberos"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.UPGRADE_DOWNGRADE_STACK", "Upgrade/downgrade stack"));
- authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.ADD_DELETE_CLUSTERS", "Create new clusters"));
- authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.SET_SERVICE_USERS_GROUPS", "Set service users and groups"));
- authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.RENAME_CLUSTER", "Rename clusters"));
- authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.MANAGE_USERS", "Manage users"));
- authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.MANAGE_GROUPS", "Manage groups"));
- authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.MANAGE_VIEWS", "Manage Ambari Views"));
- authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.ASSIGN_ROLES", "Assign roles"));
- authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.MANAGE_STACK_VERSIONS", "Manage stack versions"));
- authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.EDIT_STACK_REPOS", "Edit stack repository URLs"));
- return authorizationEntities;
- }
-
- /**
- * Fills RoleAuthorizationEntities for an administrator user
- * <p/>
- * This is a temporary method until the data layer catches up
- * <p/>
- * TODO: Remove when the data later catches up
- *
- * @return an array of RoleAuthorizationEntity objects
- */
- private Collection<RoleAuthorizationEntity> createOperatorAuthorizations() {
- Collection<RoleAuthorizationEntity> authorizationEntities = new ArrayList<RoleAuthorizationEntity>();
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_METRICS", "View metrics"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_STATUS_INFO", "View status information"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_CONFIGS", "View configurations"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.COMPARE_CONFIGS", "Compare configurations"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_ALERTS", "View service alerts"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.START_STOP", "Start/Stop/Restart Service"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.DECOMMISSION_RECOMMISSION", "Decommission/recommission"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.RUN_SERVICE_CHECK", "Run service checks"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.TOGGLE_MAINTENANCE", "Turn on/off maintenance mode"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.RUN_CUSTOM_COMMAND", "Perform service-specific tasks"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.MODIFY_CONFIGS", "Modify configurations"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.MANAGE_CONFIG_GROUPS", "Manage configuration groups"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.MOVE", "Move to another host"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.ENABLE_HA", "Enable HA"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.TOGGLE_ALERTS", "Enable/disable service alerts"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.ADD_DELETE_SERVICES", "Add Service to cluster"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.VIEW_METRICS", "View metrics"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.VIEW_STATUS_INFO", "View status information"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.VIEW_CONFIGS", "View configuration"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.COMPARE_CONFIGS", "Turn on/off maintenance mode"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.ADD_DELETE_COMPONENTS", "Install components"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.ADD_DELETE_HOSTS", "Add/Delete hosts"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_METRICS", "View metrics"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_STATUS_INFO", "View status information"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_CONFIGS", "View configuration"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_STACK_DETAILS", "View stack version details"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_ALERTS", "View alerts"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.TOGGLE_ALERTS", "Enable/disable alerts"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.TOGGLE_KERBEROS", "Enable/disable Kerberos"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.UPGRADE_DOWNGRADE_STACK", "Upgrade/downgrade stack"));
- return authorizationEntities;
- }
-
- /**
- * RoleAuthorizationEntity is a stubbed out Entity class to be replaced by a real Entity class
- * TODO: Replace with real RoleAuthorizationEntity class when the data later catches up
- */
- private static class RoleAuthorizationEntity {
- private final String authorizationId;
- private final String authorizationName;
-
- private RoleAuthorizationEntity(String authorizationId, String authorizationName) {
- this.authorizationId = authorizationId;
- this.authorizationName = authorizationName;
- }
-
- public String getAuthorizationId() {
- return authorizationId;
- }
-
- public String getAuthorizationName() {
- return authorizationName;
- }
- }
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/d08107d7/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserAuthorizationResourceProvider.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserAuthorizationResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserAuthorizationResourceProvider.java
index ec686e5..15aa0ec 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserAuthorizationResourceProvider.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UserAuthorizationResourceProvider.java
@@ -38,6 +38,7 @@ import org.apache.ambari.server.orm.dao.PermissionDAO;
import org.apache.ambari.server.orm.dao.ResourceTypeDAO;
import org.apache.ambari.server.orm.entities.PermissionEntity;
import org.apache.ambari.server.orm.entities.ResourceTypeEntity;
+import org.apache.ambari.server.orm.entities.RoleAuthorizationEntity;
import java.util.ArrayList;
import java.util.Collection;
@@ -97,13 +98,13 @@ public class UserAuthorizationResourceProvider extends ReadOnlyResourceProvider
* Data access object used to obtain permission entities.
*/
@Inject
- protected static PermissionDAO permissionDAO;
+ private static PermissionDAO permissionDAO;
/**
* Data access object used to obtain resource type entities.
*/
@Inject
- protected static ResourceTypeDAO resourceTypeDAO;
+ private static ResourceTypeDAO resourceTypeDAO;
/**
* The ClusterController user to get access to other resource providers
@@ -149,17 +150,7 @@ public class UserAuthorizationResourceProvider extends ReadOnlyResourceProvider
if (permissionEntity == null) {
authorizationEntities = null;
} else {
- // TODO: ** This is stubbed out until the data layer catches up...
