ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tbeerbo...@apache.org
Subject [3/3] git commit: AMBARI-6543 - Views : Admin - Add Privilege Resource
Date Sun, 20 Jul 2014 11:49:59 GMT
AMBARI-6543 - Views : Admin - Add Privilege Resource


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/e19a719b
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/e19a719b
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/e19a719b

Branch: refs/heads/trunk
Commit: e19a719bd413ec937071ef610f52dae093175132
Parents: 4db5aa9
Author: tbeerbower <tbeerbower@hortonworks.com>
Authored: Fri Jul 18 18:16:20 2014 -0400
Committer: tbeerbower <tbeerbower@hortonworks.com>
Committed: Sun Jul 20 07:47:47 2014 -0400

----------------------------------------------------------------------
 .../resources/PrivilegeResourceDefinition.java  |  58 +++
 .../resources/ResourceInstanceFactoryImpl.java  |  12 +
 .../ViewInstanceResourceDefinition.java         |   4 +-
 .../api/services/AmbariPrivilegeService.java    |  40 ++
 .../server/api/services/PrivilegeService.java   | 156 ++++++++
 .../api/services/ViewInstanceService.java       |   7 +
 .../api/services/ViewPrivilegeService.java      |  55 +++
 .../ambari/server/controller/AmbariServer.java  |  16 +-
 .../AmbariPrivilegeResourceProvider.java        |  79 ++++
 .../internal/DefaultProviderModule.java         |   4 +
 .../internal/PermissionResourceProvider.java    |  80 ++--
 .../internal/PrivilegeResourceProvider.java     | 376 +++++++++++++++++++
 .../internal/ViewPrivilegeResourceProvider.java | 161 ++++++++
 .../ambari/server/controller/spi/Resource.java  |  10 +-
 .../apache/ambari/server/orm/dao/GroupDAO.java  |  18 +
 .../ambari/server/orm/dao/PermissionDAO.java    |  81 ++++
 .../ambari/server/orm/dao/PrincipalDAO.java     |  87 +++++
 .../ambari/server/orm/dao/PrincipalTypeDAO.java |  84 +++++
 .../ambari/server/orm/dao/PrivilegeDAO.java     | 114 ++++++
 .../ambari/server/orm/dao/ResourceDAO.java      |  80 ++++
 .../ambari/server/orm/dao/ResourceTypeDAO.java  | 102 +++++
 .../apache/ambari/server/orm/dao/UserDAO.java   |  19 +-
 .../ambari/server/orm/dao/ViewInstanceDAO.java  |  24 +-
 .../ambari/server/orm/entities/GroupEntity.java |  33 ++
 .../server/orm/entities/PermissionEntity.java   | 155 ++++++++
 .../server/orm/entities/PrincipalEntity.java    | 109 ++++++
 .../orm/entities/PrincipalTypeEntity.java       | 120 ++++++
 .../server/orm/entities/PrivilegeEntity.java    | 182 +++++++++
 .../server/orm/entities/ResourceEntity.java     | 115 ++++++
 .../server/orm/entities/ResourceTypeEntity.java | 103 +++++
 .../ambari/server/orm/entities/UserEntity.java  |  30 ++
 .../ambari/server/orm/entities/ViewEntity.java  |  28 +-
 .../server/orm/entities/ViewInstanceEntity.java |  26 ++
 .../AmbariLdapAuthoritiesPopulator.java         |  30 +-
 .../server/security/authorization/Users.java    |  36 ++
 .../server/upgrade/UpgradeCatalog170.java       |  92 ++++-
 .../apache/ambari/server/view/ViewRegistry.java | 102 ++++-
 .../main/resources/Ambari-DDL-MySQL-CREATE.sql  |  64 +++-
 .../main/resources/Ambari-DDL-Oracle-CREATE.sql |  63 +++-
 .../resources/Ambari-DDL-Postgres-CREATE.sql    |  75 +++-
 .../Ambari-DDL-Postgres-EMBEDDED-CREATE.sql     |  79 +++-
 .../src/main/resources/META-INF/persistence.xml |   6 +
 .../PrivilegeResourceDefinitionTest.java        |  50 +++
 .../ViewInstanceResourceDefinitionTest.java     |   4 +-
 .../api/services/PrivilegeServiceTest.java      | 106 ++++++
 .../AmbariPrivilegeResourceProviderTest.java    | 141 +++++++
 .../PermissionResourceProviderTest.java         |  47 ++-
 .../ViewPrivilegeResourceProviderTest.java      | 167 ++++++++
 .../apache/ambari/server/orm/OrmTestHelper.java |  15 +
 .../ambari/server/orm/dao/PrincipalDAOTest.java |  61 +++
 .../server/orm/dao/PrincipalTypeDAOTest.java    |  61 +++
 .../ambari/server/orm/dao/ResourceDAOTest.java  |  61 +++
 .../server/orm/dao/ResourceTypeDAOTest.java     |  61 +++
 .../orm/entities/PrincipalEntityTest.java       |  47 +++
 .../orm/entities/PrincipalTypeEntityTest.java   |  49 +++
 .../server/orm/entities/ResourceEntityTest.java |  47 +++
 .../orm/entities/ResourceTypeEntityTest.java    |  49 +++
 .../server/orm/entities/ViewEntityTest.java     |  17 +-
 .../orm/entities/ViewInstanceEntityTest.java    |  15 +-
 .../TestAmbariLdapAuthoritiesPopulator.java     |  26 +-
 .../security/authorization/TestUsers.java       |  18 +
 .../ambari/server/view/ViewRegistryTest.java    | 115 ++++--
 62 files changed, 4136 insertions(+), 136 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/e19a719b/ambari-server/src/main/java/org/apache/ambari/server/api/resources/PrivilegeResourceDefinition.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/resources/PrivilegeResourceDefinition.java b/ambari-server/src/main/java/org/apache/ambari/server/api/resources/PrivilegeResourceDefinition.java
new file mode 100644
index 0000000..61588f1
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/api/resources/PrivilegeResourceDefinition.java
@@ -0,0 +1,58 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.api.resources;
+
+import org.apache.ambari.server.controller.spi.Resource;
+
+import java.util.Collections;
+import java.util.Set;
+
+
+/**
+ * Privilege resource definition.
+ */
+public class PrivilegeResourceDefinition extends BaseResourceDefinition {
+
+  // ----- Constructors ------------------------------------------------------
+
+  /**
+   * Construct a privilege resource definition.
+   */
+  public PrivilegeResourceDefinition(Resource.Type type) {
+    super(type);
+  }
+
+
+  // ----- ResourceDefinition ------------------------------------------------
+
+  @Override
+  public String getPluralName() {
+    return "privileges";
+  }
+
+  @Override
+  public String getSingularName() {
+    return "privilege";
+  }
+
+  @Override
+  public Set<SubResourceDefinition> getSubResourceDefinitions() {
+    return Collections.emptySet();
+  }
+}

http://git-wip-us.apache.org/repos/asf/ambari/blob/e19a719b/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ResourceInstanceFactoryImpl.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ResourceInstanceFactoryImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ResourceInstanceFactoryImpl.java
index 4532919..cdc3cd0 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ResourceInstanceFactoryImpl.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ResourceInstanceFactoryImpl.java
@@ -238,6 +238,18 @@ public class ResourceInstanceFactoryImpl implements ResourceInstanceFactory {
         resourceDefinition = new AlertDefResourceDefinition();
         break;
 
+      case AmbariPrivilege:
+        resourceDefinition = new PrivilegeResourceDefinition(Resource.Type.AmbariPrivilege);
+        break;
+
+      case ClusterPrivilege:
+        resourceDefinition = new PrivilegeResourceDefinition(Resource.Type.ClusterPrivilege);
+        break;
+
+      case ViewPrivilege:
+        resourceDefinition = new PrivilegeResourceDefinition(Resource.Type.ViewPrivilege);
+        break;
+
       default:
         throw new IllegalArgumentException("Unsupported resource type: " + type);
     }

http://git-wip-us.apache.org/repos/asf/ambari/blob/e19a719b/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ViewInstanceResourceDefinition.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ViewInstanceResourceDefinition.java b/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ViewInstanceResourceDefinition.java
index 00b4264..632a6bc 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ViewInstanceResourceDefinition.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ViewInstanceResourceDefinition.java
@@ -20,6 +20,7 @@ package org.apache.ambari.server.api.resources;
 
 import org.apache.ambari.server.controller.spi.Resource;
 
+import java.util.HashSet;
 import java.util.Set;
 
 
@@ -40,7 +41,8 @@ public class ViewInstanceResourceDefinition extends BaseResourceDefinition {
    */
   public ViewInstanceResourceDefinition(Set<SubResourceDefinition> subResourceDefinitions) {
     super(Resource.Type.ViewInstance);
-    this.subResourceDefinitions = subResourceDefinitions;
+    this.subResourceDefinitions = new HashSet<SubResourceDefinition>(subResourceDefinitions);
+    this.subResourceDefinitions.add(new SubResourceDefinition(Resource.Type.ViewPrivilege));
   }
 
