ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From alexantone...@apache.org
Subject [2/2] ambari git commit: AMBARI-14222. Hide/Show features based on user role
Date Sun, 06 Dec 2015 04:57:31 GMT
AMBARI-14222. Hide/Show features based on user role


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/10c51442
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/10c51442
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/10c51442

Branch: refs/heads/trunk
Commit: 10c51442791ac36188e8f01d4bb1e45333b748f9
Parents: 1efb3ab
Author: Alex Antonenko <hiveww@gmail.com>
Authored: Sun Dec 6 06:00:22 2015 +0200
Committer: Alex Antonenko <hiveww@gmail.com>
Committed: Sun Dec 6 06:00:22 2015 +0200

----------------------------------------------------------------------
 ambari-web/app/app.js                           |  43 +---
 .../controllers/global/cluster_controller.js    |  17 ++
 .../global/user_settings_controller.js          |   2 +-
 .../controllers/main/service/info/configs.js    |   2 +-
 .../app/controllers/wizard/step7_controller.js  |   2 +-
 ambari-web/app/mixins/common/userPref.js        |   2 +-
 ambari-web/app/models/cluster_states.js         |  10 +-
 ambari-web/app/router.js                        |  47 ++--
 .../app/routes/add_alert_definition_routes.js   |   2 +-
 ambari-web/app/routes/add_service_routes.js     |   2 +-
 ambari-web/app/routes/installer.js              |   2 +-
 ambari-web/app/routes/main.js                   |   4 +-
 ambari-web/app/templates/application.hbs        |  12 +-
 .../common/configs/config_history_flow.hbs      |  12 +-
 .../common/configs/notifications_configs.hbs    |   8 +-
 .../common/configs/overriddenProperty.hbs       |   4 +-
 .../templates/common/configs/service_config.hbs |   6 +-
 .../common/configs/service_config_category.hbs  |   4 +-
 .../common/configs/service_config_wizard.hbs    |   4 +-
 .../common/configs/service_version_box.hbs      |   4 +-
 .../common/configs/widgets/controls.hbs         |   8 +-
 .../modal_popups/widget_browser_footer.hbs      |   2 -
 .../modal_popups/widget_browser_popup.hbs       |   4 -
 .../templates/common/widget/gauge_widget.hbs    |   2 -
 .../templates/common/widget/graph_widget.hbs    |   2 -
 .../templates/common/widget/number_widget.hbs   |   2 -
 .../templates/common/widget/template_widget.hbs |   2 -
 .../app/templates/main/admin/kerberos.hbs       |  12 +-
 .../main/admin/stack_upgrade/versions.hbs       |   4 +-
 ambari-web/app/templates/main/alerts.hbs        |  24 +--
 .../main/alerts/definition_details.hbs          |  26 +--
 ambari-web/app/templates/main/host.hbs          |   4 +-
 .../templates/main/host/bulk_operation_menu.hbs |   4 +-
 ambari-web/app/templates/main/host/details.hbs  |   2 -
 .../main/host/details/host_component.hbs        |  54 +++--
 .../app/templates/main/host/stack_versions.hbs  |   4 +-
 ambari-web/app/templates/main/host/summary.hbs  |  16 +-
 .../main/service/all_services_actions.hbs       |  84 ++++----
 .../app/templates/main/service/info/configs.hbs |   4 +-
 .../app/templates/main/service/info/summary.hbs |   4 +-
 ambari-web/app/templates/main/service/item.hbs  |  56 ++---
 ambari-web/app/utils/ajax/ajax.js               |   4 +
 ambari-web/app/utils/db.js                      |   8 +
 ambari-web/app/utils/helper.js                  |   8 +-
 ambari-web/app/utils/host_progress_popup.js     |   2 +-
 .../app/views/common/configs/controls_view.js   |   2 +-
 ambari-web/app/views/common/table_view.js       |   4 +-
 .../main/admin/stack_upgrade/services_view.js   |   4 +-
 .../stack_upgrade/upgrade_version_box_view.js   |   4 +-
 ambari-web/app/views/main/host/details.js       |  11 +-
 .../views/main/host/hosts_table_menu_view.js    | 214 ++++++++++---------
 ambari-web/app/views/main/menu.js               |   2 +-
 .../app/views/main/service/info/summary.js      |   2 +-
 ambari-web/app/views/main/service/item.js       |   4 +-
 ambari-web/test/app_test.js                     | 117 +---------
 .../test/controllers/experimental_test.js       |   3 +-
 .../admin/stack_and_upgrade_controller_test.js  |   1 -
 .../test/controllers/wizard/step7_test.js       |  15 --
 ambari-web/test/router_test.js                  |   2 +-
 .../admin/stack_upgrade/services_view_test.js   |   8 +-
 .../upgrade_version_box_view_test.js            |  20 +-
 61 files changed, 418 insertions(+), 526 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/app.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/app.js b/ambari-web/app/app.js
index 0932964..881bfc3 100644
--- a/ambari-web/app/app.js
+++ b/ambari-web/app/app.js
@@ -36,6 +36,7 @@ module.exports = Em.Application.create({
   isAdmin: false,
   isOperator: false,
   isPermissionDataLoaded: false,
+  auth: null,
 
   /**
    * @type {boolean}
@@ -96,22 +97,14 @@ module.exports = Em.Application.create({
            App.router.get('mainAdminStackAndUpgradeController.isSuspended');
   }.property('upgradeIsRunning', 'upgradeAborted', 'router.wizardWatcherController.isNonWizardUser', 'router.mainAdminStackAndUpgradeController.isSuspended'),
 
-  /**
-   * compute user access rights by permission type
-   * types:
-   *  - ADMIN
-   *  - MANAGER
-   *  - OPERATOR
-   *  - ONLY_ADMIN
-   * prefix "upgrade_" mean that element will not be unconditionally blocked while stack upgrade running
-   * @param type {string}
-   * @return {boolean}
-   */
-  isAccessible: function (type) {
+  isAuthorized: function(authRoles, options) {
+    var result = false;
+    authRoles = $.map(authRoles.split(","), $.trim);
+
     if (!App.router.get('mainAdminStackAndUpgradeController.isSuspended') &&
         !App.get('supports.opsDuringRollingUpgrade') &&
-        !['INIT', 'COMPLETED'].contains(this.get('upgradeState')) &&
-        !type.contains('upgrade_')) {
+        !['INIT', 'COMPLETED'].contains(this.get('upgradeState')) ||
+        !App.auth){
       return false;
     }
 
@@ -119,25 +112,11 @@ module.exports = Em.Application.create({
       return false;
     }
 
-    if (type.contains('upgrade_')) {
-      //slice off "upgrade_" prefix to have actual permission type
-      type = type.slice(8);
-    }
+    authRoles.forEach(function(auth) {
+      result = result || App.auth.contains(auth);
+    });
 
-    switch (type) {
-      case 'ADMIN':
-        return this.get('isAdmin');
-      case 'NON_ADMIN':
-        return !this.get('isAdmin');
-      case 'MANAGER':
-        return this.get('isAdmin') || this.get('isOperator');
-      case 'OPERATOR':
-        return this.get('isOperator');
-      case 'ONLY_ADMIN':
-        return this.get('isAdmin') && !this.get('isOperator');
-      default:
-        return false;
-    }
+    return result;
   },
 
   isStackServicesLoaded: false,

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/controllers/global/cluster_controller.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/controllers/global/cluster_controller.js b/ambari-web/app/controllers/global/cluster_controller.js
index 2201730..952995e 100644
--- a/ambari-web/app/controllers/global/cluster_controller.js
+++ b/ambari-web/app/controllers/global/cluster_controller.js
@@ -172,6 +172,7 @@ App.ClusterController = Em.Controller.extend(App.ReloadPopupMixin, {
    */
   loadClusterData: function () {
     var self = this;
+    this.loadAuthorizations();
     this.getAllHostNames();
     this.loadAmbariProperties();
     if (!App.get('clusterName')) {
@@ -350,6 +351,22 @@ App.ClusterController = Em.Controller.extend(App.ReloadPopupMixin, {
     });
   },
 
+  loadAuthorizations: function() {
+    return App.ajax.send({
+      name: 'router.user.authorizations',
+      sender: this,
+      data: {userName: App.db.getLoginName()},
+      success: 'loadAuthorizationsSuccessCallback'
+    });
+  },
+
+  loadAuthorizationsSuccessCallback: function(response) {
+    if (response.items) {
+      App.auth = response.items.mapProperty('AuthorizationInfo.authorization_id');
+      App.db.setAuth(App.auth);
+    }
+  },
+
   loadAmbariPropertiesSuccess: function (data) {
     this.set('ambariProperties', data.RootServiceComponents.properties);
     // Absence of 'jdk.name' and 'jce.name' properties says that ambari configured with custom jdk.