- // TODO: authorizationEntities = permissionEntity.getAuthorizations();
- if (permissionName.startsWith("AMBARI")) {
- authorizationEntities = createAdminAuthorizations();
- } else if (permissionName.startsWith("CLUSTER")) {
- authorizationEntities = createOperatorAuthorizations();
- } else if (permissionName.startsWith("VIEW")) {
- authorizationEntities = createViewUserAuthorizations();
- } else {
- authorizationEntities = null;
- }
+ authorizationEntities = permissionEntity.getAuthorizations();
}
if (authorizationEntities != null) {
@@ -296,141 +287,4 @@ public class UserAuthorizationResourceProvider extends ReadOnlyResourceProvider
resources.add(resource);
}
}
-
-
- /**
- * Fills RoleAuthorizationEntities for an administrator user
- * <p/>
- * This is a temporary method until the data layer catches up
- * <p/>
- * TODO: Remove when the data later catches up
- *
- * @return an array of RoleAuthorizationEntity objects
- */
- private Collection<RoleAuthorizationEntity> createAdminAuthorizations() {
- Collection<RoleAuthorizationEntity> authorizationEntities = new ArrayList<RoleAuthorizationEntity>();
- authorizationEntities.add(new RoleAuthorizationEntity("VIEW.USE", "Use View"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_METRICS", "View metrics"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_STATUS_INFO", "View status information"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_CONFIGS", "View configurations"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.COMPARE_CONFIGS", "Compare configurations"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_ALERTS", "View service alerts"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.START_STOP", "Start/Stop/Restart Service"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.DECOMMISSION_RECOMMISSION", "Decommission/recommission"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.RUN_SERVICE_CHECK", "Run service checks"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.TOGGLE_MAINTENANCE", "Turn on/off maintenance mode"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.RUN_CUSTOM_COMMAND", "Perform service-specific tasks"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.MODIFY_CONFIGS", "Modify configurations"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.MANAGE_CONFIG_GROUPS", "Manage configuration groups"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.MOVE", "Move to another host"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.ENABLE_HA", "Enable HA"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.TOGGLE_ALERTS", "Enable/disable service alerts"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.ADD_DELETE_SERVICES", "Add Service to cluster"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.VIEW_METRICS", "View metrics"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.VIEW_STATUS_INFO", "View status information"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.VIEW_CONFIGS", "View configuration"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.COMPARE_CONFIGS", "Turn on/off maintenance mode"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.ADD_DELETE_COMPONENTS", "Install components"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.ADD_DELETE_HOSTS", "Add/Delete hosts"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_METRICS", "View metrics"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_STATUS_INFO", "View status information"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_CONFIGS", "View configuration"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_STACK_DETAILS", "View stack version details"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_ALERTS", "View alerts"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.TOGGLE_ALERTS", "Enable/disable alerts"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.TOGGLE_KERBEROS", "Enable/disable Kerberos"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.UPGRADE_DOWNGRADE_STACK", "Upgrade/downgrade stack"));
- authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.ADD_DELETE_CLUSTERS", "Create new clusters"));
- authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.SET_SERVICE_USERS_GROUPS", "Set service users and groups"));
- authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.RENAME_CLUSTER", "Rename clusters"));
- authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.MANAGE_USERS", "Manage users"));
- authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.MANAGE_GROUPS", "Manage groups"));
- authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.MANAGE_VIEWS", "Manage Ambari Views"));
- authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.ASSIGN_ROLES", "Assign roles"));
- authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.MANAGE_STACK_VERSIONS", "Manage stack versions"));
- authorizationEntities.add(new RoleAuthorizationEntity("AMBARI.EDIT_STACK_REPOS", "Edit stack repository URLs"));
- return authorizationEntities;
- }
-
- /**
- * Fills RoleAuthorizationEntities for an administrator user
- * <p/>
- * This is a temporary method until the data layer catches up
- * <p/>
- * TODO: Remove when the data later catches up
- *
- * @return an array of RoleAuthorizationEntity objects
- */
- private Collection<RoleAuthorizationEntity> createOperatorAuthorizations() {
- Collection<RoleAuthorizationEntity> authorizationEntities = new ArrayList<RoleAuthorizationEntity>();
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_METRICS", "View metrics"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_STATUS_INFO", "View status information"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_CONFIGS", "View configurations"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.COMPARE_CONFIGS", "Compare configurations"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.VIEW_ALERTS", "View service alerts"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.START_STOP", "Start/Stop/Restart Service"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.DECOMMISSION_RECOMMISSION", "Decommission/recommission"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.RUN_SERVICE_CHECK", "Run service checks"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.TOGGLE_MAINTENANCE", "Turn on/off maintenance mode"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.RUN_CUSTOM_COMMAND", "Perform service-specific tasks"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.MODIFY_CONFIGS", "Modify configurations"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.MANAGE_CONFIG_GROUPS", "Manage configuration groups"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.MOVE", "Move to another host"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.ENABLE_HA", "Enable HA"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.TOGGLE_ALERTS", "Enable/disable service alerts"));
- authorizationEntities.add(new RoleAuthorizationEntity("SERVICE.ADD_DELETE_SERVICES", "Add Service to cluster"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.VIEW_METRICS", "View metrics"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.VIEW_STATUS_INFO", "View status information"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.VIEW_CONFIGS", "View configuration"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.COMPARE_CONFIGS", "Turn on/off maintenance mode"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.ADD_DELETE_COMPONENTS", "Install components"));
- authorizationEntities.add(new RoleAuthorizationEntity("HOST.ADD_DELETE_HOSTS", "Add/Delete hosts"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_METRICS", "View metrics"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_STATUS_INFO", "View status information"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_CONFIGS", "View configuration"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_STACK_DETAILS", "View stack version details"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.VIEW_ALERTS", "View alerts"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.TOGGLE_ALERTS", "Enable/disable alerts"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.TOGGLE_KERBEROS", "Enable/disable Kerberos"));
- authorizationEntities.add(new RoleAuthorizationEntity("CLUSTER.UPGRADE_DOWNGRADE_STACK", "Upgrade/downgrade stack"));
- return authorizationEntities;
- }
-
- /**
- * Fills RoleAuthorizationEntities for a view user
- * <p/>
- * This is a temporary method until the data layer catches up
- * <p/>
- * TODO: Remove when the data later catches up
- *
- * @return an array of RoleAuthorizationEntity objects
- */
- private Collection<RoleAuthorizationEntity> createViewUserAuthorizations() {
- Collection<RoleAuthorizationEntity> authorizationEntities = new ArrayList<RoleAuthorizationEntity>();
- authorizationEntities.add(new RoleAuthorizationEntity("VIEW.USE", "Use View"));
- return authorizationEntities;
- }
-
-
- /**
- * RoleAuthorizationEntity is a stubbed out Entity class to be replaced by a real Entity class
- * TODO: Replace with real RoleAuthorizationEntity class when the data later catches up
- */
- private static class RoleAuthorizationEntity {
- private final String authorizationId;
- private final String authorizationName;
-
- private RoleAuthorizationEntity(String authorizationId, String authorizationName) {
- this.authorizationId = authorizationId;
- this.authorizationName = authorizationName;
- }
-
- public String getAuthorizationId() {
- return authorizationId;
- }
-
- public String getAuthorizationName() {
- return authorizationName;
- }
- }
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/d08107d7/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/RoleAuthorizationDAO.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/RoleAuthorizationDAO.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/RoleAuthorizationDAO.java
new file mode 100644
index 0000000..e549416
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/RoleAuthorizationDAO.java
@@ -0,0 +1,67 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing authorizations and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.orm.dao;
+
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+import com.google.inject.Singleton;
+import org.apache.ambari.server.orm.RequiresSession;
+import org.apache.ambari.server.orm.entities.RoleAuthorizationEntity;
+
+import javax.persistence.EntityManager;
+import javax.persistence.TypedQuery;
+import java.util.List;
+
+/**
+ * Authorization (definition) Data Access Object.