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/e19a719b/ambari-server/src/main/java/org/apache/ambari/server/api/services/AmbariPrivilegeService.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/services/AmbariPrivilegeService.java b/ambari-server/src/main/java/org/apache/ambari/server/api/services/AmbariPrivilegeService.java
new file mode 100644
index 0000000..db28f4f
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/api/services/AmbariPrivilegeService.java
@@ -0,0 +1,40 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing privileges and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.api.services;
+
+import org.apache.ambari.server.api.resources.ResourceInstance;
+import org.apache.ambari.server.controller.spi.Resource;
+
+import javax.ws.rs.Path;
+import java.util.Collections;
+
+/**
+ *  Service responsible for Ambari privilege resource requests.
+ */
+@Path("/privileges/")
+public class AmbariPrivilegeService extends PrivilegeService {
+
+  // ----- PrivilegeService --------------------------------------------------
+
+  @Override
+  protected ResourceInstance createPrivilegeResource(String privilegeId) {
+    return createResource(Resource.Type.AmbariPrivilege,
+        Collections.singletonMap(Resource.Type.AmbariPrivilege, privilegeId));
+  }
+}

http://git-wip-us.apache.org/repos/asf/ambari/blob/e19a719b/ambari-server/src/main/java/org/apache/ambari/server/api/services/PrivilegeService.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/services/PrivilegeService.java b/ambari-server/src/main/java/org/apache/ambari/server/api/services/PrivilegeService.java
new file mode 100644
index 0000000..8a0d200
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/api/services/PrivilegeService.java
@@ -0,0 +1,156 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing privileges and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.api.services;
+
+import org.apache.ambari.server.api.resources.ResourceInstance;
+
+import javax.ws.rs.DELETE;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.PUT;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.UriInfo;
+
+
+/**
+ * Service responsible for privilege requests.
+ */
+public abstract class PrivilegeService extends BaseService {
+
+  /**
+   * Handles: GET /privileges/{privilegeID}
+   * Get a specific privilege.
+   *
+   * @param headers        http headers
+   * @param ui             uri info
+   * @param privilegeId   privilege id
+   *
+   * @return privilege instance representation
+   */
+  @GET
+  @Path("{privilegeId}")
+  @Produces("text/plain")
+  public Response getPrivilege(@Context HttpHeaders headers, @Context UriInfo ui,
+                                @PathParam("privilegeId") String privilegeId) {
+
+    return handleRequest(headers, null, ui, Request.Type.GET, createPrivilegeResource(privilegeId));
+  }
+
+  /**
+   * Handles: GET  /privileges
+   * Get all privileges.
+   *
+   * @param headers  http headers
+   * @param ui       uri info
+   *
+   * @return privilege collection representation
+   */
+  @GET
+  @Produces("text/plain")
+  public Response getPrivileges(@Context HttpHeaders headers, @Context UriInfo ui) {
+    return handleRequest(headers, null, ui, Request.Type.GET, createPrivilegeResource(null));
+  }
+
+  /**
+   * Handles: POST /privileges
+   * Create a privilege.
+   *
+   * @param headers    http headers
+   * @param ui         uri info
+   *
+   * @return information regarding the created privilege
+   */
+  @POST
+  @Produces("text/plain")
+  public Response createPrivilege(String body, @Context HttpHeaders headers, @Context UriInfo ui) {
+
+    return handleRequest(headers, body, ui, Request.Type.POST, createPrivilegeResource(null));
+  }
+
+  /**
+   * Handles: PUT /privileges/{privilegeID}
+   * Update a specific privilege.
+   *
+   * @param headers   http headers
+   * @param ui        uri info
+   * @param privilegeId  privilege id
+   *
+   * @return information regarding the updated privilege
+   */
+  @PUT
+  @Path("{privilegeId}")
+  @Produces("text/plain")
+  public Response updatePrivilege(String body, @Context HttpHeaders headers, @Context UriInfo ui,
+                                   @PathParam("privilegeId") String privilegeId) {
+
+    return handleRequest(headers, body, ui, Request.Type.PUT, createPrivilegeResource(privilegeId));
+  }
+
+  /**
+   * Handles: DELETE /privileges
+   * Delete privileges.
+   *
+   * @param headers   http headers
+   * @param ui        uri info
+   *
+   * @return information regarding the deleted privileges
+   */
+  @DELETE
+  @Produces("text/plain")
+  public Response deletePrivileges(@Context HttpHeaders headers, @Context UriInfo ui) {
+
+    return handleRequest(headers, null, ui, Request.Type.DELETE, createPrivilegeResource(null));
+  }
+
+  /**
+   * Handles: DELETE /privileges/{privilegeID}
+   * Delete a specific privilege.
+   *
+   * @param headers   http headers
+   * @param ui        uri info
+   * @param privilegeId  privilege id
+   *
+   * @return information regarding the deleted privilege
+   */
+  @DELETE
+  @Path("{privilegeId}")
+  @Produces("text/plain")
+  public Response deletePrivilege(@Context HttpHeaders headers, @Context UriInfo ui,
+                                  @PathParam("privilegeId") String privilegeId) {
+
+    return handleRequest(headers, null, ui, Request.Type.DELETE, createPrivilegeResource(privilegeId));
+  }
+
+
+  // ----- PrivilegeService --------------------------------------------------
+
+  /**
+   * Create a privilege resource.
+   *
+   * @param privilegeId privilege name
+   *
+   * @return a privilege resource instance
+   */
+  protected abstract ResourceInstance createPrivilegeResource(String privilegeId);
+}

http://git-wip-us.apache.org/repos/asf/ambari/blob/e19a719b/ambari-server/src/main/java/org/apache/ambari/server/api/services/ViewInstanceService.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/services/ViewInstanceService.java b/ambari-server/src/main/java/org/apache/ambari/server/api/services/ViewInstanceService.java
index c32abe6..e9556f8 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/api/services/ViewInstanceService.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/api/services/ViewInstanceService.java
@@ -226,6 +226,13 @@ public class ViewInstanceService extends BaseService {
     return service;
   }
 
+  /**
+   * Gets the admin privilege service
+   */
+  @Path("{instanceName}/privileges")
+  public PrivilegeService getPrivilegeService(@PathParam ("instanceName") String instanceName) {
+    return new ViewPrivilegeService(viewName, version, instanceName);
+  }
 
   // ----- helper methods ----------------------------------------------------
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/e19a719b/ambari-server/src/main/java/org/apache/ambari/server/api/services/ViewPrivilegeService.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/services/ViewPrivilegeService.java b/ambari-server/src/main/java/org/apache/ambari/server/api/services/ViewPrivilegeService.java
new file mode 100644
index 0000000..9181467
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/api/services/ViewPrivilegeService.java
@@ -0,0 +1,55 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing privileges and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.api.services;
+
+import org.apache.ambari.server.api.resources.ResourceInstance;
+import org.apache.ambari.server.controller.spi.Resource;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ *  Service responsible for view privilege resource requests.
+ */
+public class ViewPrivilegeService extends PrivilegeService {
+
+  private final String viewName;
+  private final String viewVersion;
+  private final String instanceName;
+
+  public ViewPrivilegeService(String viewName, String viewVersion, String instanceName) {
+    this.viewName = viewName;
+    this.viewVersion = viewVersion;
+    this.instanceName = instanceName;
+  }
+
+  // ----- PrivilegeService --------------------------------------------------
+
+  @Override
+  protected ResourceInstance createPrivilegeResource(String privilegeId) {
+    Map<Resource.Type,String> mapIds = new HashMap<Resource.Type, String>();
+    mapIds.put(Resource.Type.View, viewName);
+    mapIds.put(Resource.Type.ViewVersion, viewVersion);
+    mapIds.put(Resource.Type.ViewInstance, instanceName);
+    mapIds.put(Resource.Type.ViewPrivilege, privilegeId);
+
+    return createResource(Resource.Type.ViewPrivilege, mapIds);
+  }
+}
+