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/controllers/global/user_settings_controller.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/controllers/global/user_settings_controller.js b/ambari-web/app/controllers/global/user_settings_controller.js
index 80d9189..8a50059 100644
--- a/ambari-web/app/controllers/global/user_settings_controller.js
+++ b/ambari-web/app/controllers/global/user_settings_controller.js
@@ -183,7 +183,7 @@ App.UserSettingsController = Em.Controller.extend(App.UserPref, {
   showSettingsPopup: function() {
     var self = this;
     // Settings only for admins
-    if (!App.isAccessible('upgrade_ADMIN')) {
+    if (!App.isAuthorized('CLUSTER.UPGRADE_DOWNGRADE_STACK')) {
       return;
     }
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/controllers/main/service/info/configs.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/controllers/main/service/info/configs.js b/ambari-web/app/controllers/main/service/info/configs.js
index 5079ac5..d1f8ee4 100644
--- a/ambari-web/app/controllers/main/service/info/configs.js
+++ b/ambari-web/app/controllers/main/service/info/configs.js
@@ -118,7 +118,7 @@ App.MainServiceInfoConfigsController = Em.Controller.extend(App.ConfigsLoader, A
    */
   canEdit: function () {
     return (this.get('selectedVersion') == this.get('currentDefaultVersion') || !this.get('selectedConfigGroup.isDefault'))
-        && !this.get('isCompareMode') && App.isAccessible('MANAGER') && !this.get('isHostsConfigsPage');
+        && !this.get('isCompareMode') && App.isAuthorized('SERVICE.MODIFY_CONFIGS') && !this.get('isHostsConfigsPage');
   }.property('selectedVersion', 'isCompareMode', 'currentDefaultVersion', 'selectedConfigGroup.isDefault'),
 
   serviceConfigs: Em.computed.alias('App.config.preDefinedServiceConfigs'),

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/controllers/wizard/step7_controller.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/controllers/wizard/step7_controller.js b/ambari-web/app/controllers/wizard/step7_controller.js
index bb366d7..c9d3da7 100644
--- a/ambari-web/app/controllers/wizard/step7_controller.js
+++ b/ambari-web/app/controllers/wizard/step7_controller.js
@@ -517,7 +517,7 @@ App.WizardStep7Controller = Em.Controller.extend(App.ServerValidatorMixin, App.E
    * @method _updateIsEditableFlagForConfig
    */
   _updateIsEditableFlagForConfig: function (serviceConfigProperty, defaultGroupSelected) {
-    if (App.isAccessible('ADMIN')) {
+    if (App.isAuthorized('AMBARI.ADD_DELETE_CLUSTERS')) {
       if (defaultGroupSelected && !this.get('isHostsConfigsPage') && !Em.get(serviceConfigProperty, 'group')) {
         serviceConfigProperty.set('isEditable', serviceConfigProperty.get('isReconfigurable'));
       } else if (Em.get(serviceConfigProperty, 'group') && Em.get(serviceConfigProperty, 'group.name') == this.get('selectedConfigGroup.name')) {

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/mixins/common/userPref.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/mixins/common/userPref.js b/ambari-web/app/mixins/common/userPref.js
index 8ebc885..5a531f2 100644
--- a/ambari-web/app/mixins/common/userPref.js
+++ b/ambari-web/app/mixins/common/userPref.js
@@ -80,7 +80,7 @@ App.UserPref = Em.Mixin.create({
    * @param {Object} value
    */
   postUserPref: function (key, value) {
-    if (!App.isAccessible('upgrade_ADMIN')) {
+    if (!App.isAuthorized('CLUSTER.UPGRADE_DOWNGRADE_STACK')) {
       return $.Deferred().reject().promise();
     }
     var keyValuePair = {};

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/models/cluster_states.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/models/cluster_states.js b/ambari-web/app/models/cluster_states.js
index 8641f1f..17ea6c1 100644
--- a/ambari-web/app/models/cluster_states.js
+++ b/ambari-web/app/models/cluster_states.js
@@ -138,7 +138,7 @@ App.clusterStatus = Em.Object.create(App.UserPref, {
       if (response.localdb && !$.isEmptyObject(response.localdb)) {
         this.set('localdb', response.localdb);
         // restore HAWizard data if process was started
-        var isHAWizardStarted = App.isAccessible('ADMIN') && !App.isEmptyObject(response.localdb.HighAvailabilityWizard);
+        var isHAWizardStarted = App.isAuthorized('SERVICE.ENABLE_HA') && !App.isEmptyObject(response.localdb.HighAvailabilityWizard);
         if (params.data.overrideLocaldb || isHAWizardStarted) {
           var localdbTables = (App.db.data.app && App.db.data.app.tables) ? App.db.data.app.tables : {};
           var authenticated = Em.get(App, 'db.data.app.authenticated') || false;
@@ -195,10 +195,8 @@ App.clusterStatus = Em.Object.create(App.UserPref, {
    */
   setClusterStatus: function (newValue, opt) {
     if (App.get('testMode')) return false;
-    if (!App.isAccessible('ADMIN')) {
-      Em.assert('Non-Admin user should not execute setClusterStatus function', true);
-    }
     var user = App.db.getUser();
+    var auth = App.db.getAuth();
     var login = App.db.getLoginName();
     var val = {clusterName: this.get('clusterName')};
     if (newValue) {
@@ -221,6 +219,8 @@ App.clusterStatus = Em.Object.create(App.UserPref, {
       if (newValue.localdb) {
         if (newValue.localdb.app && newValue.localdb.app.user)
           delete newValue.localdb.app.user;
+        if (newValue.localdb.app && newValue.localdb.app.auth)
+          delete newValue.localdb.app.auth;
         if (newValue.localdb.app && newValue.localdb.app.loginName)
           delete newValue.localdb.app.loginName;
         if (newValue.localdb.app && newValue.localdb.app.tables)
@@ -231,11 +231,13 @@ App.clusterStatus = Em.Object.create(App.UserPref, {
         val.localdb = newValue.localdb;
       } else {
         delete App.db.data.app.user;
+        delete App.db.data.app.auth;
         delete App.db.data.app.loginName;
         delete App.db.data.app.tables;
         delete App.db.data.app.authenticated;
         val.localdb = App.db.data;
         App.db.setUser(user);
+        App.db.setAuth(auth);
         App.db.setLoginName(login);
       }
       if (!$.mocho) {

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/router.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/router.js b/ambari-web/app/router.js
index fa147e2..0df7485 100644
--- a/ambari-web/app/router.js
+++ b/ambari-web/app/router.js
@@ -304,6 +304,7 @@ App.Router = Em.Router.extend({
   },
 
   loginSuccessCallback: function(data, opt, params) {
+    var self = this;
     App.router.set('loginController.isSubmitDisabled', false);
     App.usersMapper.map({"items": [data]});
     this.setUserLoggedIn(decodeURIComponent(params.loginName));
@@ -311,18 +312,20 @@ App.Router = Em.Router.extend({
       loginName: params.loginName,
       loginData: data
     };
-    // no need to load cluster data if it's already loaded
-    if (this.get('clusterData')) {
-      this.loginGetClustersSuccessCallback(this.get('clusterData'), {}, requestData);
-    }
-    else {
-      App.ajax.send({
-        name: 'router.login.clusters',
-        sender: this,
-        data: requestData,
-        success: 'loginGetClustersSuccessCallback'
-      });
-    }
+    App.router.get('clusterController').loadAuthorizations().complete(function() {
+      // no need to load cluster data if it's already loaded
+      if (self.get('clusterData')) {
+        self.loginGetClustersSuccessCallback(self.get('clusterData'), {}, requestData);
+      }
+      else {
+        App.ajax.send({
+          name: 'router.login.clusters',
+          sender: self,
+          data: requestData,
+          success: 'loginGetClustersSuccessCallback'
+        });
+      }
+    });
   },
 
   loginErrorCallback: function(request) {
@@ -482,6 +485,7 @@ App.Router = Em.Router.extend({
     App.db.cleanUp();
     App.setProperties({
       isAdmin: false,
+      auth: null,
       isOperator: false,
       isPermissionDataLoaded: false
     });
@@ -582,6 +586,16 @@ App.Router = Em.Router.extend({
     }
   },
 