+ */
+@Singleton
+public class RoleAuthorizationDAO {
+
+ /**
+ * JPA entity manager
+ */
+ @Inject
+ Provider<EntityManager> entityManagerProvider;
+
+ @Inject
+ DaoUtils daoUtils;
+
+ /**
+ * Find a authorization entity with the given id.
+ *
+ * @param id type id
+ * @return a matching authorization entity or null
+ */
+ @RequiresSession
+ public RoleAuthorizationEntity findById(String id) {
+ return entityManagerProvider.get().find(RoleAuthorizationEntity.class, id);
+ }
+
+ /**
+ * Find all authorization entities.
+ *
+ * @return all entities or an empty List
+ */
+ @RequiresSession
+ public List<RoleAuthorizationEntity> findAll() {
+ TypedQuery<RoleAuthorizationEntity> query = entityManagerProvider.get().createNamedQuery("findAll", RoleAuthorizationEntity.class);
+ return daoUtils.selectList(query);
+ }
+}
http://git-wip-us.apache.org/repos/asf/ambari/blob/d08107d7/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PermissionEntity.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PermissionEntity.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PermissionEntity.java
index 976aecc..a692730 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PermissionEntity.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PermissionEntity.java
@@ -1,4 +1,4 @@
-/**
+/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
@@ -26,9 +26,12 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.JoinColumn;
import javax.persistence.JoinColumns;
+import javax.persistence.JoinTable;
+import javax.persistence.ManyToMany;
import javax.persistence.ManyToOne;
import javax.persistence.Table;
import javax.persistence.TableGenerator;
+import java.util.Collection;
/**
* Represents an admin permission.
@@ -38,7 +41,7 @@ import javax.persistence.TableGenerator;
@TableGenerator(name = "permission_id_generator",
table = "ambari_sequences", pkColumnName = "sequence_name", valueColumnName = "sequence_value"
, pkColumnValue = "permission_id_seq"
- , initialValue = 5
+ , initialValue = 8
)
public class PermissionEntity {
@@ -85,6 +88,20 @@ public class PermissionEntity {
})
private ResourceTypeEntity resourceType;
+ /**
+ * The set of authorizations related to this permission.
+ *
+ * This value declares the granular details for which operations this PermissionEntity grants
+ * access.
+ */
+ @ManyToMany
+ @JoinTable(
+ name = "permission_roleauthorization",
+ joinColumns = {@JoinColumn(name = "permission_id")},
+ inverseJoinColumns = {@JoinColumn(name = "authorization_id")}
+ )
+ private Collection<RoleAuthorizationEntity> authorizations;
+
// ----- PermissionEntity ---------------------------------------------------
@@ -160,8 +177,25 @@ public class PermissionEntity {
this.resourceType = resourceType;
}
+ /**
+ * Gets the collection of granular authorizations for this PermissionEntity
+ *
+ * @return a collection of granular authorizations
+ */
+ public Collection<RoleAuthorizationEntity> getAuthorizations() {
+ return authorizations;
+ }
+
+ /**
+ * Sets the collection of granular authorizations for this PermissionEntity
+ *
+ * @param authorizations a collection of granular authorizations
+ */
+ public void setAuthorizations(Collection<RoleAuthorizationEntity> authorizations) {
+ this.authorizations = authorizations;
+ }
- // ----- Object overrides --------------------------------------------------
+// ----- Object overrides --------------------------------------------------
@Override
public boolean equals(Object o) {
@@ -173,7 +207,8 @@ public class PermissionEntity {
return !(id != null ? !id.equals(that.id) : that.id != null) &&
!(permissionName != null ? !permissionName.equals(that.permissionName) : that.permissionName != null) &&
!(permissionLabel != null ? !permissionLabel.equals(that.permissionLabel) : that.permissionLabel != null) &&
- !(resourceType != null ? !resourceType.equals(that.resourceType) : that.resourceType != null);
+ !(resourceType != null ? !resourceType.equals(that.resourceType) : that.resourceType != null) &&
+ !(authorizations != null ? !authorizations.equals(that.authorizations) : that.authorizations != null);
}
@Override
@@ -182,6 +217,7 @@ public class PermissionEntity {
result = 31 * result + (permissionName != null ? permissionName.hashCode() : 0);
result = 31 * result + (permissionLabel != null ? permissionLabel.hashCode() : 0);
result = 31 * result + (resourceType != null ? resourceType.hashCode() : 0);
+ result = 31 * result + (authorizations != null ? authorizations.hashCode() : 0);
return result;
}
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/d08107d7/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/RoleAuthorizationEntity.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/RoleAuthorizationEntity.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/RoleAuthorizationEntity.java
new file mode 100644
index 0000000..2ad3384
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/RoleAuthorizationEntity.java
@@ -0,0 +1,114 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.orm.entities;
+
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.Id;
+import javax.persistence.NamedQueries;
+import javax.persistence.NamedQuery;
+import javax.persistence.Table;
+
+/**
+ * Represents an authorization (typically assigned to a permission)
+ */
+@Table(name = "roleauthorization")
+@Entity
+@NamedQueries({
+ @NamedQuery(name = "findAll", query = "SELECT a FROM RoleAuthorizationEntity a")
+})
+public class RoleAuthorizationEntity {
+
+ /**
+ * The authorization id.