http://git-wip-us.apache.org/repos/asf/ambari/blob/e19a719b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
index 2011367..497d3f7 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
@@ -47,6 +47,8 @@ import org.apache.ambari.server.controller.internal.AbstractControllerResourcePr
 import org.apache.ambari.server.controller.internal.AlertDefinitionResourceProvider;
 import org.apache.ambari.server.controller.internal.BlueprintResourceProvider;
 import org.apache.ambari.server.controller.internal.ClusterResourceProvider;
+import org.apache.ambari.server.controller.internal.PermissionResourceProvider;
+import org.apache.ambari.server.controller.internal.PrivilegeResourceProvider;
 import org.apache.ambari.server.controller.internal.StackDefinedPropertyProvider;
 import org.apache.ambari.server.controller.internal.StackDependencyResourceProvider;
 import org.apache.ambari.server.controller.nagios.NagiosPropertyProvider;
@@ -54,7 +56,14 @@ import org.apache.ambari.server.orm.GuiceJpaInitializer;
 import org.apache.ambari.server.orm.PersistenceType;
 import org.apache.ambari.server.orm.dao.AlertDefinitionDAO;
 import org.apache.ambari.server.orm.dao.BlueprintDAO;
+import org.apache.ambari.server.orm.dao.GroupDAO;
 import org.apache.ambari.server.orm.dao.MetainfoDAO;
+import org.apache.ambari.server.orm.dao.PermissionDAO;
+import org.apache.ambari.server.orm.dao.PrincipalDAO;
+import org.apache.ambari.server.orm.dao.PrivilegeDAO;
+import org.apache.ambari.server.orm.dao.ResourceDAO;
+import org.apache.ambari.server.orm.dao.ResourceTypeDAO;
+import org.apache.ambari.server.orm.dao.UserDAO;
 import org.apache.ambari.server.orm.dao.ViewDAO;
 import org.apache.ambari.server.orm.dao.ViewInstanceDAO;
 import org.apache.ambari.server.orm.entities.MetainfoEntity;
@@ -528,8 +537,13 @@ public class AmbariServer {
         injector.getInstance(Gson.class), ambariMetaInfo);
     StackDependencyResourceProvider.init(ambariMetaInfo);
     ClusterResourceProvider.init(injector.getInstance(BlueprintDAO.class), ambariMetaInfo);
-    ViewRegistry.init(injector.getInstance(ViewDAO.class), injector.getInstance(ViewInstanceDAO.class));
     AlertDefinitionResourceProvider.init(injector.getInstance(AlertDefinitionDAO.class));
+    PermissionResourceProvider.init(injector.getInstance(PermissionDAO.class));
+    PrivilegeResourceProvider.init(injector.getInstance(PrivilegeDAO.class), injector.getInstance(UserDAO.class),
+        injector.getInstance(GroupDAO.class), injector.getInstance(PrincipalDAO.class),
+        injector.getInstance(PermissionDAO.class), injector.getInstance(ResourceDAO.class));
+    ViewRegistry.init(injector.getInstance(ViewDAO.class), injector.getInstance(ViewInstanceDAO.class),
+        injector.getInstance(ResourceDAO.class), injector.getInstance(ResourceTypeDAO.class));
   }
   
   /**

http://git-wip-us.apache.org/repos/asf/ambari/blob/e19a719b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProvider.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProvider.java
new file mode 100644
index 0000000..e5fe0e9
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProvider.java
@@ -0,0 +1,79 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing privileges and
+ * limitations under the License.
+ */
+package org.apache.ambari.server.controller.internal;
+
+import org.apache.ambari.server.controller.spi.Resource;
+import org.apache.ambari.server.orm.entities.ResourceEntity;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * Resource provider for Ambari privileges.
+ */
+public class AmbariPrivilegeResourceProvider extends PrivilegeResourceProvider<Object> {
+
+  /**
+   * The property ids for an Ambari privilege resource.
+   */
+  private static Set<String> propertyIds = new HashSet<String>();
+  static {
+    propertyIds.add(PRIVILEGE_ID_PROPERTY_ID);
+    propertyIds.add(PERMISSION_NAME_PROPERTY_ID);
+    propertyIds.add(PRINCIPAL_NAME_PROPERTY_ID);
+    propertyIds.add(PRINCIPAL_TYPE_PROPERTY_ID);
+  }
+
+  /**
+   * The key property ids for a privilege resource.
+   */
+  private static Map<Resource.Type, String> keyPropertyIds = new HashMap<Resource.Type, String>();
+  static {
+    keyPropertyIds.put(Resource.Type.AmbariPrivilege, PRIVILEGE_ID_PROPERTY_ID);
+  }
+
+
+  // ----- Constructors ------------------------------------------------------
+
+  /**
+   * Construct an AmbariPrivilegeResourceProvider.
+   */
+  public AmbariPrivilegeResourceProvider() {
+    super(propertyIds, keyPropertyIds, Resource.Type.AmbariPrivilege);
+  }
+
+
+  // ----- AbstractResourceProvider ------------------------------------------
+
+  @Override
+  public Map<Resource.Type, String> getKeyPropertyIds() {
+    return keyPropertyIds;
+  }
+
+
+  // ----- PrivilegeResourceProvider -----------------------------------------
+
+  @Override
+  public Map<Long, Object> getResourceEntities(Map<String, Object> properties) {
+    // the singleton Ambari entity is implied
+    return Collections.singletonMap(ResourceEntity.AMBARI_RESOURCE_ID, null);
+  }
+}

http://git-wip-us.apache.org/repos/asf/ambari/blob/e19a719b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/DefaultProviderModule.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/DefaultProviderModule.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/DefaultProviderModule.java
index fa1aa67..1d20075 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/DefaultProviderModule.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/DefaultProviderModule.java
@@ -71,6 +71,10 @@ public class DefaultProviderModule extends AbstractProviderModule {
         return new StackDependencyResourceProvider(propertyIds, keyPropertyIds);
       case Permission:
         return new PermissionResourceProvider();
+      case AmbariPrivilege:
+        return new AmbariPrivilegeResourceProvider();
+      case ViewPrivilege:
+        return new ViewPrivilegeResourceProvider();
       default:
         return AbstractControllerResourceProvider.getResourceProvider(type, propertyIds,
             keyPropertyIds, managementController);

http://git-wip-us.apache.org/repos/asf/ambari/blob/e19a719b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/PermissionResourceProvider.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/PermissionResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/PermissionResourceProvider.java
index faf692f..287c2e6 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/PermissionResourceProvider.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/PermissionResourceProvider.java
@@ -27,6 +27,8 @@ import org.apache.ambari.server.controller.spi.Resource;
 import org.apache.ambari.server.controller.spi.ResourceAlreadyExistsException;
 import org.apache.ambari.server.controller.spi.SystemException;
 import org.apache.ambari.server.controller.spi.UnsupportedPropertyException;
+import org.apache.ambari.server.orm.dao.PermissionDAO;
+import org.apache.ambari.server.orm.entities.PermissionEntity;
 
 import java.util.HashMap;
 import java.util.HashSet;
@@ -37,6 +39,12 @@ import java.util.Set;
  * Resource provider for permission instances.
  */
 public class PermissionResourceProvider extends AbstractResourceProvider {
+
+  /**
+   * Data access object used to obtain permission entities.
+   */
+  protected static PermissionDAO permissionDAO;
+
   /**
    * Permission property id constants.
    */
@@ -64,49 +72,25 @@ public class PermissionResourceProvider extends AbstractResourceProvider {
   }
 
 
+  // ----- Constructors ------------------------------------------------------
+
   /**
-   * Builtin permissions
+   * Construct a permission resource provider.
    */
-  private static final Set<Resource> builtinPermissions = new HashSet<Resource>();
-
-  static {
-    // AMBARI.ADMIN
-    Resource resource = new ResourceImpl(Resource.Type.Permission);
-    resource.setProperty(PERMISSION_ID_PROPERTY_ID, 0);
-    resource.setProperty(PERMISSION_NAME_PROPERTY_ID, "ADMIN");
-    resource.setProperty(RESOURCE_NAME_PROPERTY_ID, "AMBARI");
-    builtinPermissions.add(resource);
-
-    // CLUSTER.READ
-    resource = new ResourceImpl(Resource.Type.Permission);
-    resource.setProperty(PERMISSION_ID_PROPERTY_ID, 1);
-    resource.setProperty(PERMISSION_NAME_PROPERTY_ID, "READ");
-    resource.setProperty(RESOURCE_NAME_PROPERTY_ID, "CLUSTER");
-    builtinPermissions.add(resource);
-
-    // CLUSTER.OPERATE
-    resource = new ResourceImpl(Resource.Type.Permission);
-    resource.setProperty(PERMISSION_ID_PROPERTY_ID, 2);
-    resource.setProperty(PERMISSION_NAME_PROPERTY_ID, "OPERATE");
-    resource.setProperty(RESOURCE_NAME_PROPERTY_ID, "CLUSTER");
-    builtinPermissions.add(resource);
-
-    // CLUSTER.OPERATE
-    resource = new ResourceImpl(Resource.Type.Permission);
-    resource.setProperty(PERMISSION_ID_PROPERTY_ID, 3);
-    resource.setProperty(PERMISSION_NAME_PROPERTY_ID, "USE");
-    resource.setProperty(RESOURCE_NAME_PROPERTY_ID, "VIEW");
-    builtinPermissions.add(resource);
+  public PermissionResourceProvider() {
+    super(propertyIds, keyPropertyIds);
   }
 
 
-  // ----- Constructors ------------------------------------------------------
+  // ----- PermissionResourceProvider ----------------------------------------
 
   /**
-   * Construct a permission resource provider.
+   * Static initialization.
+   *
+   * @param dao  permission data access object
    */
-  public PermissionResourceProvider() {
-    super(propertyIds, keyPropertyIds);
+  public static void init(PermissionDAO dao) {
+    permissionDAO = dao;
   }
 
 
@@ -122,8 +106,16 @@ public class PermissionResourceProvider extends AbstractResourceProvider {
   @Override
   public Set<Resource> getResources(Request request, Predicate predicate)
       throws SystemException, UnsupportedPropertyException, NoSuchResourceException, NoSuchParentResourceException {
-    // TODO : add custom permissions.
-    return new HashSet<Resource>(builtinPermissions);
+
+    Set<Resource> resources    = new HashSet<Resource>();
+    Set<String>   requestedIds = getRequestPropertyIds(request, predicate);
+
+    for(PermissionEntity permissionEntity : permissionDAO.findAll()){
+
+      resources.add(toResource(permissionEntity, requestedIds));
+    }
+
+    return resources;
   }
 