+  /**
+   * initialize Auth for user
+   */
+  initAuth: function(){
+    if (App.db) {
+      var auth = App.db.getAuth();
+      if(auth)
+        App.set('auth', auth);
+    }
+  },
 
   /**
    * Increment redirect count if <code>redirected</code> parameter passed.
@@ -655,6 +669,7 @@ App.Router = Em.Router.extend({
 
     enter: function(router){
       router.initAdmin();
+      router.initAuth();
       router.handleUIRedirect();
     },
 
@@ -701,7 +716,7 @@ App.Router = Em.Router.extend({
     adminView: Em.Route.extend({
       route: '/adminView',
       enter: function (router) {
-        if (!router.get('loggedIn') || !App.isAccessible('upgrade_ADMIN') || App.isAccessible('upgrade_OPERATOR')) {
+        if (!router.get('loggedIn') || !App.isAuthorized('CLUSTER.UPGRADE_DOWNGRADE_STACK')) {
           Em.run.next(function () {
             router.transitionTo('login');
           });
@@ -718,7 +733,7 @@ App.Router = Em.Router.extend({
     experimental: Em.Route.extend({
       route: '/experimental',
       enter: function (router, context) {
-        if (App.isAccessible('upgrade_OPERATOR')) {
+        if (App.isAuthorized('CLUSTER.UPGRADE_DOWNGRADE_STACK')) {
           Em.run.next(function () {
             if (router.get('clusterInstallCompleted')) {
               router.transitionTo("main.dashboard.widgets");
@@ -726,14 +741,14 @@ App.Router = Em.Router.extend({
               router.route("installer");
             }
           });
-        } else if (!App.isAccessible('upgrade_ADMIN')) {
+        } else if (!App.isAuthorized('CLUSTER.UPGRADE_DOWNGRADE_STACK')) {
           Em.run.next(function () {
             router.transitionTo("main.views.index");
           });
         }
       },
       connectOutlets: function (router, context) {
-        if (App.isAccessible('upgrade_ONLY_ADMIN')) {
+        if (App.isAuthorized('CLUSTER.UPGRADE_DOWNGRADE_STACK')) {
           App.router.get('experimentalController').loadSupports().complete(function () {
             $('title').text(Em.I18n.t('app.name.subtitle.experimental'));
             router.get('applicationController').connectOutlet('experimental');

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/routes/add_alert_definition_routes.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/routes/add_alert_definition_routes.js b/ambari-web/app/routes/add_alert_definition_routes.js
index c1b7686..c211954 100644
--- a/ambari-web/app/routes/add_alert_definition_routes.js
+++ b/ambari-web/app/routes/add_alert_definition_routes.js
@@ -23,7 +23,7 @@ module.exports = App.WizardRoute.extend({
   route: '/alerts/add',
 
   enter: function (router) {
-    if (App.isAccessible('ADMIN')) {
+    if (App.isAuthorized('SERVICE.TOGGLE_ALERTS')) {
       Em.run.next(function () {
         var addAlertDefinitionController = router.get('addAlertDefinitionController');
         App.router.get('updateController').set('isWorking', false);

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/routes/add_service_routes.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/routes/add_service_routes.js b/ambari-web/app/routes/add_service_routes.js
index f305b0c..35b06ab 100644
--- a/ambari-web/app/routes/add_service_routes.js
+++ b/ambari-web/app/routes/add_service_routes.js
@@ -23,7 +23,7 @@ module.exports = App.WizardRoute.extend({
   route: '/service/add',
 
   enter: function (router) {
-    if (App.isAccessible('ADMIN')) {
+    if (App.isAuthorized('SERVICE.ADD_DELETE_SERVICES')) {
       // `getSecurityStatus` call is required to retrieve information related to kerberos type: Manual or automated kerberos
       router.get('mainController').isLoading.call(router.get('clusterController'),'isClusterNameLoaded').done(function () {
         App.router.get('mainAdminKerberosController').getSecurityStatus().always(function () {

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/routes/installer.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/routes/installer.js b/ambari-web/app/routes/installer.js
index 4fb6c45..e37a05d 100644
--- a/ambari-web/app/routes/installer.js
+++ b/ambari-web/app/routes/installer.js
@@ -40,7 +40,7 @@ module.exports = Em.Route.extend(App.RouterRedirections, {
             $('#main').addClass('install-wizard-content');
 
             App.router.get('mainViewsController').loadAmbariViews();
-            if (App.isAccessible('ADMIN')) {
+            if (App.isAuthorized('AMBARI.ADD_DELETE_CLUSTERS')) {
               router.get('mainController').stopPolling();
               Em.run.next(function () {
                 App.clusterStatus.updateFromServer().complete(function () {

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/routes/main.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/routes/main.js b/ambari-web/app/routes/main.js
index 990abb6..dbdd6df 100644
--- a/ambari-web/app/routes/main.js
+++ b/ambari-web/app/routes/main.js
@@ -327,7 +327,7 @@ module.exports = Em.Route.extend(App.RouterRedirections, {
   admin: Em.Route.extend({
     route: '/admin',
     enter: function (router, transition) {
-      if (router.get('loggedIn') && !App.isAccessible('upgrade_ADMIN')) {
+      if (router.get('loggedIn') && !App.isAuthorized('CLUSTER.UPGRADE_DOWNGRADE_STACK')) {
         Em.run.next(function () {
           router.transitionTo('main.dashboard.index');
         });
@@ -335,7 +335,7 @@ module.exports = Em.Route.extend(App.RouterRedirections, {
     },
 
     routePath: function (router, event) {
-      if (!App.isAccessible('upgrade_ADMIN')) {
+      if (!App.isAuthorized('CLUSTER.UPGRADE_DOWNGRADE_STACK')) {
         Em.run.next(function () {
           App.router.transitionTo('main.dashboard.index');
         });

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/templates/application.hbs
----------------------------------------------------------------------
diff --git a/ambari-web/app/templates/application.hbs b/ambari-web/app/templates/application.hbs
index c3877f1..190f439 100644
--- a/ambari-web/app/templates/application.hbs
+++ b/ambari-web/app/templates/application.hbs
@@ -63,25 +63,25 @@
                 <li><a href="" id="about" {{action showAboutPopup target="controller"}}>{{t app.aboutAmbari}}</a></li>
                 {{#if App.router.clusterInstallCompleted}}
                   {{#if isClusterDataLoaded}}
-                    {{#isAccessible upgrade_ONLY_ADMIN}}
+                    {{#isAuthorized "CLUSTER.UPGRADE_DOWNGRADE_STACK"}}
                       <li><a href=""
                              id="manage-ambari" {{action goToAdminView target="controller"}}>{{t app.manageAmbari}}</a>
                       </li>
-                    {{/isAccessible}}
+                    {{/isAuthorized}}
                   {{/if}}
                 {{else}}
                   {{#if App.isPermissionDataLoaded}}
-                    {{#isAccessible upgrade_ONLY_ADMIN}}
+                    {{#isAuthorized "CLUSTER.UPGRADE_DOWNGRADE_STACK"}}
                       <li><a href=""
                              id="manage-ambari" {{action goToAdminView target="controller"}}>{{t app.manageAmbari}}</a>
                       </li>
-                    {{/isAccessible}}
+                    {{/isAuthorized}}
                   {{/if}}
                 {{/if}}
                 {{#if isClusterDataLoaded}}
-                  {{#isAccessible upgrade_ADMIN}}
+                  {{#isAuthorized "CLUSTER.UPGRADE_DOWNGRADE_STACK"}}
                     <li><a href="" {{action showSettingsPopup target="App.router.userSettingsController"}}>{{t app.settings}}</a></li>
-                  {{/isAccessible}}
+                  {{/isAuthorized}}
                 {{/if}}
                 {{#if showExitLink}}
                   <li class="break"></li>

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/templates/common/configs/config_history_flow.hbs
----------------------------------------------------------------------
diff --git a/ambari-web/app/templates/common/configs/config_history_flow.hbs b/ambari-web/app/templates/common/configs/config_history_flow.hbs
index 4f14920..027bb5f 100644
--- a/ambari-web/app/templates/common/configs/config_history_flow.hbs
+++ b/ambari-web/app/templates/common/configs/config_history_flow.hbs
@@ -29,7 +29,7 @@
 