+ */
+ @Id
+ @Column(name = "authorization_id")
+ private String authorizationId;
+
+
+ /**
+ * The authorization name.
+ */
+ @Column(name = "authorization_name")
+ private String authorizationName;
+
+ // ----- RoleAuthorizationEntity ---------------------------------------------------
+
+ /**
+ * Get the authorization id.
+ *
+ * @return the authorization id.
+ */
+ public String getAuthorizationId() {
+ return authorizationId;
+ }
+
+ /**
+ * Set the authorization id.
+ *
+ * @param authorizationId the type id.
+ */
+ public void setAuthorizationId(String authorizationId) {
+ this.authorizationId = authorizationId;
+ }
+
+ /**
+ * Get the authorization name.
+ *
+ * @return the authorization name
+ */
+ public String getAuthorizationName() {
+ return authorizationName;
+ }
+
+ /**
+ * Set the authorization name.
+ *
+ * @param authorizationName the authorization name
+ */
+ public void setAuthorizationName(String authorizationName) {
+ this.authorizationName = authorizationName;
+ }
+
+ // ----- Object overrides --------------------------------------------------
+
+ @Override
+ public boolean equals(Object o) {
+ if (this == o) {
+ return true;
+ }
+ if (o == null || getClass() != o.getClass()) {
+ return false;
+ }
+
+ RoleAuthorizationEntity that = (RoleAuthorizationEntity) o;
+
+ return !(authorizationId != null ? !authorizationId.equals(that.authorizationId) : that.authorizationId != null) &&
+ !(authorizationName != null ? !authorizationName.equals(that.authorizationName) : that.authorizationName != null);
+ }
+
+ @Override
+ public int hashCode() {
+ int result = authorizationId != null ? authorizationId.hashCode() : 0;
+ result = 31 * result + (authorizationName != null ? authorizationName.hashCode() : 0);
+ return result;
+ }
+}
http://git-wip-us.apache.org/repos/asf/ambari/blob/d08107d7/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog220.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog220.java b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog220.java
index 4251111..5f7e850 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog220.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog220.java
@@ -19,10 +19,17 @@
package org.apache.ambari.server.upgrade;
import java.sql.SQLException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
import org.apache.ambari.server.AmbariException;
import org.apache.ambari.server.orm.DBAccessor.DBColumnInfo;
import org.apache.ambari.server.orm.dao.DaoUtils;
+import org.apache.ambari.server.orm.dao.PermissionDAO;
+import org.apache.ambari.server.orm.dao.ResourceTypeDAO;
import org.apache.ambari.server.orm.entities.PermissionEntity;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -46,6 +53,11 @@ public class UpgradeCatalog220 extends AbstractUpgradeCatalog {
private static final String PERMISSION_NAME_COL = "permission_name";
private static final String PERMISSION_LABEL_COL = "permission_label";
+ private static final String ROLE_AUTHORIZATION_TABLE = "roleauthorization";
+ private static final String PERMISSION_ROLE_AUTHORIZATION_TABLE = "permission_roleauthorization";
+ private static final String ROLE_AUTHORIZATION_ID_COL = "authorization_id";
+ private static final String ROLE_AUTHORIZATION_NAME_COL = "authorization_name";
+
@Inject
DaoUtils daoUtils;
@@ -100,8 +112,8 @@ public class UpgradeCatalog220 extends AbstractUpgradeCatalog {
dbAccessor.addUniqueConstraint(USERS_TABLE, "UNQ_users_0", "user_name", "user_type");
-
updateAdminPermissionTable();
+ createRoleAuthorizationTables();
}
@Override
@@ -112,6 +124,191 @@ public class UpgradeCatalog220 extends AbstractUpgradeCatalog {
protected void executeDMLUpdates() throws AmbariException, SQLException {
setPermissionLabels();
updatePermissionNames();
+ addNewPermissions();
+ createRoleAuthorizations();
+ createPermissionRoleAuthorizationMap();
+ }
+
+ private void addNewPermissions() throws SQLException {
+ LOG.info("Adding new permissions: CLUSTER.OPERATOR, SERVICE.ADMINISTRATOR, SERVICE.OPERATOR");
+
+ PermissionDAO permissionDAO = injector.getInstance(PermissionDAO.class);
+ ResourceTypeDAO resourceTypeDAO = injector.getInstance(ResourceTypeDAO.class);
+ PermissionEntity permissionEntity = new PermissionEntity();
+
+ // CLUSTER.OPERATOR: Cluster Operator
+ permissionEntity.setId(null);
+ permissionEntity.setPermissionName("CLUSTER.OPERATOR");
+ permissionEntity.setPermissionLabel("Cluster Operator");
+ permissionEntity.setResourceType(resourceTypeDAO.findByName("CLUSTER"));
+ permissionDAO.create(permissionEntity);
+
+ // SERVICE.ADMINISTRATOR: Service Administrator
+ permissionEntity.setId(null);
+ permissionEntity.setPermissionName("SERVICE.ADMINISTRATOR");
+ permissionEntity.setPermissionLabel("Service Administrator");
+ permissionEntity.setResourceType(resourceTypeDAO.findByName("CLUSTER"));
+ permissionDAO.create(permissionEntity);
+
+ // SERVICE.OPERATOR: Service Operator
+ permissionEntity.setId(null);
+ permissionEntity.setPermissionName("SERVICE.OPERATOR");
+ permissionEntity.setPermissionLabel("Service Operator");
+ permissionEntity.setResourceType(resourceTypeDAO.findByName("CLUSTER"));
+ permissionDAO.create(permissionEntity);
+ }
+
+
+ private void createRoleAuthorizations() throws SQLException {
+ LOG.info("Adding authorizations");
+
+ String[] columnNames = new String[]{ROLE_AUTHORIZATION_ID_COL, ROLE_AUTHORIZATION_NAME_COL};
+