   @Override
@@ -150,4 +142,18 @@ public class PermissionResourceProvider extends AbstractResourceProvider {
   protected Set<String> getPKPropertyIds() {
     return new HashSet<String>(keyPropertyIds.values());
   }
+
+
+  // ----- helper methods ----------------------------------------------------
+
+  // convert the given permission entity to a resource
+  private Resource toResource(PermissionEntity entity, Set<String> requestedIds) {
+    Resource resource = new ResourceImpl(Resource.Type.Permission);
+
+    setResourceProperty(resource, PERMISSION_ID_PROPERTY_ID, entity.getId(), requestedIds);
+    setResourceProperty(resource, PERMISSION_NAME_PROPERTY_ID, entity.getPermissionName(), requestedIds);
+    setResourceProperty(resource, RESOURCE_NAME_PROPERTY_ID, entity.getResourceType().getName(), requestedIds);
+
+    return resource;
+  }
 }

http://git-wip-us.apache.org/repos/asf/ambari/blob/e19a719b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/PrivilegeResourceProvider.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/PrivilegeResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/PrivilegeResourceProvider.java
new file mode 100644
index 0000000..c7476e5
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/PrivilegeResourceProvider.java
@@ -0,0 +1,376 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing privileges and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.controller.internal;
+
+import org.apache.ambari.server.AmbariException;
+import org.apache.ambari.server.DuplicateResourceException;
+import org.apache.ambari.server.controller.spi.NoSuchParentResourceException;
+import org.apache.ambari.server.controller.spi.NoSuchResourceException;
+import org.apache.ambari.server.controller.spi.Predicate;
+import org.apache.ambari.server.controller.spi.Request;
+import org.apache.ambari.server.controller.spi.RequestStatus;
+import org.apache.ambari.server.controller.spi.Resource;
+import org.apache.ambari.server.controller.spi.ResourceAlreadyExistsException;
+import org.apache.ambari.server.controller.spi.SystemException;
+import org.apache.ambari.server.controller.spi.UnsupportedPropertyException;
+import org.apache.ambari.server.controller.utilities.PropertyHelper;
+import org.apache.ambari.server.orm.dao.GroupDAO;
+import org.apache.ambari.server.orm.dao.PermissionDAO;
+import org.apache.ambari.server.orm.dao.PrincipalDAO;
+import org.apache.ambari.server.orm.dao.PrivilegeDAO;
+import org.apache.ambari.server.orm.dao.ResourceDAO;
+import org.apache.ambari.server.orm.dao.UserDAO;
+import org.apache.ambari.server.orm.entities.GroupEntity;
+import org.apache.ambari.server.orm.entities.PrincipalEntity;
+import org.apache.ambari.server.orm.entities.PrincipalTypeEntity;
+import org.apache.ambari.server.orm.entities.PrivilegeEntity;
+import org.apache.ambari.server.orm.entities.UserEntity;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * Abstract resource provider for privilege resources.
+ */
+public abstract class PrivilegeResourceProvider<T> extends AbstractResourceProvider {
+
+  /**
+   * Data access object used to obtain privilege entities.
+   */
+  protected static PrivilegeDAO privilegeDAO;
+
+  /**
+   * Data access object used to obtain user entities.
+   */
+  protected static UserDAO userDAO;
+
+  /**
+   * Data access object used to obtain group entities.
+   */
+  protected static GroupDAO groupDAO;
+
+  /**
+   * Data access object used to obtain principal entities.
+   */
+  protected static PrincipalDAO principalDAO;
+
+  /**
+   * Data access object used to obtain permission entities.
+   */
+  protected static PermissionDAO permissionDAO;
+
+  /**
+   * Data access object used to obtain resource entities.
+   */
+  protected static ResourceDAO resourceDAO;
+
+  /**
+   * Privilege property id constants.
+   */
+  public static final String PRIVILEGE_ID_PROPERTY_ID    = "PrivilegeInfo/privilege_id";
+  public static final String PERMISSION_NAME_PROPERTY_ID = "PrivilegeInfo/permission_name";
+  public static final String PRINCIPAL_NAME_PROPERTY_ID  = "PrivilegeInfo/principal_name";
+  public static final String PRINCIPAL_TYPE_PROPERTY_ID  = "PrivilegeInfo/principal_type";
+
+  /**
+   * The privilege resource type.
+   */
+  private final Resource.Type resourceType;
+
+
+  // ----- Constructors ------------------------------------------------------
+
+  /**
+   * Construct a privilege resource provider.
+   */
+  public PrivilegeResourceProvider(Set<String> propertyIds,
+                                   Map<Resource.Type, String> keyPropertyIds,
+                                   Resource.Type resourceType) {
+    super(propertyIds, keyPropertyIds);
+    this.resourceType = resourceType;
+  }
+
+
+  // ----- PrivilegeResourceProvider ----------------------------------------
+
+  /**
+   * Static initialization.
+   *
+   * @param privDAO  the privilege data access object
+   * @param usrDAO   the user data access object
+   * @param grpDAO   the group data access object
+   * @param prinDAO  the principal data access object
+   * @param permDAO  the permission data access object
+   * @param resDAO   the resource data access object
+   */
+  public static void init(PrivilegeDAO privDAO, UserDAO usrDAO, GroupDAO grpDAO, PrincipalDAO prinDAO,
+                          PermissionDAO permDAO, ResourceDAO resDAO) {
+    privilegeDAO  = privDAO;
+    userDAO       = usrDAO;
+    groupDAO      = grpDAO;
+    principalDAO  = prinDAO;
+    permissionDAO = permDAO;
+    resourceDAO   = resDAO;
+  }
+
+  /**
+   * Get the entities for the owning resources from the given properties.
+   *
+   * @param properties  the set of properties
+   *
+   * @return the entities
+   */
+  public abstract Map<Long, T> getResourceEntities(Map<String, Object> properties);
+
+
+  // ----- ResourceProvider --------------------------------------------------
+
+  @Override
+  public RequestStatus createResources(Request request)
+      throws SystemException, UnsupportedPropertyException,
+      ResourceAlreadyExistsException, NoSuchParentResourceException {
+    for (Map<String, Object> properties : request.getProperties()) {
+      createResources(getCreateCommand(properties));
+    }
+    notifyCreate(Resource.Type.ViewInstance, request);
+
+    return getRequestStatus(null);
+  }
+
+  @Override
+  public Set<Resource> getResources(Request request, Predicate predicate)
+      throws SystemException, UnsupportedPropertyException, NoSuchResourceException, NoSuchParentResourceException {
+    Set<Resource> resources    = new HashSet<Resource>();
+    Set<String>   requestedIds = getRequestPropertyIds(request, predicate);
+    Set<Long>     resourceIds  = new HashSet<Long>();
+
+    Set<Map<String, Object>> propertyMaps = getPropertyMaps(predicate);
+
+    if (propertyMaps.isEmpty()) {
+      propertyMaps.add(Collections.<String, Object>emptyMap());
+    }
+
+    for (Map<String, Object> properties : propertyMaps) {
+      Map<Long, T> resourceEntities = getResourceEntities(properties);
+
+      resourceIds.addAll(resourceEntities.keySet());
+
+      Map<Long, PrivilegeEntity> entityMap     = new HashMap<Long, PrivilegeEntity>();
+      List<PrincipalEntity>      principalList = new LinkedList<PrincipalEntity>();
+
+
+      List<PrivilegeEntity> entities = privilegeDAO.findAll();
+
+      for(PrivilegeEntity privilegeEntity : entities){
+        if (resourceIds.contains(privilegeEntity.getResource().getId())) {
+          PrincipalEntity principal = privilegeEntity.getPrincipal();
+          entityMap.put(principal.getId(), privilegeEntity);
+          principalList.add(principal);
+        }
+      }
+
+      Map<Long, UserEntity> userEntities = new HashMap<Long, UserEntity>();
+      List<UserEntity>      userList     = userDAO.findUsersByPrincipal(principalList);
+
+      for (UserEntity userEntity : userList) {
+        userEntities.put(userEntity.getPrincipal().getId(), userEntity);
+      }
+
+      Map<Long, GroupEntity> groupEntities = new HashMap<Long, GroupEntity>();
+      List<GroupEntity>      groupList     = groupDAO.findGroupsByPrincipal(principalList);
+
+      for (GroupEntity groupEntity : groupList) {
+        groupEntities.put(groupEntity.getPrincipal().getId(), groupEntity);
+      }
+
+      for(PrivilegeEntity privilegeEntity : entityMap.values()){
+        Resource resource = toResource(privilegeEntity, userEntities, groupEntities, resourceEntities, requestedIds);
+        if (predicate == null || predicate.evaluate(resource)) {
+          resources.add(resource);
+        }
+      }
+    }
+
+    return resources;
+  }
+
+  @Override
+  public RequestStatus updateResources(Request request, Predicate predicate)
+      throws SystemException, UnsupportedPropertyException, NoSuchResourceException, NoSuchParentResourceException {
+    throw new UnsupportedOperationException("Not supported.");
+  }
+
+  @Override
+  public RequestStatus deleteResources(Predicate predicate)
+      throws SystemException, UnsupportedPropertyException, NoSuchResourceException, NoSuchParentResourceException {
+    modifyResources(getDeleteCommand(predicate));
+    notifyDelete(Resource.Type.ViewInstance, predicate);
+    return getRequestStatus(null);
+  }
+
+
+  // ----- AbstractResourceProvider ------------------------------------------
+
+  @Override
+  protected Set<String> getPKPropertyIds() {
+    return new HashSet<String>(getKeyPropertyIds().values());
+  }
+
+
+  // ----- helper methods ----------------------------------------------------
+
+  /**
+   * Check to see if the given privilege entity's permission is allowable for the
+   * resource type.
+   *
+   * @param entity  the privilege entity
+   *
+   * @throws AmbariException if the the privilege permission is not allowable for the resource type
+   */
+  protected boolean checkResourceTypes(PrivilegeEntity entity) throws AmbariException {
+    Integer resourceType           = entity.getResource().getResourceType().getId();
+    Integer permissionResourceType = entity.getPermission().getResourceType().getId();
+
+    return resourceType.equals(permissionResourceType);
+  }
+
+  /**
+   * Convert the given privilege entity into a Resource.
+   *
+   * @param privilegeEntity   the privilege entity to be converted
+   * @param userEntities      the map of user entities keyed by resource id
+   * @param groupEntities     the map of group entities keyed by resource id
+   * @param resourceEntities  the map of resource entities keyed by resource id
+   * @param requestedIds      the requested property ids
+   *
+   * @return the resource
+   */
+  protected Resource toResource(PrivilegeEntity privilegeEntity,
+                                Map<Long, UserEntity> userEntities,
+                                Map<Long, GroupEntity> groupEntities,
+                                Map<Long, T> resourceEntities,
+                                Set<String> requestedIds) {
+    Resource resource = new ResourceImpl(resourceType);
+
+    setResourceProperty(resource, PRIVILEGE_ID_PROPERTY_ID,
+        privilegeEntity.getId(), requestedIds);
+    setResourceProperty(resource, PERMISSION_NAME_PROPERTY_ID,
+        privilegeEntity.getPermission().getPermissionName(), requestedIds);
+
+    PrincipalEntity principal   = privilegeEntity.getPrincipal();
+    Long            principalId = principal.getId();
+
+    if (userEntities.containsKey(principalId)) {
+      UserEntity userEntity = userEntities.get(principalId);
+      setResourceProperty(resource, PRINCIPAL_NAME_PROPERTY_ID, userEntity.getUserName(), requestedIds);
+    } else if (groupEntities.containsKey(principalId)){
+      GroupEntity groupEntity = groupEntities.get(principalId);
+      setResourceProperty(resource, PRINCIPAL_NAME_PROPERTY_ID, groupEntity.getGroupName(), requestedIds);
+    }
+
+    setResourceProperty(resource, PRINCIPAL_TYPE_PROPERTY_ID, principal.getPrincipalType().getName(), requestedIds);
+    return resource;
+  }
+
+  /**
+   * Convert the given map of properties to a privilege entity for the resource
+   * identified by the given id.
+   *
+   * @param properties  the property map
+   * @param resourceId  the resource id
+   *
+   * @return the new privilege entity
+   */
+  protected PrivilegeEntity toEntity(Map<String, Object> properties, Long resourceId) {
+    PrivilegeEntity entity = new PrivilegeEntity();
+
+    String permissionName = (String) properties.get(PERMISSION_NAME_PROPERTY_ID);
+
+    entity.setPermission(permissionDAO.findPermissionByName(permissionName));
+    entity.setResource(resourceDAO.findById(resourceId));
+
+    String principalName = (String) properties.get(PRINCIPAL_NAME_PROPERTY_ID);
+    String principalType = (String) properties.get(PRINCIPAL_TYPE_PROPERTY_ID);
+
+    if (PrincipalTypeEntity.GROUP_PRINCIPAL_TYPE_NAME.equalsIgnoreCase(principalType)) {
+      GroupEntity groupEntity = groupDAO.findGroupByName(principalName);
+      entity.setPrincipal(principalDAO.findById(groupEntity.getPrincipal().getId()));
+    } else if (PrincipalTypeEntity.USER_PRINCIPAL_TYPE_NAME.equalsIgnoreCase(principalType)) {
+      UserEntity userEntity = userDAO.findLocalUserByName(principalName);
+      entity.setPrincipal(principalDAO.findById(userEntity.getPrincipal().getId()));
+    }
+    return entity;
+  }
+
+  // Create a create command with the given properties map.
+  private Command<Void> getCreateCommand(final Map<String, Object> properties) {
+    return new Command<Void>() {
+      @Override
+      public Void invoke() throws AmbariException {
+
+        // for a create there should only be one resource ...
+        Set<Long> resourceIds = getResourceEntities(properties).keySet();
+        Long      resourceId  = resourceIds.iterator().next();
+
+        PrivilegeEntity entity = toEntity(properties, resourceId);
+
+        if (privilegeDAO.exists(entity)) {
+            throw new DuplicateResourceException("The privilege already exists.");
+        }
+        if (!checkResourceTypes(entity)) {
+          throw new AmbariException("Can't grant " + entity.getPermission().getResourceType().getName() +
+              " permission on a " + entity.getResource().getResourceType().getName() + " resource.");
+        }
+
+        privilegeDAO.create(entity);
+        return null;
+      }
+    };
+  }
+
+  // Create a delete command with the given predicate.
+  private Command<Void> getDeleteCommand(final Predicate predicate) {
+    return new Command<Void>() {
+      @Override
+      public Void invoke() throws AmbariException {
+        try {
+          Set<Resource> resources = getResources(PropertyHelper.getReadRequest(), predicate);
+          for (Resource resource : resources) {
+
+            PrivilegeEntity entity =
+                privilegeDAO.findById((Integer) resource.getPropertyValue(PRIVILEGE_ID_PROPERTY_ID));
+
+            if (entity != null) {
+              privilegeDAO.remove(entity);
+            }
+          }
+        } catch (Exception e) {
+          throw new AmbariException("Caught exception deleting privilege.", e);
+        }
+        return null;
+      }
+    };
+  }
+}
+