   </div>
   <div class="version-info-bar-wrapper">
-    {{#isAccessible MANAGER}}
+    {{#isAuthorized "SERVICE.COMPARE_CONFIGS"}}
       <div {{bindAttr class="view.showCompareVersionBar::hidden :version-info-bar"}}>
           <div class="row-fluid">
               <div class="span1 remove-compare-bar" {{action removeCompareVersionBar target="view"}} data-toggle="arrow-tooltip" {{translateAttr data-original-title="services.service.config.configHistory.dismissIcon.tooltip"}}>
@@ -52,7 +52,7 @@
               </div>
           </div>
       </div>
-    {{/isAccessible}}
+    {{/isAuthorized}}
       <div class="version-info-bar">
         <div class="row-fluid">
             <div class="btn-group pull-left">
@@ -79,10 +79,10 @@
                       </div>
                       <div class="version-operations-buttons">
                         <button {{bindAttr disabled="serviceVersion.disabledActionAttr.view" class=":btn serviceVersion.isDisplayed:not-allowed-cursor" title="serviceVersion.disabledActionMessages.view"}} {{action doAction serviceVersion view.actionTypes.SWITCH target="view"}}><i class="icon-search"></i>&nbsp;{{t common.view}}</button>
-                        {{#isAccessible MANAGER}}
+                        {{#isAuthorized "SERVICE.COMPARE_CONFIGS"}}
                           <button {{bindAttr disabled="serviceVersion.disabledActionAttr.compare" class=":btn serviceVersion.isDisplayed:not-allowed-cursor" title="serviceVersion.disabledActionMessages.compare"}} {{action doAction serviceVersion view.actionTypes.COMPARE target="view"}}><i class="icon-copy"></i>&nbsp;{{t common.compare}}</button>
                           <button {{bindAttr disabled="serviceVersion.disabledActionAttr.revert" class=":btn serviceVersion.isCurrent:not-allowed-cursor serviceVersion.isCompatible::hidden" title="serviceVersion.disabledActionMessages.revert"}} {{action doAction serviceVersion view.actionTypes.REVERT target="view"}}>{{t dashboard.configHistory.info-bar.revert.button}}</button>
-                        {{/isAccessible}}
+                        {{/isAuthorized}}
                       </div>
                     </ul>
                   </li>
@@ -108,7 +108,7 @@
                 <strong>{{view.displayedServiceVersion.author}}</strong>&nbsp;{{t dashboard.configHistory.info-bar.authoredOn}}&nbsp;<strong>{{view.displayedServiceVersion.createdDate}}</strong>
               {{/if}}
             </div>
-          {{#isAccessible MANAGER}}
+          {{#isAuthorized "SERVICE.MODIFY_CONFIGS"}}
             <div class="pull-right operations-button">
                 <div {{bindAttr class="view.displayedServiceVersion.isCurrent::hidden"}}>
                     <button class="btn" {{action doCancel target="controller"}} {{bindAttr disabled="view.isDiscardDisabled"}}>{{t common.discard}}</button>
@@ -116,7 +116,7 @@
                 </div>
                 <button class="btn btn-success"  {{action doAction view.serviceVersionsReferences.displayed view.actionTypes.REVERT target="view"}} {{bindAttr disabled="view.versionActionsDisabled" class="view.displayedServiceVersion.canBeMadeCurrent::hidden"}}>{{view.displayedServiceVersion.makeCurrentButtonText}}</button>
             </div>
-          {{/isAccessible}}
+          {{/isAuthorized}}
         </div>
       </div>
   </div>

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/templates/common/configs/notifications_configs.hbs
----------------------------------------------------------------------
diff --git a/ambari-web/app/templates/common/configs/notifications_configs.hbs b/ambari-web/app/templates/common/configs/notifications_configs.hbs
index d58d076..984bd9a 100644
--- a/ambari-web/app/templates/common/configs/notifications_configs.hbs
+++ b/ambari-web/app/templates/common/configs/notifications_configs.hbs
@@ -46,7 +46,7 @@
               {{view viewClass serviceConfigBinding="this" categoryConfigsAllBinding="view.categoryConfigsAll" }}
 
               {{#if isRemovable}}
-                {{#isAccessible ADMIN}}
+                {{#isAuthorized "SERVICE.MODIFY_CONFIGS"}}
                   {{#unless this.isComparison}}
                     <a class="btn-small" href="#" data-toggle="tooltip"
                       {{action "removeProperty" this target="view"}}
@@ -54,7 +54,7 @@
                       <i class="icon-minus-sign"></i>
                     </a>
                   {{/unless}}
-                {{/isAccessible}}
+                {{/isAuthorized}}
               {{/if}}
 
               <span class="help-inline">{{errorMessage}}</span>
@@ -72,7 +72,7 @@
         {{view Ember.RadioButton name="tlsOrSsl" disabledBinding="view.configsAreDisabled" selectionBinding="view.tlsOrSsl" value="ssl"}} {{t installer.step7.misc.notification.use_ssl}}
       </div>
 
-      {{#isAccessible ADMIN}}
+      {{#isAuthorized "SERVICE.MODIFY_CONFIGS"}}
         {{#if view.canEdit}}
           {{#unless view.configsAreDisabled}}
             <div class="entry-row indent-1">
@@ -80,7 +80,7 @@
             </div>
           {{/unless}}
         {{/if}}
-      {{/isAccessible}}
+      {{/isAuthorized}}
     </form>
   </div>
 </div>

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/templates/common/configs/overriddenProperty.hbs
----------------------------------------------------------------------
diff --git a/ambari-web/app/templates/common/configs/overriddenProperty.hbs b/ambari-web/app/templates/common/configs/overriddenProperty.hbs
index 8a8df0a..9500b90 100644
--- a/ambari-web/app/templates/common/configs/overriddenProperty.hbs
+++ b/ambari-web/app/templates/common/configs/overriddenProperty.hbs
@@ -42,13 +42,13 @@
             <i class="icon-undo"></i>
           </a>
         {{/if}}
-        {{#isAccessible ADMIN}}
+        {{#isAuthorized "SERVICE.MODIFY_CONFIGS"}}
           <a class="btn-small" href="#" data-toggle="tooltip"
             {{action "removeOverride" overriddenSCP target="view"}}
             {{translateAttr data-original-title="common.remove"}}>
             <i class="icon-minus-sign"></i>
           </a>
-        {{/isAccessible}}
+        {{/isAuthorized}}
           <span class="help-inline">{{overriddenSCP.errorMessage}}</span>
       {{else}}
         <a class="action">{{overriddenSCP.group.switchGroupTextShort}}</a> <i class="icon-spinner"></i>

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/templates/common/configs/service_config.hbs
----------------------------------------------------------------------
diff --git a/ambari-web/app/templates/common/configs/service_config.hbs b/ambari-web/app/templates/common/configs/service_config.hbs
index 29b05fe..021b1a3 100644
--- a/ambari-web/app/templates/common/configs/service_config.hbs
+++ b/ambari-web/app/templates/common/configs/service_config.hbs
@@ -70,13 +70,13 @@
         <div class="pull-left spinner"></div>
       {{/if}}
 		</span>
-    {{#isAccessible ADMIN}}
       {{#if controller.isHostsConfigsPage}}
         &nbsp;<a href="#" {{action "switchHostGroup" target="controller"}}>{{t common.change}}</a>
       {{else}}
-        <a href="#" class="link-left-pad" {{action "manageConfigurationGroup" target="controller"}}>{{t services.service.actions.manage_configuration_groups.short}}</a>
+        {{#isAuthorized "SERVICE.MANAGE_CONFIG_GROUPS"}}
+            <a href="#" class="link-left-pad" {{action "manageConfigurationGroup" target="controller"}}>{{t services.service.actions.manage_configuration_groups.short}}</a>
+        {{/isAuthorized}}
       {{/if}}
-    {{/isAccessible}}
     <div class="pull-right">
       {{view App.FilterComboCleanableView filterBinding="view.filter" columnsBinding="view.columns" popoverDescriptionBinding="view.propertyFilterPopover"}}
     </div>

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/templates/common/configs/service_config_category.hbs
----------------------------------------------------------------------
diff --git a/ambari-web/app/templates/common/configs/service_config_category.hbs b/ambari-web/app/templates/common/configs/service_config_category.hbs
index bfd77bd..90f78d2 100644
--- a/ambari-web/app/templates/common/configs/service_config_category.hbs
+++ b/ambari-web/app/templates/common/configs/service_config_category.hbs
@@ -92,7 +92,7 @@
       {{/each}}
 