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'VIEW.USE'", "'Use View'"}, false);
+
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.VIEW_METRICS'", "'View metrics'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.VIEW_STATUS_INFO'", "'View status information'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.VIEW_CONFIGS'", "'View configurations'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.COMPARE_CONFIGS'", "'Compare configurations'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.VIEW_ALERTS'", "'View service alerts'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.START_STOP'", "'Start/Stop/Restart Service'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.DECOMMISSION_RECOMMISSION'", "'Decommission/recommission'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.RUN_SERVICE_CHECK'", "'Run service checks'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.TOGGLE_MAINTENANCE'", "'Turn on/off maintenance mode'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.RUN_CUSTOM_COMMAND'", "'Perform service-specific tasks'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.MODIFY_CONFIGS'", "'Modify configurations'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.MANAGE_CONFIG_GROUPS'", "'Manage configuration groups'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.MOVE'", "'Move to another host'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.ENABLE_HA'", "'Enable HA'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.TOGGLE_ALERTS'", "'Enable/disable service alerts'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'SERVICE.ADD_DELETE_SERVICES'", "'Add Service to cluster'"}, false);
+
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'HOST.VIEW_METRICS'", "'View metrics'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'HOST.VIEW_STATUS_INFO'", "'View status information'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'HOST.VIEW_CONFIGS'", "'View configuration'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'HOST.TOGGLE_MAINTENANCE'", "'Turn on/off maintenance mode'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'HOST.ADD_DELETE_COMPONENTS'", "'Install components'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'HOST.ADD_DELETE_HOSTS'", "'Add/Delete hosts'"}, false);
+
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'CLUSTER.VIEW_METRICS'", "'View metrics'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'CLUSTER.VIEW_STATUS_INFO'", "'View status information'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'CLUSTER.VIEW_CONFIGS'", "'View configuration'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'CLUSTER.VIEW_STACK_DETAILS'", "'View stack version details'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'CLUSTER.VIEW_ALERTS'", "'View alerts'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'CLUSTER.TOGGLE_ALERTS'", "'Enable/disable alerts'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'CLUSTER.TOGGLE_KERBEROS'", "'Enable/disable Kerberos'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'CLUSTER.UPGRADE_DOWNGRADE_STACK'", "'Upgrade/downgrade stack'"}, false);
+
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'AMBARI.ADD_DELETE_CLUSTERS'", "'Create new clusters'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'AMBARI.SET_SERVICE_USERS_GROUPS'", "'Set service users and groups'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'AMBARI.RENAME_CLUSTER'", "'Rename clusters'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'AMBARI.MANAGE_USERS'", "'Manage users'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'AMBARI.MANAGE_GROUPS'", "'Manage groups'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'AMBARI.MANAGE_VIEWS'", "'Manage Ambari Views'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'AMBARI.ASSIGN_ROLES'", "'Assign roles'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'AMBARI.MANAGE_STACK_VERSIONS'", "'Manage stack versions'"}, false);
+ dbAccessor.insertRow(ROLE_AUTHORIZATION_TABLE, columnNames, new String[]{"'AMBARI.EDIT_STACK_REPOS'", "'Edit stack repository URLs'"}, false);
+ }
+
+ private void createPermissionRoleAuthorizationMap() throws SQLException {
+ LOG.info("Creating permission to authorizations map");
+
+ String[] columnNames = new String[] {PERMISSION_ID_COL, ROLE_AUTHORIZATION_ID_COL};
+
+ // Determine the role Ids"
+ PermissionDAO permissionDAO = injector.getInstance(PermissionDAO.class);
+ ResourceTypeDAO resourceTypeDAO = injector.getInstance(ResourceTypeDAO.class);
+
+ String viewPermissionId = permissionDAO.findPermissionByNameAndType("VIEW.USER", resourceTypeDAO.findByName("VIEW")).getId().toString();
+ String administratorPermissionId = permissionDAO.findPermissionByNameAndType("AMBARI.ADMINISTRATOR", resourceTypeDAO.findByName("AMBARI")).getId().toString();
+ String clusterUserPermissionId = permissionDAO.findPermissionByNameAndType("CLUSTER.USER", resourceTypeDAO.findByName("CLUSTER")).getId().toString();
+ String clusterOperatorPermissionId = permissionDAO.findPermissionByNameAndType("CLUSTER.OPERATOR", resourceTypeDAO.findByName("CLUSTER")).getId().toString();
+ String clusterAdministratorPermissionId = permissionDAO.findPermissionByNameAndType("CLUSTER.ADMINISTRATOR", resourceTypeDAO.findByName("CLUSTER")).getId().toString();