http://git-wip-us.apache.org/repos/asf/ambari/blob/e19a719b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProvider.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProvider.java
new file mode 100644
index 0000000..fa01bb6
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProvider.java
@@ -0,0 +1,161 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing privileges and
+ * limitations under the License.
+ */
+package org.apache.ambari.server.controller.internal;
+
+import org.apache.ambari.server.AmbariException;
+import org.apache.ambari.server.controller.spi.Resource;
+import org.apache.ambari.server.orm.entities.GroupEntity;
+import org.apache.ambari.server.orm.entities.PrivilegeEntity;
+import org.apache.ambari.server.orm.entities.ResourceTypeEntity;
+import org.apache.ambari.server.orm.entities.UserEntity;
+import org.apache.ambari.server.orm.entities.ViewEntity;
+import org.apache.ambari.server.orm.entities.ViewInstanceEntity;
+import org.apache.ambari.server.view.ViewRegistry;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * Resource provider for view privilege resources.
+ */
+public class ViewPrivilegeResourceProvider extends PrivilegeResourceProvider<ViewInstanceEntity> {
+
+  /**
+   * View privilege property id constants.
+   */
+  public static final String PRIVILEGE_VIEW_NAME_PROPERTY_ID     = "PrivilegeInfo/view_name";
+  public static final String PRIVILEGE_VIEW_VERSION_PROPERTY_ID  = "PrivilegeInfo/version";
+  public static final String PRIVILEGE_INSTANCE_NAME_PROPERTY_ID = "PrivilegeInfo/instance_name";
+
+  /**
+   * The property ids for a privilege resource.
+   */
+  private static Set<String> propertyIds = new HashSet<String>();
+  static {
+    propertyIds.add(PRIVILEGE_VIEW_NAME_PROPERTY_ID);
+    propertyIds.add(PRIVILEGE_VIEW_VERSION_PROPERTY_ID);
+    propertyIds.add(PRIVILEGE_INSTANCE_NAME_PROPERTY_ID);
+    propertyIds.add(PRIVILEGE_ID_PROPERTY_ID);
+    propertyIds.add(PERMISSION_NAME_PROPERTY_ID);
+    propertyIds.add(PRINCIPAL_NAME_PROPERTY_ID);
+    propertyIds.add(PRINCIPAL_TYPE_PROPERTY_ID);
+  }
+
+  /**
+   * The key property ids for a privilege resource.
+   */
+  private static Map<Resource.Type, String> keyPropertyIds = new HashMap<Resource.Type, String>();
+  static {
+    keyPropertyIds.put(Resource.Type.View, PRIVILEGE_VIEW_NAME_PROPERTY_ID);
+    keyPropertyIds.put(Resource.Type.ViewVersion, PRIVILEGE_VIEW_VERSION_PROPERTY_ID);
+    keyPropertyIds.put(Resource.Type.ViewInstance, PRIVILEGE_INSTANCE_NAME_PROPERTY_ID);
+    keyPropertyIds.put(Resource.Type.ViewPrivilege, PRIVILEGE_ID_PROPERTY_ID);
+  }
+
+
+  // ----- Constructors ------------------------------------------------------
+
+  /**
+   * Construct an ViewPrivilegeResourceProvider.
+   */
+  public ViewPrivilegeResourceProvider() {
+    super(propertyIds, keyPropertyIds, Resource.Type.ViewPrivilege);
+  }
+
+
+  // ----- AbstractResourceProvider ------------------------------------------
+
+  @Override
+  public Map<Resource.Type, String> getKeyPropertyIds() {
+    return keyPropertyIds;
+  }
+
+
+  // ----- PrivilegeResourceProvider -----------------------------------------
+
+  @Override
+  public Map<Long, ViewInstanceEntity> getResourceEntities(Map<String, Object> properties) {
+    ViewRegistry viewRegistry = ViewRegistry.getInstance();
+
+    String viewName     = (String) properties.get(PRIVILEGE_VIEW_NAME_PROPERTY_ID);
+    String viewVersion  = (String) properties.get(PRIVILEGE_VIEW_VERSION_PROPERTY_ID);
+    String instanceName = (String) properties.get(PRIVILEGE_INSTANCE_NAME_PROPERTY_ID);
+
+    if (viewName != null && viewVersion != null && instanceName != null) {
+      ViewInstanceEntity viewInstanceEntity =
+          viewRegistry.getInstanceDefinition(viewName, viewVersion, instanceName);
+
+      return Collections.singletonMap(viewInstanceEntity.getResource().getId(), viewInstanceEntity);
+    }
+
+    Set<ViewEntity> viewEntities = new HashSet<ViewEntity>();
+
+    if (viewVersion != null) {
+      ViewEntity viewEntity = viewRegistry.getDefinition(viewName, viewVersion);
+      if (viewEntity != null) {
+        viewEntities.add(viewEntity);
+      }
+    } else {
+      for (ViewEntity viewEntity : viewRegistry.getDefinitions()) {
+        if (viewName == null || viewEntity.getCommonName().equals(viewName)) {
+          viewEntities.add(viewEntity);
+        }
+      }
+    }
+
+    Map<Long, ViewInstanceEntity> resourceEntities = new HashMap<Long, ViewInstanceEntity>();
+
+    for (ViewEntity viewEntity : viewEntities) {
+      for (ViewInstanceEntity viewInstanceEntity : viewEntity.getInstances()) {
+        resourceEntities.put(viewInstanceEntity.getResource().getId(), viewInstanceEntity);
+      }
+    }
+    return resourceEntities;
+  }
+
+
+  // ----- helper methods ----------------------------------------------------
+
+  @Override
+  protected boolean checkResourceTypes(PrivilegeEntity entity) throws AmbariException {
+    return super.checkResourceTypes(entity) ||
+        entity.getPermission().getResourceType().getId().equals(ResourceTypeEntity.VIEW_RESOURCE_TYPE);
+  }
+
+  @Override
+  protected Resource toResource(PrivilegeEntity privilegeEntity,
+                                Map<Long, UserEntity> userEntities,
+                                Map<Long, GroupEntity> groupEntities,
+                                Map<Long, ViewInstanceEntity> resourceEntities, Set<String> requestedIds) {
+    Resource resource = super.toResource(privilegeEntity, userEntities, groupEntities, resourceEntities, requestedIds);
+    if (resource != null) {
+
+      ViewInstanceEntity viewInstanceEntity = resourceEntities.get(privilegeEntity.getResource().getId());
+      ViewEntity         viewEntity         = viewInstanceEntity.getViewEntity();
+
+      setResourceProperty(resource, PRIVILEGE_VIEW_NAME_PROPERTY_ID, viewEntity.getCommonName(), requestedIds);
+      setResourceProperty(resource, PRIVILEGE_VIEW_VERSION_PROPERTY_ID, viewEntity.getVersion(), requestedIds);
+      setResourceProperty(resource, PRIVILEGE_INSTANCE_NAME_PROPERTY_ID, viewInstanceEntity.getName(), requestedIds);
+    }
+    return resource;
+  }
+}
+