       {{! For Advanced, Advanced Core Site, Advanced HDFS Site sections, show the 'Add Property' link.}}
-      {{#isAccessible ADMIN}}
+      {{#isAuthorized "SERVICE.MODIFY_CONFIGS"}}
         {{#if view.canEdit}}
           {{#if view.category.customCanAddProperty}}
             <div>
@@ -101,7 +101,7 @@
             </div>
           {{/if}}
         {{/if}}
-      {{/isAccessible}}
+      {{/isAuthorized}}
     </form>
   </div>
 </div>

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/templates/common/configs/service_config_wizard.hbs
----------------------------------------------------------------------
diff --git a/ambari-web/app/templates/common/configs/service_config_wizard.hbs b/ambari-web/app/templates/common/configs/service_config_wizard.hbs
index 11c8d32..b297d1d 100644
--- a/ambari-web/app/templates/common/configs/service_config_wizard.hbs
+++ b/ambari-web/app/templates/common/configs/service_config_wizard.hbs
@@ -35,13 +35,13 @@
         {{/each}}
       </ul>
 		</span>
-    {{#isAccessible ADMIN}}
+    {{#isAuthorized "SERVICE.MANAGE_CONFIG_GROUPS"}}
       {{#if controller.isHostsConfigsPage}}
         &nbsp;<a href="#" {{action "switchHostGroup" target="controller"}}>{{t common.change}}</a>
       {{else}}
         <a href="#"  class="link-left-pad" {{action "manageConfigurationGroup" target="controller"}}>{{t services.service.actions.manage_configuration_groups.short}}</a>
       {{/if}}
-    {{/isAccessible}}
+    {{/isAuthorized}}
     <div class="pull-right">
       {{view App.FilterComboCleanableView filterBinding="view.filter" columnsBinding="view.columns" popoverDescriptionBinding="view.propertyFilterPopover"}}
     </div>

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/templates/common/configs/service_version_box.hbs
----------------------------------------------------------------------
diff --git a/ambari-web/app/templates/common/configs/service_version_box.hbs b/ambari-web/app/templates/common/configs/service_version_box.hbs
index e4be74f..fe5b8b4 100644
--- a/ambari-web/app/templates/common/configs/service_version_box.hbs
+++ b/ambari-web/app/templates/common/configs/service_version_box.hbs
@@ -44,10 +44,10 @@
       </div>
       <div class="version-operations-buttons">
         <button {{bindAttr disabled="view.disabledActionAttr.view" class=":btn view.serviceVersion.isDisplayed:not-allowed-cursor" title="view.disabledActionMessages.view"}} {{action doAction view.serviceVersion view.actionTypes.SWITCH target="view.parentView"}}><i class="icon-search"></i>&nbsp;{{t common.view}}</button>
-        {{#isAccessible MANAGER}}
+        {{#isAuthorized "SERVICE.COMPARE_CONFIGS"}}
           <button {{bindAttr disabled="view.disabledActionAttr.compare" class=":btn view.serviceVersion.isDisplayed:not-allowed-cursor" title="view.disabledActionMessages.compare"}} {{action doAction view.serviceVersion view.actionTypes.COMPARE target="view.parentView"}}><i class="icon-copy"></i>&nbsp;{{t common.compare}}</button>
           <button {{bindAttr disabled="view.disabledActionAttr.revert" class=":btn view.serviceVersion.isCurrent:not-allowed-cursor view.serviceVersion.isCompatible::hidden" title="view.disabledActionMessages.revert"}} {{action doAction view.serviceVersion view.actionTypes.REVERT target="view.parentView"}}>{{t dashboard.configHistory.info-bar.revert.button}}</button>
-        {{/isAccessible}}
+        {{/isAuthorized}}
       </div>
     </div>
   </div>

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/templates/common/configs/widgets/controls.hbs
----------------------------------------------------------------------
diff --git a/ambari-web/app/templates/common/configs/widgets/controls.hbs b/ambari-web/app/templates/common/configs/widgets/controls.hbs
index 210f942..d6278d9 100644
--- a/ambari-web/app/templates/common/configs/widgets/controls.hbs
+++ b/ambari-web/app/templates/common/configs/widgets/controls.hbs
@@ -69,18 +69,18 @@
       {{/if}}
       {{#unless view.isOriginalSCP}}
         {{#unless view.disabled}}
-          {{#isAccessible ADMIN}}
+          {{#isAuthorized "SERVICE.MODIFY_CONFIGS"}}
             <a {{bindAttr class=":widget-action :widget-action-remove view.isHover:show:hide"}} href="#"
                                                                                                 data-toggle="tooltip"
               {{action "removeOverride" view.config target="view.parentView"}}
               {{translateAttr data-original-title="common.remove"}}>
               <i class="icon-minus-sign"></i>
             </a>
-          {{/isAccessible}}
+          {{/isAuthorized}}
         {{/unless}}
       {{/unless}}
       {{#if view.overrideAllowed}}
-        {{#isAccessible ADMIN}}
+        {{#isAuthorized "SERVICE.MODIFY_CONFIGS"}}
           <div {{bindAttr class=":widget-action :widget-action-override view.isHover:show:hide"}}>
             <a class="widget-action widget-action-override" href="#" data-toggle="tooltip"
               {{action "createOverrideProperty" view.config target="view.parentView"}}
@@ -88,7 +88,7 @@
               <i class="icon-plus-sign"></i>
             </a>
           </div>
-        {{/isAccessible}}
+        {{/isAuthorized}}
       {{/if}}
     </div>
   </div>

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/templates/common/modal_popups/widget_browser_footer.hbs
----------------------------------------------------------------------
diff --git a/ambari-web/app/templates/common/modal_popups/widget_browser_footer.hbs b/ambari-web/app/templates/common/modal_popups/widget_browser_footer.hbs
index 72c2d80..3d58948 100644
--- a/ambari-web/app/templates/common/modal_popups/widget_browser_footer.hbs
+++ b/ambari-web/app/templates/common/modal_popups/widget_browser_footer.hbs
@@ -17,11 +17,9 @@
 }}
 
 <div class="modal-footer">
-  {{#isAccessible ADMIN}}
     <label id="footer-checkbox">
       {{view Ember.Checkbox classNames="checkbox" checkedBinding="view.parentView.isShowMineOnly"}} &nbsp;
       {{t dashboard.widgets.browser.footer.checkbox}}
     </label>
-  {{/isAccessible}}
   <button class="btn btn-success" {{action onPrimary target="view"}}>{{t common.close}}</button>
 </div>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/templates/common/modal_popups/widget_browser_popup.hbs
----------------------------------------------------------------------
diff --git a/ambari-web/app/templates/common/modal_popups/widget_browser_popup.hbs b/ambari-web/app/templates/common/modal_popups/widget_browser_popup.hbs
index 3396cb6..b34dc75 100644
--- a/ambari-web/app/templates/common/modal_popups/widget_browser_popup.hbs
+++ b/ambari-web/app/templates/common/modal_popups/widget_browser_popup.hbs
@@ -20,13 +20,11 @@
   {{#if view.isLoaded}}
     <div class="widget-browser-content">
       <!--Create new widget button-->
-      {{#isAccessible ADMIN}}
         <div class="btn-group pull-right" id="create-widget-button">
           <button type="button" class="btn btn-primary" {{action "createWidget" target="view"}} >
             <i class="icon-plus"></i> &nbsp; {{t dashboard.widgets.create}}
           </button>
         </div>
-      {{/isAccessible}}
 
       <!--Filters bar: service name filter, status filter here-->
       <ul id="services-filter-bar" class="nav nav-tabs">
@@ -64,7 +62,6 @@
                         <i class="icon-ok"></i> &nbsp; {{t dashboard.widgets.browser.action.added}}
                     </button>
                   {{else}}
-                    {{#isAccessible ADMIN}}
                       <button class="btn btn-default dropdown-toggle" data-toggle="dropdown">
                         {{t common.more}}<span class="caret"></span>
                       </button>
@@ -82,7 +79,6 @@
                           {{/unless}}
                         </li>
                       </ul>
-                    {{/isAccessible}}
                     <button type="button" class="btn btn-default" {{action "addWidget" widget target="controller"}} >
                       {{t dashboard.widgets.browser.action.add}}
                     </button>