+ String serviceAdministratorPermissionId = permissionDAO.findPermissionByNameAndType("SERVICE.ADMINISTRATOR", resourceTypeDAO.findByName("CLUSTER")).getId().toString();
+ String serviceOperatorPermissionId = permissionDAO.findPermissionByNameAndType("SERVICE.OPERATOR", resourceTypeDAO.findByName("CLUSTER")).getId().toString();
+
+ // Create role groups
+ List<String> viewUserOnly = Arrays.asList(viewPermissionId);
+ List<String> clusterUserAndUp = Arrays.asList(
+ clusterUserPermissionId,
+ serviceOperatorPermissionId,
+ serviceAdministratorPermissionId,
+ clusterOperatorPermissionId,
+ clusterAdministratorPermissionId,
+ administratorPermissionId);
+ List<String> serviceOperatorAndUp = Arrays.asList(
+ serviceOperatorPermissionId,
+ serviceAdministratorPermissionId,
+ clusterOperatorPermissionId,
+ clusterAdministratorPermissionId,
+ administratorPermissionId);
+ List<String> serviceAdministratorAndUp = Arrays.asList(
+ serviceAdministratorPermissionId,
+ clusterOperatorPermissionId,
+ clusterAdministratorPermissionId,
+ administratorPermissionId);
+ List<String> clusterOperatorAndUp = Arrays.asList(
+ clusterOperatorPermissionId,
+ clusterAdministratorPermissionId,
+ administratorPermissionId);
+ List<String> clusterAdministratorAndUp = Arrays.asList(
+ clusterAdministratorPermissionId,
+ administratorPermissionId);
+ List<String> administratorOnly = Arrays.asList(administratorPermissionId);
+
+ // A map of the authorizations to the relevant roles
+ Map<String, List<String>> map = new HashMap<String, List<String>>();
+ map.put("VIEW.USE", viewUserOnly);
+ map.put("SERVICE.VIEW_METRICS", clusterUserAndUp);
+ map.put("SERVICE.VIEW_STATUS_INFO", clusterUserAndUp);
+ map.put("SERVICE.VIEW_CONFIGS", clusterUserAndUp);
+ map.put("SERVICE.COMPARE_CONFIGS", clusterUserAndUp);
+ map.put("SERVICE.VIEW_ALERTS", clusterUserAndUp);
+ map.put("SERVICE.START_STOP", serviceOperatorAndUp);
+ map.put("SERVICE.DECOMMISSION_RECOMMISSION", serviceOperatorAndUp);
+ map.put("SERVICE.RUN_SERVICE_CHECK", serviceOperatorAndUp);
+ map.put("SERVICE.TOGGLE_MAINTENANCE", serviceOperatorAndUp);
+ map.put("SERVICE.RUN_CUSTOM_COMMAND", serviceOperatorAndUp);
+ map.put("SERVICE.MODIFY_CONFIGS", serviceAdministratorAndUp);
+ map.put("SERVICE.MANAGE_CONFIG_GROUPS", serviceAdministratorAndUp);
+ map.put("SERVICE.MOVE", serviceAdministratorAndUp);
+ map.put("SERVICE.ENABLE_HA", serviceAdministratorAndUp);
+ map.put("SERVICE.TOGGLE_ALERTS", serviceAdministratorAndUp);
+ map.put("SERVICE.ADD_DELETE_SERVICES", clusterAdministratorAndUp);
+ map.put("HOST.VIEW_METRICS",clusterUserAndUp);
+ map.put("HOST.VIEW_STATUS_INFO", clusterUserAndUp);
+ map.put("HOST.VIEW_CONFIGS", clusterUserAndUp);
+ map.put("HOST.TOGGLE_MAINTENANCE", clusterOperatorAndUp);
+ map.put("HOST.ADD_DELETE_COMPONENTS", clusterOperatorAndUp);
+ map.put("HOST.ADD_DELETE_HOSTS", clusterOperatorAndUp);
+ map.put("CLUSTER.VIEW_METRICS", clusterUserAndUp);
+ map.put("CLUSTER.VIEW_STATUS_INFO", clusterUserAndUp);
+ map.put("CLUSTER.VIEW_CONFIGS", clusterUserAndUp);
+ map.put("CLUSTER.VIEW_STACK_DETAILS", clusterUserAndUp);
+ map.put("CLUSTER.VIEW_ALERTS", clusterUserAndUp);
+ map.put("CLUSTER.TOGGLE_ALERTS", clusterAdministratorAndUp);
+ map.put("CLUSTER.TOGGLE_KERBEROS", clusterAdministratorAndUp);
+ map.put("CLUSTER.UPGRADE_DOWNGRADE_STACK", clusterAdministratorAndUp);
+ map.put("AMBARI.ADD_DELETE_CLUSTERS", administratorOnly);
+ map.put("AMBARI.SET_SERVICE_USERS_GROUPS", administratorOnly);
+ map.put("AMBARI.RENAME_CLUSTER", administratorOnly);
+ map.put("AMBARI.MANAGE_USERS", administratorOnly);
+ map.put("AMBARI.MANAGE_GROUPS", administratorOnly);
+ map.put("AMBARI.MANAGE_VIEWS", administratorOnly);
+ map.put("AMBARI.ASSIGN_ROLES", administratorOnly);
+ map.put("AMBARI.MANAGE_STACK_VERSIONS", administratorOnly);
+ map.put("AMBARI.EDIT_STACK_REPOS", administratorOnly);
+
+ // Iterate over the map of authorizations to role to find the set of roles to map to each
+ // authorization and then add the relevant record
+ for(Map.Entry<String,List<String>> entry: map.entrySet()) {
+ String authorizationId = entry.getKey();
+
+ for(String permissionId : entry.getValue()) {
+ dbAccessor.insertRow(PERMISSION_ROLE_AUTHORIZATION_TABLE, columnNames,
+ new String[]{permissionId, "'" + authorizationId + "'"}, false);
+ }
+ }
}
@@ -122,6 +319,31 @@ public class UpgradeCatalog220 extends AbstractUpgradeCatalog {
dbAccessor.addColumn(ADMIN_PERMISSION_TABLE, new DBColumnInfo(PERMISSION_LABEL_COL, String.class, 255, null, true));
}
+ private void createRoleAuthorizationTables() throws SQLException {
+
+ ArrayList<DBColumnInfo> columns;
+
+ // Add roleauthorization table
+ LOG.info("Creating " + ROLE_AUTHORIZATION_TABLE + " table");
+ columns = new ArrayList<DBColumnInfo>();
+ columns.add(new DBColumnInfo(ROLE_AUTHORIZATION_ID_COL, String.class, 100, null, false));
+ columns.add(new DBColumnInfo(ROLE_AUTHORIZATION_NAME_COL, String.class, 255, null, false));
+ dbAccessor.createTable(ROLE_AUTHORIZATION_TABLE, columns, ROLE_AUTHORIZATION_ID_COL);
+
+ // Add permission_roleauthorization table to map roleauthorizations to permissions (aka roles)
+ LOG.info("Creating " + PERMISSION_ROLE_AUTHORIZATION_TABLE + " table");
+ columns = new ArrayList<DBColumnInfo>();
+ columns.add(new DBColumnInfo(PERMISSION_ID_COL, Long.class, null, null, false));
+ columns.add(new DBColumnInfo(ROLE_AUTHORIZATION_ID_COL, String.class, 100, null, false));