http://git-wip-us.apache.org/repos/asf/ambari/blob/e19a719b/ambari-server/src/main/java/org/apache/ambari/server/controller/spi/Resource.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/spi/Resource.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/spi/Resource.java
index a61ab37..53f8a9c 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/spi/Resource.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/spi/Resource.java
@@ -22,8 +22,6 @@ package org.apache.ambari.server.controller.spi;
 import java.util.LinkedHashMap;
 import java.util.Map;
 
-import org.apache.ambari.server.controller.spi.Resource.Type;
-
 /**
  * The resource object represents a requested resource.  The resource
  * contains a collection of values for the requested properties.
@@ -113,7 +111,10 @@ public interface Resource {
     Blueprint,
     HostComponentProcess,
     Permission,
-    AlertDefinition;
+    AlertDefinition,
+    AmbariPrivilege,
+    ClusterPrivilege,
+    ViewPrivilege;
 
     /**
      * Get the {@link Type} that corresponds to this InternalType.
@@ -186,6 +187,9 @@ public interface Resource {
     public static final Type HostComponentProcess = InternalType.HostComponentProcess.getType();
     public static final Type Permission = InternalType.Permission.getType();
     public static final Type AlertDefinition = InternalType.AlertDefinition.getType();
+    public static final Type AmbariPrivilege = InternalType.AmbariPrivilege.getType();
+    public static final Type ClusterPrivilege = InternalType.ClusterPrivilege.getType();
+    public static final Type ViewPrivilege = InternalType.ViewPrivilege.getType();
 
     /**
      * The type name.

http://git-wip-us.apache.org/repos/asf/ambari/blob/e19a719b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/GroupDAO.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/GroupDAO.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/GroupDAO.java
index b54b935..bedf24a 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/GroupDAO.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/GroupDAO.java
@@ -17,6 +17,7 @@
  */
 package org.apache.ambari.server.orm.dao;
 
+import java.util.Collections;
 import java.util.List;
 
 import javax.persistence.EntityManager;
@@ -30,6 +31,7 @@ import com.google.inject.Inject;
 import com.google.inject.Provider;
 import com.google.inject.Singleton;
 import com.google.inject.persist.Transactional;
+import org.apache.ambari.server.orm.entities.PrincipalEntity;
 
 @Singleton
 public class GroupDAO {
@@ -60,6 +62,22 @@ public class GroupDAO {
     }
   }
 
+  /**
+   * Find the group entities for the given list of principals
+   *
+   * @param principalList  the list of principal entities
+   *
+   * @return the list of groups matching the query
+   */
+  public List<GroupEntity> findGroupsByPrincipal(List<PrincipalEntity> principalList) {
+    if (principalList == null || principalList.isEmpty()) {
+      return Collections.emptyList();
+    }
+    TypedQuery<GroupEntity> query = entityManagerProvider.get().createQuery("SELECT grp FROM GroupEntity grp WHERE grp.principal IN :principalList", GroupEntity.class);
+    query.setParameter("principalList", principalList);
+    return daoUtils.selectList(query);
+  }
+
   @Transactional
   public void create(GroupEntity group) {
     group.setGroupName(group.getGroupName().toLowerCase());

http://git-wip-us.apache.org/repos/asf/ambari/blob/e19a719b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PermissionDAO.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PermissionDAO.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PermissionDAO.java
new file mode 100644
index 0000000..c00b47a
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PermissionDAO.java
@@ -0,0 +1,81 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.orm.dao;
+
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+import com.google.inject.Singleton;
+import org.apache.ambari.server.orm.entities.PermissionEntity;
+
+import javax.persistence.EntityManager;
+import javax.persistence.NoResultException;
+import javax.persistence.TypedQuery;
+import java.util.List;
+
+/**
+ * Permission Data Access Object.
+ */
+@Singleton
+public class PermissionDAO {
+  /**
+   * JPA entity manager
+   */
+  @Inject
+  Provider<EntityManager> entityManagerProvider;
+  @Inject
+  DaoUtils daoUtils;
+
+  /**
+   * Find a permission entity with the given id.
+   *
+   * @param id  type id
+   *
+   * @return  a matching permission entity or null
+   */
+  public PermissionEntity findById(Integer id) {
+    return entityManagerProvider.get().find(PermissionEntity.class, id);
+  }
+
+  /**
+   * Find all permission entities.
+   *
+   * @return all entities or an empty List
+   */
+  public List<PermissionEntity> findAll() {
+    TypedQuery<PermissionEntity> query = entityManagerProvider.get().createQuery("SELECT resource FROM PermissionEntity resource", PermissionEntity.class);
+    return daoUtils.selectList(query);
+  }
+
+  /**
+   * Find a permission entity by name.
+   *
+   * @param name  the permission name
+   *
+   * @return  a matching permission entity or null
+   */
+  public PermissionEntity findPermissionByName(String name) {
+    final TypedQuery<PermissionEntity> query = entityManagerProvider.get().createNamedQuery("permissionByName", PermissionEntity.class);
+    query.setParameter("permissionname", name);
+    try {
+      return query.getSingleResult();
+    } catch (NoResultException e) {
+      return null;
+    }
+  }
+}