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/templates/common/widget/gauge_widget.hbs
----------------------------------------------------------------------
diff --git a/ambari-web/app/templates/common/widget/gauge_widget.hbs b/ambari-web/app/templates/common/widget/gauge_widget.hbs
index d31d743..b35d959 100644
--- a/ambari-web/app/templates/common/widget/gauge_widget.hbs
+++ b/ambari-web/app/templates/common/widget/gauge_widget.hbs
@@ -22,7 +22,6 @@
       <i class="icon-remove-sign icon-large"></i>
     </a>
     <div class="caption title span11">{{view.content.widgetName}}</div>
-    {{#isAccessible ADMIN}}
       <div class="widget-icons">
         <a class="corner-icon pull-right" href="#" {{action editWidget target="view"}}>
           <i class="icon-edit"></i>
@@ -31,7 +30,6 @@
           <i class="icon-copy"></i>
         </a>
       </div>
-    {{/isAccessible}}
     <div class="content">
       {{#if view.isUnavailable}}
         {{#if view.isOverflowed}}

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/templates/common/widget/graph_widget.hbs
----------------------------------------------------------------------
diff --git a/ambari-web/app/templates/common/widget/graph_widget.hbs b/ambari-web/app/templates/common/widget/graph_widget.hbs
index 062253a..96d4746 100644
--- a/ambari-web/app/templates/common/widget/graph_widget.hbs
+++ b/ambari-web/app/templates/common/widget/graph_widget.hbs
@@ -22,7 +22,6 @@
       <i class="icon-remove-sign icon-large"></i>
     </a>
     <div class="caption title span11">{{view.content.widgetName}}</div>
-    {{#isAccessible ADMIN}}
       <div class="widget-icons">
         <a {{bindAttr class="view.isExportButtonHidden:hidden :corner-icon :pull-right"}} href="#" {{action toggleFormatsList target="view"}}>
           <i class="icon-save"></i>
@@ -35,7 +34,6 @@
         </a>
         {{view view.exportMetricsMenuView}}
       </div>
-    {{/isAccessible}}
     <div class="content"> {{view view.graphView}}</div>
 
   {{else}}

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/templates/common/widget/number_widget.hbs
----------------------------------------------------------------------
diff --git a/ambari-web/app/templates/common/widget/number_widget.hbs b/ambari-web/app/templates/common/widget/number_widget.hbs
index 2a82891..f1a2f3c 100644
--- a/ambari-web/app/templates/common/widget/number_widget.hbs
+++ b/ambari-web/app/templates/common/widget/number_widget.hbs
@@ -22,7 +22,6 @@
       <i class="icon-remove-sign icon-large"></i>
     </a>
     <div class="caption title span11">{{view.content.widgetName}}</div>
-    {{#isAccessible ADMIN}}
     <div class="widget-icons">
       <a class="corner-icon pull-right" href="#" {{action editWidget target="view"}}>
         <i class="icon-edit"></i>
@@ -31,7 +30,6 @@
         <i class="icon-copy"></i>
       </a>
       </div>
-    {{/isAccessible}}
     <div {{bindAttr class="view.contentColor :content"}}>{{view.displayValue}}</div>
     {{#if view.content.description}}
       <div class="hidden-description">

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/templates/common/widget/template_widget.hbs
----------------------------------------------------------------------
diff --git a/ambari-web/app/templates/common/widget/template_widget.hbs b/ambari-web/app/templates/common/widget/template_widget.hbs
index 2d2bff7..75d6f46 100644
--- a/ambari-web/app/templates/common/widget/template_widget.hbs
+++ b/ambari-web/app/templates/common/widget/template_widget.hbs
@@ -22,7 +22,6 @@
       <i class="icon-remove-sign icon-large"></i>
     </a>
     <div class="caption title span11">{{view.content.widgetName}}</div>
-    {{#isAccessible ADMIN}}
       <div class="widget-icons">
         <a class="corner-icon pull-right" href="#" {{action editWidget target="view"}}>
           <i class="icon-edit"></i>
@@ -31,7 +30,6 @@
           <i class="icon-copy"></i>
         </a>
       </div>
-    {{/isAccessible}}
     <div {{bindAttr class="view.contentColor :content"}}>{{{view.displayValue}}}</div>
     {{#if view.content.description}}
       <div class="hidden-description">

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/templates/main/admin/kerberos.hbs
----------------------------------------------------------------------
diff --git a/ambari-web/app/templates/main/admin/kerberos.hbs b/ambari-web/app/templates/main/admin/kerberos.hbs
index 3dbc4d0..341b2f5 100644
--- a/ambari-web/app/templates/main/admin/kerberos.hbs
+++ b/ambari-web/app/templates/main/admin/kerberos.hbs
@@ -19,7 +19,7 @@
   {{#if securityEnabled}}
     <div>
       <p class="text-success">{{t admin.security.enabled}}
-        {{#isAccessible ADMIN}}
+        {{#isAuthorized "CLUSTER.TOGGLE_KERBEROS"}}
           <button class="btn btn-padding btn-warning admin-disable-security-btn" {{bindAttr disabled="isKerberosButtonsDisabled"}} {{action notifySecurityOffPopup target="controller"}}>{{t admin.kerberos.button.disable}} </button>
           {{#unless isManualKerberos}}
             <button class="btn btn-success" id="regenerate-keytabs" {{bindAttr disabled="isKerberosButtonsDisabled"}} {{action regenerateKeytabs target="controller"}}>
@@ -37,7 +37,7 @@
               {{t common.edit}}
             </a>
           {{/unless}}
-        {{/isAccessible}}
+        {{/isAuthorized}}
       </p>
     </div>
     <div id="serviceConfig">
@@ -55,10 +55,10 @@
   {{else}}
     <div>
       <p class="muted background-text">{{t admin.security.disabled}}
-        {{#isAccessible ADMIN}}
-          <a class="btn btn-padding btn-success admin-enable-security-btn" {{action checkAndStartKerberosWizard target="controller"}}>{{t admin.kerberos.button.enable}} </a>
-          <br/>
-        {{/isAccessible}}
+      {{#isAuthorized "CLUSTER.TOGGLE_KERBEROS"}}
+        <a class="btn btn-padding btn-success admin-enable-security-btn" {{action checkAndStartKerberosWizard target="controller"}}>{{t admin.kerberos.button.enable}} </a>
+        <br/>
+      {{/isAuthorized}}
       </p>
     </div>
   {{/if}}

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/templates/main/admin/stack_upgrade/versions.hbs
----------------------------------------------------------------------
diff --git a/ambari-web/app/templates/main/admin/stack_upgrade/versions.hbs b/ambari-web/app/templates/main/admin/stack_upgrade/versions.hbs
index 0e69339..59eb33f 100644
--- a/ambari-web/app/templates/main/admin/stack_upgrade/versions.hbs
+++ b/ambari-web/app/templates/main/admin/stack_upgrade/versions.hbs
@@ -36,11 +36,11 @@
       {{/each}}
     </ul>
   </div>
-  {{#isAccessible upgrade_ONLY_ADMIN}}
+  {{#isAuthorized "CLUSTER.UPGRADE_DOWNGRADE_STACK"}}
     <button class="btn btn-primary pull-right" {{action goToVersions target="view"}} id="manage-versions-link">
       <i class="icon-external-link"></i>&nbsp;{{t admin.stackVersions.manageVersions}}
     </button>
-  {{/isAccessible}}
+  {{/isAuthorized}}
 </div>
 <div class="row-fluid">
   {{#if isLoaded}}

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/templates/main/alerts.hbs
----------------------------------------------------------------------
diff --git a/ambari-web/app/templates/main/alerts.hbs b/ambari-web/app/templates/main/alerts.hbs
index 8e056c4..e2028be 100644
--- a/ambari-web/app/templates/main/alerts.hbs
+++ b/ambari-web/app/templates/main/alerts.hbs
@@ -16,11 +16,11 @@
 * limitations under the License.
 }}
 
-{{#isAccessible ADMIN}}
+{{#isAuthorized "SERVICE.TOGGLE_ALERTS"}}
   <div id="alert-actions-button" class="pull-left">
     {{view App.MainAlertDefinitionActionsView controllerBinding="App.router.mainAlertDefinitionActionsController"}}
   </div>
-{{/isAccessible}}
+{{/isAuthorized}}
 