+ dbAccessor.createTable(PERMISSION_ROLE_AUTHORIZATION_TABLE, columns, PERMISSION_ID_COL, ROLE_AUTHORIZATION_ID_COL);
+
+ dbAccessor.addFKConstraint(PERMISSION_ROLE_AUTHORIZATION_TABLE, "FK_permission_roleauthorization_permission_id",
+ PERMISSION_ID_COL, ADMIN_PERMISSION_TABLE, PERMISSION_ID_COL, false);
+
+ dbAccessor.addFKConstraint(PERMISSION_ROLE_AUTHORIZATION_TABLE, "FK_permission_roleauthorization_authorization_id",
+ ROLE_AUTHORIZATION_ID_COL, ROLE_AUTHORIZATION_TABLE, ROLE_AUTHORIZATION_ID_COL, false);
+ }
+
private void setPermissionLabels() throws SQLException {
String updateStatement = "UPDATE " + ADMIN_PERMISSION_TABLE + " SET " + PERMISSION_LABEL_COL + "='%s' WHERE " + PERMISSION_ID_COL + "=%d";
http://git-wip-us.apache.org/repos/asf/ambari/blob/d08107d7/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql
index 65dacd1..f7d6927 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql
@@ -534,6 +534,16 @@ CREATE TABLE adminpermission (
permission_label VARCHAR(255),
PRIMARY KEY(permission_id));
+CREATE TABLE roleauthorization (
+ authorization_id VARCHAR(100) NOT NULL,
+ authorization_name VARCHAR(255) NOT NULL,
+ PRIMARY KEY(authorization_id));
+
+CREATE TABLE permission_roleauthorization (
+ permission_id BIGINT NOT NULL,
+ authorization_id VARCHAR(100) NOT NULL,
+ PRIMARY KEY(permission_id, authorization_id));
+
CREATE TABLE adminprivilege (
privilege_id BIGINT,
permission_id BIGINT NOT NULL,
@@ -719,6 +729,8 @@ ALTER TABLE viewentity ADD CONSTRAINT FK_viewentity_view_name FOREIGN KEY (view_
ALTER TABLE adminresource ADD CONSTRAINT FK_resource_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id);
ALTER TABLE adminprincipal ADD CONSTRAINT FK_principal_principal_type_id FOREIGN KEY (principal_type_id) REFERENCES adminprincipaltype(principal_type_id);
ALTER TABLE adminpermission ADD CONSTRAINT FK_permission_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id);
+ALTER TABLE permission_roleauthorization ADD CONSTRAINT FK_permission_roleauthorization_permission_id FOREIGN KEY (permission_id) REFERENCES adminpermission(permission_id);
+ALTER TABLE permission_roleauthorization ADD CONSTRAINT FK_permission_roleauthorization_authorization_id FOREIGN KEY (authorization_id) REFERENCES roleauthorization(authorization_id);
ALTER TABLE adminprivilege ADD CONSTRAINT FK_privilege_permission_id FOREIGN KEY (permission_id) REFERENCES adminpermission(permission_id);
ALTER TABLE adminprivilege ADD CONSTRAINT FK_privilege_resource_id FOREIGN KEY (resource_id) REFERENCES adminresource(resource_id);
ALTER TABLE viewmain ADD CONSTRAINT FK_view_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id);
@@ -998,7 +1010,227 @@ insert into adminpermission(permission_id, permission_name, resource_type_id, pe
union all
select 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator'
union all
- select 4, 'VIEW.USER', 3, 'View User';
+ select 4, 'VIEW.USER', 3, 'View User'
+ union all
+ select 5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator'
+ union all
+ select 6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator'
+ union all
+ select 7, 'SERVICE.OPERATOR', 2, 'Service Operator';
+
+INSERT INTO roleauthorization(authorization_id, authorization_name)
+ SELECT 'VIEW.USE', 'Use View' UNION ALL
+ SELECT 'SERVICE.VIEW_METRICS', 'View metrics' UNION ALL
+ SELECT 'SERVICE.VIEW_STATUS_INFO', 'View status information' UNION ALL
+ SELECT 'SERVICE.VIEW_CONFIGS', 'View configurations' UNION ALL
+ SELECT 'SERVICE.COMPARE_CONFIGS', 'Compare configurations' UNION ALL
+ SELECT 'SERVICE.VIEW_ALERTS', 'View service alerts' UNION ALL
+ SELECT 'SERVICE.START_STOP', 'Start/Stop/Restart Service' UNION ALL
+ SELECT 'SERVICE.DECOMMISSION_RECOMMISSION', 'Decommission/recommission' UNION ALL
+ SELECT 'SERVICE.RUN_SERVICE_CHECK', 'Run service checks' UNION ALL
+ SELECT 'SERVICE.TOGGLE_MAINTENANCE', 'Turn on/off maintenance mode' UNION ALL
+ SELECT 'SERVICE.RUN_CUSTOM_COMMAND', 'Perform service-specific tasks' UNION ALL
+ SELECT 'SERVICE.MODIFY_CONFIGS', 'Modify configurations' UNION ALL
+ SELECT 'SERVICE.MANAGE_CONFIG_GROUPS', 'Manage configuration groups' UNION ALL
+ SELECT 'SERVICE.MOVE', 'Move to another host' UNION ALL
+ SELECT 'SERVICE.ENABLE_HA', 'Enable HA' UNION ALL
+ SELECT 'SERVICE.TOGGLE_ALERTS', 'Enable/disable service alerts' UNION ALL
+ SELECT 'SERVICE.ADD_DELETE_SERVICES', 'Add Service to cluster' UNION ALL
+ SELECT 'HOST.VIEW_METRICS', 'View metrics' UNION ALL
+ SELECT 'HOST.VIEW_STATUS_INFO', 'View status information' UNION ALL
+ SELECT 'HOST.VIEW_CONFIGS', 'View configuration' UNION ALL
+ SELECT 'HOST.TOGGLE_MAINTENANCE', 'Turn on/off maintenance mode' UNION ALL
+ SELECT 'HOST.ADD_DELETE_COMPONENTS', 'Install components' UNION ALL
+ SELECT 'HOST.ADD_DELETE_HOSTS', 'Add/Delete hosts' UNION ALL
+ SELECT 'CLUSTER.VIEW_METRICS', 'View metrics' UNION ALL
+ SELECT 'CLUSTER.VIEW_STATUS_INFO', 'View status information' UNION ALL
+ SELECT 'CLUSTER.VIEW_CONFIGS', 'View configuration' UNION ALL
+ SELECT 'CLUSTER.VIEW_STACK_DETAILS', 'View stack version details' UNION ALL
+ SELECT 'CLUSTER.VIEW_ALERTS', 'View alerts' UNION ALL
+ SELECT 'CLUSTER.TOGGLE_ALERTS', 'Enable/disable alerts' UNION ALL
+ SELECT 'CLUSTER.TOGGLE_KERBEROS', 'Enable/disable Kerberos' UNION ALL
+ SELECT 'CLUSTER.UPGRADE_DOWNGRADE_STACK', 'Upgrade/downgrade stack' UNION ALL
+ SELECT 'AMBARI.ADD_DELETE_CLUSTERS', 'Create new clusters' UNION ALL