http://git-wip-us.apache.org/repos/asf/ambari/blob/e19a719b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PrincipalDAO.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PrincipalDAO.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PrincipalDAO.java
new file mode 100644
index 0000000..13ebf09
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PrincipalDAO.java
@@ -0,0 +1,87 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.orm.dao;
+
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+import com.google.inject.Singleton;
+import com.google.inject.persist.Transactional;
+import org.apache.ambari.server.orm.entities.PrincipalEntity;
+
+import javax.persistence.EntityManager;
+import javax.persistence.TypedQuery;
+import java.util.List;
+
+/**
+ * Principal Data Access Object.
+ */
+@Singleton
+public class PrincipalDAO {
+  /**
+   * JPA entity manager
+   */
+  @Inject
+  Provider<EntityManager> entityManagerProvider;
+  @Inject
+  DaoUtils daoUtils;
+
+  /**
+   * Find a principal with the given id.
+   *
+   *
+   * @param id  type id
+   *
+   * @return  a matching principal type  or null
+   */
+  public PrincipalEntity findById(Long id) {
+    return entityManagerProvider.get().find(PrincipalEntity.class, id);
+  }
+
+  /**
+   * Find all principals.
+   *
+   * @return all principals or an empty List
+   */
+  public List<PrincipalEntity> findAll() {
+    TypedQuery<PrincipalEntity> query = entityManagerProvider.get().createQuery("SELECT principal FROM PrincipalEntity principal", PrincipalEntity.class);
+    return daoUtils.selectList(query);
+  }
+
+  /**
+   * Make an instance managed and persistent.
+   *
+   * @param entity  entity to store
+   */
+  @Transactional
+  public void create(PrincipalEntity entity) {
+    entityManagerProvider.get().persist(entity);
+  }
+
+  /**
+   * Merge the given entity.
+   *
+   * @param entity  the entity
+   *
+   * @return the managed entity
+   */
+  @Transactional
+  public PrincipalEntity merge(PrincipalEntity entity) {
+    return entityManagerProvider.get().merge(entity);
+  }
+}

http://git-wip-us.apache.org/repos/asf/ambari/blob/e19a719b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PrincipalTypeDAO.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PrincipalTypeDAO.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PrincipalTypeDAO.java
new file mode 100644
index 0000000..041ad5c
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PrincipalTypeDAO.java
@@ -0,0 +1,84 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.orm.dao;
+
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+import com.google.inject.Singleton;
+import com.google.inject.persist.Transactional;
+import org.apache.ambari.server.orm.entities.PrincipalTypeEntity;
+
+import javax.persistence.EntityManager;
+import javax.persistence.TypedQuery;
+import java.util.List;
+
+/**
+ * Principal Type Data Access Object.
+ */
+@Singleton
+public class PrincipalTypeDAO {
+  /**
+   * JPA entity manager
+   */
+  @Inject
+  Provider<EntityManager> entityManagerProvider;
+
+  /**
+   * Utilities.
+   */
+  @Inject
+  DaoUtils daoUtils;
+
+  /**
+   * Find a principal type with the given id.
+   *
+   * @param id  type id
+   *
+   * @return  a matching principal type  or null
+   */
+  public PrincipalTypeEntity findById(Integer id) {
+    return entityManagerProvider.get().find(PrincipalTypeEntity.class, id);
+  }
+
+  /**
+   * Find all principal types.
+   *
+   * @return all principal types or an empty List
+   */
+  public List<PrincipalTypeEntity> findAll() {
+    TypedQuery<PrincipalTypeEntity> query = entityManagerProvider.get().createQuery("SELECT principalType FROM PrincipalTypeEntity principalType", PrincipalTypeEntity.class);
+    return daoUtils.selectList(query);
+  }
+
+  /**
+   * Make an instance managed and persistent.
+   *
+   * @param entity  entity to store
+   */
+  @Transactional
+  public void create(PrincipalTypeEntity entity) {
+    entityManagerProvider.get().persist(entity);
+  }
+
+  @Transactional
+  public PrincipalTypeEntity merge(PrincipalTypeEntity entity) {
+    return entityManagerProvider.get().merge(entity);
+  }
+}
+

http://git-wip-us.apache.org/repos/asf/ambari/blob/e19a719b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PrivilegeDAO.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PrivilegeDAO.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PrivilegeDAO.java
new file mode 100644
index 0000000..de18031
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PrivilegeDAO.java
@@ -0,0 +1,114 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.orm.dao;
+
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+import com.google.inject.Singleton;
+import com.google.inject.persist.Transactional;
+import org.apache.ambari.server.orm.entities.PrivilegeEntity;
+
+import javax.persistence.EntityManager;
+import javax.persistence.TypedQuery;
+import java.util.List;
+
+/**
+ * Privilege Data Access Object.
+ */
+@Singleton
+public class PrivilegeDAO {
+  /**
+   * JPA entity manager
+   */
+  @Inject
+  Provider<EntityManager> entityManagerProvider;
+  @Inject
+  DaoUtils daoUtils;
+
+  /**
+   * Find a resource with the given id.
+   *
+   * @param id  type id
+   *
+   * @return  a matching resource type  or null
+   */
+  public PrivilegeEntity findById(Integer id) {
+    return entityManagerProvider.get().find(PrivilegeEntity.class, id);
+  }
+
+  /**
+   * Find all resources.
+   *
+   * @return all resources or an empty List
+   */
+  public List<PrivilegeEntity> findAll() {
+    TypedQuery<PrivilegeEntity> query = entityManagerProvider.get().createQuery("SELECT privilege FROM PrivilegeEntity privilege", PrivilegeEntity.class);
+    return daoUtils.selectList(query);
+  }
+
+  /**
+   * Determine whether or not the given privilege entity already exists.
+   *
+   * @param entity  the privilege entity
+   *
+   * @return true if the given privilege entity already exists
+   */
+  public boolean exists(PrivilegeEntity entity) {
+    TypedQuery<PrivilegeEntity> query = entityManagerProvider.get().createQuery(
+        "SELECT privilege FROM PrivilegeEntity privilege WHERE privilege.principal = :principal AND privilege.resource = :resource AND privilege.permission = :permission", PrivilegeEntity.class);
+
+    query.setParameter("principal", entity.getPrincipal());
+    query.setParameter("resource", entity.getResource());
+    query.setParameter("permission", entity.getPermission());
+
+    List<PrivilegeEntity> privilegeEntities = daoUtils.selectList(query);
+    return !(privilegeEntities == null || privilegeEntities.isEmpty());
+  }
+
+  /**
+   * Make an instance managed and persistent.
+   *
+   * @param entity  entity to persist
+   */
+  @Transactional
+  public void create(PrivilegeEntity entity) {
+    entityManagerProvider.get().persist(entity);
+  }
+
+  /**
+   * Merge the state of the given entity into the current persistence context.
+   *
+   * @param entity  entity to merge
+   *
+   * @return the merged entity
+   */
+  @Transactional
+  public PrivilegeEntity merge(PrivilegeEntity entity) {
+    return entityManagerProvider.get().merge(entity);
+  }
+  /**
+   * Remove the entity instance.
+   *
+   * @param entity  entity to remove
+   */
+  @Transactional
+  public void remove(PrivilegeEntity entity) {
+    entityManagerProvider.get().remove(merge(entity));
+  }
+}

http://git-wip-us.apache.org/repos/asf/ambari/blob/e19a719b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java
new file mode 100644
index 0000000..99c3f92
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceDAO.java
@@ -0,0 +1,80 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.orm.dao;
+
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+import com.google.inject.Singleton;
+import com.google.inject.persist.Transactional;
+import org.apache.ambari.server.orm.entities.ResourceEntity;
+
+import javax.persistence.EntityManager;
+import javax.persistence.TypedQuery;
+import java.util.List;
+
+/**
+ * Admin resource Data Access Object.
+ */
+@Singleton
+public class ResourceDAO {
+  /**
+   * JPA entity manager
+   */
+  @Inject
+  Provider<EntityManager> entityManagerProvider;
+  @Inject
+  DaoUtils daoUtils;
+
+  /**
+   * Find a resource with the given id.
+   *
+   * @param id  type id
+   *
+   * @return  a matching resource type  or null
+   */
+  public ResourceEntity findById(Long id) {
+    return entityManagerProvider.get().find(ResourceEntity.class, id);
+  }
+
+  /**
+   * Find all resources.
+   *
+   * @return all resources or an empty List
+   */
+  public List<ResourceEntity> findAll() {
+    TypedQuery<ResourceEntity> query = entityManagerProvider.get().createQuery("SELECT resource FROM ResourceEntity resource", ResourceEntity.class);
+    return daoUtils.selectList(query);
+  }
+
+  /**
+   * Make an instance managed and persistent.
+   *
+   * @param entity  entity to store
+   */
+  @Transactional
+  public void create(ResourceEntity entity) {
+    entityManagerProvider.get().persist(entity);
+  }
+
+
+  @Transactional
+  public ResourceEntity merge(ResourceEntity entity) {
+    return entityManagerProvider.get().merge(entity);
+  }
+}