 <div id="alert-groups-filter" class="pull-left advanced-header-table groups-filter">
 {{#if App.router.clusterController.isAlertsLoaded}}
@@ -63,32 +63,22 @@
               <time class="timeago" {{bindAttr data-original-title="alertDefinition.lastTriggeredFormatted"}}>{{alertDefinition.lastTriggeredAgoFormatted}}</time>
             </td>
             <td class="last toggle-state-button alert-state">
-              {{#if alertDefinition.enabled}}
-                {{#isAccessible ADMIN}}
+              {{#if alertDefinition.enabled not=true}}
+                {{#isAuthorized "CLUSTER.TOGGLE_ALERTS"}}
                   <a href="#" {{action "toggleState" alertDefinition target="controller"}} {{bindAttr class="alertDefinition.enabled:alert-definition-enable:alert-definition-disable"}}>
                   <span class="enable-disable-button" {{bindAttr data-original-title="view.enabledTooltip"}}>
                     {{view.enabledDisplay}}
                   </span>
                   </a>
-                {{/isAccessible}}
-                {{#isAccessible NON_ADMIN}}
-                  <span {{bindAttr class="alertDefinition.enabled:alert-definition-enable:alert-definition-disable"}}>
-                    {{t alerts.table.state.enabled}}
-                  </span>
-                {{/isAccessible}}
+                {{/isAuthorized}}
               {{else}}
-                {{#isAccessible ADMIN}}
+                {{#isAuthorized "CLUSTER.TOGGLE_ALERTS"}}
                   <a href="#" {{action "toggleState" alertDefinition target="controller"}} {{bindAttr class="alertDefinition.enabled:alert-definition-enable:alert-definition-disable"}}>
                   <span class="enable-disable-button" {{bindAttr data-original-title="view.disabledTooltip"}}>
                     {{view.disabledDisplay}}
                   </span>
                   </a>
-                {{/isAccessible}}
-                {{#isAccessible NON_ADMIN}}
-                  <span {{bindAttr class="alertDefinition.enabled:alert-definition-enable:alert-definition-disable"}}>
-                    {{t alerts.table.state.disabled}}
-                  </span>
-                {{/isAccessible}}
+                {{/isAuthorized}}
               {{/if}}
             </td>
           </tr>

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/templates/main/alerts/definition_details.hbs
----------------------------------------------------------------------
diff --git a/ambari-web/app/templates/main/alerts/definition_details.hbs b/ambari-web/app/templates/main/alerts/definition_details.hbs
index 4b0f1d7..50ab611 100644
--- a/ambari-web/app/templates/main/alerts/definition_details.hbs
+++ b/ambari-web/app/templates/main/alerts/definition_details.hbs
@@ -41,10 +41,10 @@
           </span>
         {{/if}}
         {{#unless controller.editing.label.isEditing}}
-          {{#isAccessible ADMIN}}
+          {{#isAuthorized "SERVICE.TOGGLE_ALERTS"}}
             <a {{action edit controller.editing.label target="controller"}} class="edit-description-button"><i
                 class="icon-pencil"></i></a>
-          {{/isAccessible}}
+          {{/isAuthorized}}
         {{/unless}}
       </div>
       {{! Alert Definition Name end }}
@@ -69,14 +69,14 @@
           <h4>{{t common.configuration}}</h4>
         </div>
         <div class="pull-right span5 row-fluid" style="padding:0 10px;">
-          {{#isAccessible ADMIN}}
+          {{#isAuthorized "SERVICE.TOGGLE_ALERTS"}}
             {{#unless App.router.mainAlertDefinitionConfigsController.canEdit}}
               <a {{action editConfigs target="App.router.mainAlertDefinitionConfigsController"}}
                   class="pull-right edit-link">
                 {{t common.edit}}
               </a>
             {{/unless}}
-          {{/isAccessible}}
+          {{/isAuthorized}}
         </div>
       </div>
       {{view App.AlertDefinitionConfigsView contentBinding="view.controller.content" alertDefinitionTypeBinding="view.controller.content.type" canEdit=false}}
@@ -100,33 +100,23 @@
           <div class="span4 property-name">{{t alerts.table.state}}:</div>
           <div class="span8">
             {{#if controller.content.enabled}}
-              {{#isAccessible ADMIN}}
+              {{#isAuthorized "SERVICE.TOGGLE_ALERTS"}}
                 <a href="#" {{action "toggleState" controller.content target="controller"}} {{bindAttr class="controller.content.enabled:alert-definition-enable:alert-definition-disable"}}>
                   <span
                       class="enable-disable-button" {{translateAttr data-original-title="alerts.table.state.enabled.tooltip"}}>
                     {{view.enabledDisplay}}
                   </span>
                 </a>
-              {{/isAccessible}}
-              {{#isAccessible NON_ADMIN}}
-                <span {{bindAttr class="controller.content.enabled:alert-definition-enable:alert-definition-disable"}}>
-                  {{t alerts.table.state.enabled}}
-                </span>
-              {{/isAccessible}}
+              {{/isAuthorized}}
             {{else}}
-              {{#isAccessible ADMIN}}
+              {{#isAuthorized "SERVICE.TOGGLE_ALERTS"}}
                 <a href="#" {{action "toggleState" controller.content target="controller"}} {{bindAttr class="controller.content.enabled:alert-definition-enable:alert-definition-disable"}}>
                   <span
                       class="enable-disable-button" {{translateAttr data-original-title="alerts.table.state.disabled.tooltip"}}>
                     {{view.disabledDisplay}}
                   </span>
                 </a>
-              {{/isAccessible}}
-              {{#isAccessible NON_ADMIN}}
-                <span {{bindAttr class="controller.content.enabled:alert-definition-enable:alert-definition-disable"}}>
-                  {{t alerts.table.state.disabled}}
-                </span>
-              {{/isAccessible}}
+              {{/isAuthorized}}
             {{/if}}
           </div>
         </div>

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/templates/main/host.hbs
----------------------------------------------------------------------
diff --git a/ambari-web/app/templates/main/host.hbs b/ambari-web/app/templates/main/host.hbs
index f6bab03..66d38e4 100644
--- a/ambari-web/app/templates/main/host.hbs
+++ b/ambari-web/app/templates/main/host.hbs
@@ -20,9 +20,9 @@
 
   <div class="box-header row">
     <div class="hosts-actions pull-left">
-      {{#isAccessible ADMIN}}
+      {{#isAuthorized "HOST.ADD_DELETE_COMPONENTS, HOST.TOGGLE_MAINTENANCE, HOST.ADD_DELETE_HOSTS"}}
         {{view App.HostTableMenuView}}
-      {{/isAccessible}}
+      {{/isAuthorized}}
     </div>
     <div class="health-status-bar pull-left">
       {{#view view.statusFilter categoriesBinding="view.categories"}}

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/templates/main/host/bulk_operation_menu.hbs
----------------------------------------------------------------------
diff --git a/ambari-web/app/templates/main/host/bulk_operation_menu.hbs b/ambari-web/app/templates/main/host/bulk_operation_menu.hbs
index eecb991..fab2576 100644
--- a/ambari-web/app/templates/main/host/bulk_operation_menu.hbs
+++ b/ambari-web/app/templates/main/host/bulk_operation_menu.hbs
@@ -19,10 +19,10 @@
 <div class="dropdown bulk-menu">
   <a class="btn dropdown-toggle" data-toggle="dropdown" href="#">{{t common.actions}} <span class="caret"></span></a>
   <ul class="dropdown-menu">
-    {{#isAccessible ADMIN}}
+    {{#isAuthorized "HOST.ADD_DELETE_HOSTS"}}
       <li><a href="#" {{action addHost}}><i class="icon-plus icon-white"></i> {{t hosts.host.add}}</a></li>
       <li class="divider"></li>
-    {{/isAccessible}}
+    {{/isAuthorized}}
     <li class="dropdown-submenu">
       <a {{bindAttr class="view.parentView.showSelectedFilter::disabled"}} tabindex="-1" href="javascript:void(null);">{{view.menuItems.s.label}}
         ({{view.parentView.selectedHosts.length}})</a>

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/templates/main/host/details.hbs
----------------------------------------------------------------------
diff --git a/ambari-web/app/templates/main/host/details.hbs b/ambari-web/app/templates/main/host/details.hbs
index bcb087b..ea95d4f 100644
--- a/ambari-web/app/templates/main/host/details.hbs
+++ b/ambari-web/app/templates/main/host/details.hbs
@@ -31,7 +31,6 @@
     </div>
     <div class="content">
       {{view App.MainHostMenuView hostBinding="view.content"}}
-      {{#isAccessible ADMIN}}
         <div class="service-button">
           <div class="btn-group display-inline-block">
             <a href="javascript:void(null)" {{bindAttr class=":btn :dropdown-toggle"}} id="host-details-action-btn" data-toggle="dropdown">
@@ -64,7 +63,6 @@
             </ul>
           </div>
         </div>
-      {{/isAccessible}}
       {{outlet}}
     </div>
   </div>