+ SELECT 'AMBARI.SET_SERVICE_USERS_GROUPS', 'Set service users and groups' UNION ALL
+ SELECT 'AMBARI.RENAME_CLUSTER', 'Rename clusters' UNION ALL
+ SELECT 'AMBARI.MANAGE_USERS', 'Manage users' UNION ALL
+ SELECT 'AMBARI.MANAGE_GROUPS', 'Manage groups' UNION ALL
+ SELECT 'AMBARI.MANAGE_VIEWS', 'Manage Ambari Views' UNION ALL
+ SELECT 'AMBARI.ASSIGN_ROLES', 'Assign roles' UNION ALL
+ SELECT 'AMBARI.MANAGE_STACK_VERSIONS', 'Manage stack versions' UNION ALL
+ SELECT 'AMBARI.EDIT_STACK_REPOS', 'Edit stack repository URLs' FROM adminresourcetype WHERE resource_type_name='AMBARI';
+
+-- Set authorizations for View User role
+INSERT INTO permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'VIEW.USE' FROM adminpermission WHERE permission_name='VIEW.USER';
+
+-- Set authorizations for Cluster User role
+INSERT INTO permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'SERVICE.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'SERVICE.COMPARE_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='CLUSTER.USER' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.USER';
+
+-- Set authorizations for Service Operator role
+INSERT INTO permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'SERVICE.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.COMPARE_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.START_STOP' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.DECOMMISSION_RECOMMISSION' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_SERVICE_CHECK' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.OPERATOR';
+
+-- Set authorizations for Service Administrator role
+INSERT INTO permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'SERVICE.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.COMPARE_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.START_STOP' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.DECOMMISSION_RECOMMISSION' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_SERVICE_CHECK' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_METRICS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR';
+
+-- Set authorizations for Cluster Operator role
+INSERT INTO permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'SERVICE.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.COMPARE_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.START_STOP' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.DECOMMISSION_RECOMMISSION' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_SERVICE_CHECK' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.ADD_DELETE_COMPONENTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'HOST.ADD_DELETE_HOSTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR';
+
+-- Set authorizations for Cluster Administrator role
+INSERT INTO permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'SERVICE.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.COMPARE_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.START_STOP' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.DECOMMISSION_RECOMMISSION' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_SERVICE_CHECK' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.ADD_DELETE_SERVICES' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.ADD_DELETE_COMPONENTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.ADD_DELETE_HOSTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_METRICS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR';
+
+-- Set authorizations for Administrator role
+INSERT INTO permission_roleauthorization(permission_id, authorization_id)
+ SELECT permission_id, 'VIEW.USE' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_METRICS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.COMPARE_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.VIEW_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.START_STOP' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.DECOMMISSION_RECOMMISSION' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_SERVICE_CHECK' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'SERVICE.ADD_DELETE_SERVICES' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_METRICS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.TOGGLE_MAINTENANCE' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.ADD_DELETE_COMPONENTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'HOST.ADD_DELETE_HOSTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_METRICS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STATUS_INFO' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_STACK_DETAILS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.ADD_DELETE_CLUSTERS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.SET_SERVICE_USERS_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.RENAME_CLUSTER' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.MANAGE_USERS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.MANAGE_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.MANAGE_VIEWS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.ASSIGN_ROLES' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.MANAGE_STACK_VERSIONS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+ SELECT permission_id, 'AMBARI.EDIT_STACK_REPOS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR';
insert into adminprivilege (privilege_id, permission_id, resource_id, principal_id)
select 1, 1, 1, 1;