http://git-wip-us.apache.org/repos/asf/ambari/blob/e19a719b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceTypeDAO.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceTypeDAO.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceTypeDAO.java
new file mode 100644
index 0000000..a0373c6
--- /dev/null
+++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ResourceTypeDAO.java
@@ -0,0 +1,102 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ambari.server.orm.dao;
+
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+import com.google.inject.Singleton;
+import com.google.inject.persist.Transactional;
+import org.apache.ambari.server.orm.entities.ResourceTypeEntity;
+
+import javax.persistence.EntityManager;
+import javax.persistence.TypedQuery;
+import java.util.List;
+
+/**
+ * Resource Type Data Access Object.
+ */
+@Singleton
+public class ResourceTypeDAO {
+  /**
+   * JPA entity manager
+   */
+  @Inject
+  Provider<EntityManager> entityManagerProvider;
+  @Inject
+  DaoUtils daoUtils;
+
+  /**
+   * Find a resource type with the given id.
+   *
+   * @param id  type id
+   *
+   * @return  a matching resource type or null
+   */
+  public ResourceTypeEntity findById(Integer id) {
+    return entityManagerProvider.get().find(ResourceTypeEntity.class, id);
+  }
+
+  /**
+   * Find a resource type with the given name.
+   *
+   * @param name  type name
+   *
+   * @return  a matching resource type or null
+   */
+  public ResourceTypeEntity findByName(String name) {
+    TypedQuery<ResourceTypeEntity> query = entityManagerProvider.get().createQuery(
+        "SELECT resourceType FROM ResourceTypeEntity resourceType WHERE resourceType.name = ?1",
+        ResourceTypeEntity.class);
+    return daoUtils.selectSingle(query, name);
+  }
+
+  /**
+   * Find all resource types.
+   *
+   * @return all resource types or an empty List
+   */
+  public List<ResourceTypeEntity> findAll() {
+    TypedQuery<ResourceTypeEntity> query = entityManagerProvider.get().createQuery("SELECT resourceType FROM ResourceTypeEntity resourceType", ResourceTypeEntity.class);
+    return daoUtils.selectList(query);
+  }
+
+  /**
+   * Make an instance managed and persistent.
+   *
+   * @param entity  entity to store
+   */
+  @Transactional
+  public void create(ResourceTypeEntity entity) {
+    entityManagerProvider.get().persist(entity);
+  }
+
+  /**
+   * Merge the given entity.
+   *
+   * @param entity  the entity
+   *
+   * @return the managed entity
+   */
+  @Transactional
+  public ResourceTypeEntity merge(ResourceTypeEntity entity) {
+    return entityManagerProvider.get().merge(entity);
+  }
+
+}
+

http://git-wip-us.apache.org/repos/asf/ambari/blob/e19a719b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/UserDAO.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/UserDAO.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/UserDAO.java
index 96c7d77..55c2560 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/UserDAO.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/UserDAO.java
@@ -22,11 +22,13 @@ import com.google.inject.Provider;
 import com.google.inject.Singleton;
 import com.google.inject.persist.Transactional;
 import org.apache.ambari.server.orm.RequiresSession;
+import org.apache.ambari.server.orm.entities.PrincipalEntity;
 import org.apache.ambari.server.orm.entities.UserEntity;
 
 import javax.persistence.EntityManager;
 import javax.persistence.NoResultException;
 import javax.persistence.TypedQuery;
+import java.util.Collections;
 import java.util.List;
 import org.apache.ambari.server.orm.entities.RoleEntity;
 
@@ -78,6 +80,22 @@ public class UserDAO {
     }
   }
 
+  /**
+   * Find the user entities for the given list of admin principal entities.
+   *
+   * @param principalList  the list of principal entities
+   *
+   * @return the matching list of user entities
+   */
+  public List<UserEntity> findUsersByPrincipal(List<PrincipalEntity> principalList) {
+    if (principalList == null || principalList.isEmpty()) {
+      return Collections.emptyList();
+    }
+    TypedQuery<UserEntity> query = entityManagerProvider.get().createQuery("SELECT user FROM UserEntity user WHERE user.principal IN :principalList", UserEntity.class);
+    query.setParameter("principalList", principalList);
+    return daoUtils.selectList(query);
+  }
+
   @Transactional
   public void create(UserEntity user) {
     user.setUserName(user.getUserName().toLowerCase());
@@ -99,5 +117,4 @@ public class UserDAO {
   public void removeByPK(Integer userPK) {
     remove(findByPK(userPK));
   }
-
 }

http://git-wip-us.apache.org/repos/asf/ambari/blob/e19a719b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ViewInstanceDAO.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ViewInstanceDAO.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ViewInstanceDAO.java
index 4e4e149..a754edc 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ViewInstanceDAO.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/ViewInstanceDAO.java
@@ -73,42 +73,42 @@ public class ViewInstanceDAO {
    * Refresh the state of the instance from the database,
    * overwriting changes made to the entity, if any.
    *
-   * @param ViewInstanceEntity  entity to refresh
+   * @param viewInstanceEntity  entity to refresh
    */
   @Transactional
-  public void refresh(ViewInstanceEntity ViewInstanceEntity) {
-    entityManagerProvider.get().refresh(ViewInstanceEntity);
+  public void refresh(ViewInstanceEntity viewInstanceEntity) {
+    entityManagerProvider.get().refresh(viewInstanceEntity);
   }
 
   /**
    * Make an instance managed and persistent.
    *
-   * @param ViewInstanceEntity  entity to persist
+   * @param viewInstanceEntity  entity to persist
    */
   @Transactional
-  public void create(ViewInstanceEntity ViewInstanceEntity) {
-    entityManagerProvider.get().persist(ViewInstanceEntity);
+  public void create(ViewInstanceEntity viewInstanceEntity) {
+    entityManagerProvider.get().persist(viewInstanceEntity);
   }
 
   /**
    * Merge the state of the given entity into the current persistence context.
    *
-   * @param ViewInstanceEntity  entity to merge
+   * @param viewInstanceEntity  entity to merge
    * @return the merged entity
    */
   @Transactional
-  public ViewInstanceEntity merge(ViewInstanceEntity ViewInstanceEntity) {
-    return entityManagerProvider.get().merge(ViewInstanceEntity);
+  public ViewInstanceEntity merge(ViewInstanceEntity viewInstanceEntity) {
+    return entityManagerProvider.get().merge(viewInstanceEntity);
   }
 
   /**
    * Remove the entity instance.
    *
-   * @param ViewInstanceEntity  entity to remove
+   * @param viewInstanceEntity  entity to remove
    */
   @Transactional
-  public void remove(ViewInstanceEntity ViewInstanceEntity) {
-    entityManagerProvider.get().remove(merge(ViewInstanceEntity));
+  public void remove(ViewInstanceEntity viewInstanceEntity) {
+    entityManagerProvider.get().remove(merge(viewInstanceEntity));
   }
 
   /**

http://git-wip-us.apache.org/repos/asf/ambari/blob/e19a719b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
index 64fcf9a..5349f1e 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/GroupEntity.java
@@ -25,9 +25,12 @@ import javax.persistence.Entity;
 import javax.persistence.GeneratedValue;
 import javax.persistence.GenerationType;
 import javax.persistence.Id;
+import javax.persistence.JoinColumn;
+import javax.persistence.JoinColumns;
 import javax.persistence.NamedQueries;
 import javax.persistence.NamedQuery;
 import javax.persistence.OneToMany;
+import javax.persistence.OneToOne;
 import javax.persistence.Table;
 import javax.persistence.TableGenerator;
 import javax.persistence.UniqueConstraint;
@@ -60,6 +63,15 @@ public class GroupEntity {
   @OneToMany(mappedBy = "group", cascade = CascadeType.ALL)
   private Set<MemberEntity> memberEntities;
 
+  @OneToOne
+  @JoinColumns({
+      @JoinColumn(name = "principal_id", referencedColumnName = "principal_id", nullable = false),
+  })
+  private PrincipalEntity principal;
+
+
+  // ----- GroupEntity -------------------------------------------------------
+
   public Integer getGroupId() {
     return groupId;
   }
@@ -96,6 +108,27 @@ public class GroupEntity {
     this.memberEntities = memberEntities;
   }
 
+  /**
+   * Get the admin principal entity.
+   *
+   * @return the principal entity
+   */
+  public PrincipalEntity getPrincipal() {
+    return principal;
+  }
+
+  /**
+   * Set the admin principal entity.
+   *
+   * @param principal  the principal entity
+   */
+  public void setPrincipal(PrincipalEntity principal) {
+    this.principal = principal;
+  }
+
+
+  // ----- Object overrides --------------------------------------------------
+
   @Override
   public boolean equals(Object o) {
     if (this == o) return true;


Mime
View raw message