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/templates/main/host/details/host_component.hbs
----------------------------------------------------------------------
diff --git a/ambari-web/app/templates/main/host/details/host_component.hbs b/ambari-web/app/templates/main/host/details/host_component.hbs
index 23cdb7c..4976632 100644
--- a/ambari-web/app/templates/main/host/details/host_component.hbs
+++ b/ambari-web/app/templates/main/host/details/host_component.hbs
@@ -18,11 +18,11 @@
 
 <div class="span7 component-label">
   {{#if view.isUpgradeFailed}}
-    {{#isAccessible ADMIN}}
+    {{#isAuthorized "HOST.ADD_DELETE_COMPONENTS"}}
       <a href="#" {{action "upgradeComponent" view.content target="controller"}} >
         <i title="Component upgrade failed" class="components-health icon-arrow-up"></i>
       </a>
-    {{/isAccessible}}
+    {{/isAuthorized}}
   {{else}}
     <span rel='componentHealthTooltip' {{bindAttr class="view.statusClass view.statusIconClass :components-health" data-original-title="view.componentTextStatus"}}></span>&nbsp;
   {{/if}}
@@ -42,7 +42,7 @@
   {{/unless}}
 </div>
 <div class="span5 pull-right">
-  {{#isAccessible ADMIN}}
+  {{#isAuthorized "SERVICE.DECOMMISSION_RECOMMISSION"}}
     <div class="btn-group pull-right">
       <a {{ bindAttr class="view.disabled :btn :dropdown-toggle"}} data-toggle="dropdown">
         {{view.componentTextStatus}}
@@ -63,22 +63,24 @@
           </li>
         {{/if}}
         {{#unless view.isInstalling}}
-          {{#if view.isStart}}
-            <li {{bindAttr class="view.isComponentDecommissioning:hidden view.noActionAvailable"}}>
-              <a href="javascript:void(null)" data-toggle="modal" {{action "stopComponent" view.content target="controller"}}>
-                {{t common.stop}}
-              </a>
-            </li>
-          {{/if}}
-          {{#unless view.isStart}}
-            {{#unless view.isInit}}
-              <li {{bindAttr class="view.isUpgradeFailed:hidden view.isInstallFailed:hidden view.isDecommissioning:hidden view.noActionAvailable"}}>
-                <a href="javascript:void(null)" data-toggle="modal" {{action "startComponent" view.content target="controller"}}>
-                  {{t common.start}}
+          {{#isAuthorized "SERVICE.START_STOP"}}
+            {{#if view.isStart}}
+              <li {{bindAttr class="view.isComponentDecommissioning:hidden view.noActionAvailable"}}>
+                <a href="javascript:void(null)" data-toggle="modal" {{action "stopComponent" view.content target="controller"}}>
+                  {{t common.stop}}
                 </a>
               </li>
+            {{/if}}
+            {{#unless view.isStart}}
+              {{#unless view.isInit}}
+                <li {{bindAttr class="view.isUpgradeFailed:hidden view.isInstallFailed:hidden view.isDecommissioning:hidden view.noActionAvailable"}}>
+                  <a href="javascript:void(null)" data-toggle="modal" {{action "startComponent" view.content target="controller"}}>
+                    {{t common.start}}
+                  </a>
+                </li>
+              {{/unless}}
             {{/unless}}
-          {{/unless}}
+          {{/isAuthorized}}
           {{#if view.isUpgradeFailed}}
             <li {{bindAttr class="view.noActionAvailable"}}>
               <a href="javascript:void(null)" data-toggle="modal" {{action "upgradeComponent" view.content target="controller"}}>
@@ -94,13 +96,16 @@
             </li>
           {{/if}}
           {{#if view.isReassignable}}
-            <li {{bindAttr class="view.noActionAvailable view.isMoveComponentDisabled:disabled"}}>
-              <a href="javascript:void(null)" data-toggle="modal" {{action "moveComponent" view.content target="controller"}}>
-                {{t common.move}}
-              </a>
-            </li>
+            {{#isAuthorized "SERVICE.MOVE"}}
+              <li {{bindAttr class="view.noActionAvailable view.isMoveComponentDisabled:disabled"}}>
+                <a href="javascript:void(null)" data-toggle="modal" {{action "moveComponent" view.content target="controller"}}>
+                  {{t common.move}}
+                </a>
+              </li>
+            {{/isAuthorized}}
           {{/if}}
-          <li {{bindAttr class="view.noActionAvailable"}}>
+          {{#isAuthorized "HOST.TOGGLE_MAINTENANCE"}}
+            <li {{bindAttr class="view.noActionAvailable"}}>
             <a href="javascript:void(null)"
                data-toggle="modal" {{action "toggleMaintenanceMode" view.content target="controller"}}>
               {{#if view.isActive}}
@@ -110,6 +115,7 @@
               {{/if}}
             </a>
           </li>
+          {{/isAuthorized}}
         {{/unless}}
         {{#if view.isInit}}
           <li>
@@ -119,11 +125,13 @@
           </li>
         {{/if}}
         {{#if view.isDeletableComponent}}
+          {{#isAuthorized "HOST.ADD_DELETE_COMPONENTS"}}
             <li {{bindAttr class="view.isDeleteComponentDisabled:disabled"}}>
                 <a href="javascript:void(null)" data-toggle="modal" {{action "deleteComponent" view.content target="controller"}}>
                   {{t common.delete}}
                 </a>
             </li>
+          {{/isAuthorized}}
         {{/if}}
         {{#if view.isRefreshConfigsAllowed}}
             <li>
@@ -140,5 +148,5 @@
       {{/each}}
       </ul>
     </div>
-  {{/isAccessible}}
+  {{/isAuthorized}}
 </div>

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/templates/main/host/stack_versions.hbs
----------------------------------------------------------------------
diff --git a/ambari-web/app/templates/main/host/stack_versions.hbs b/ambari-web/app/templates/main/host/stack_versions.hbs
index ea5a74b..55a4de2 100644
--- a/ambari-web/app/templates/main/host/stack_versions.hbs
+++ b/ambari-web/app/templates/main/host/stack_versions.hbs
@@ -51,9 +51,9 @@
           {{/if}}
         </td>
         <td class="install-repo-version align-center">
-          {{#isAccessible ADMIN}}
+          {{#isAuthorized "AMBARI.MANAGE_STACK_VERSIONS"}}
             <button class="btn" {{action installVersionConfirmation this target="controller"}} {{bindAttr disabled="this.installDisabled"}}><i class="icon-off"></i>&nbsp;{{t common.install}}</button>
-          {{/isAccessible}}
+          {{/isAuthorized}}
         </td>
       </tr>
     {{/each}}

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/templates/main/host/summary.hbs
----------------------------------------------------------------------
diff --git a/ambari-web/app/templates/main/host/summary.hbs b/ambari-web/app/templates/main/host/summary.hbs
index aff0349..6b4c7a5 100644
--- a/ambari-web/app/templates/main/host/summary.hbs
+++ b/ambari-web/app/templates/main/host/summary.hbs
@@ -26,7 +26,7 @@
             <h4>{{t common.components}}</h4>
           </div>
           <div class="pull-right span5 row-fluid" style="padding:0 10px;">
-            {{#isAccessible ADMIN}}
+            {{#isAuthorized "HOST.ADD_DELETE_COMPONENTS"}}
               <div class="btn-group pull-right">
                 <button id="add_component" data-toggle="dropdown" {{bindAttr class="view.addComponentDisabled:disabled :btn :dropdown-toggle"}}>
                   <span class="icon-plus"></span>&nbsp;{{t add}}
@@ -41,13 +41,13 @@
                   {{/each}}
                 </ul>
               </div>
-            {{/isAccessible}}
+            {{/isAuthorized}}
           </div>
         </div>
         <div class="host-components">
         {{#if view.sortedComponents.length}}
 
-          {{#isAccessible ADMIN}}
+          {{#isAuthorized "SERVICE.MODIFY_CONFIGS, SERVICE.START_STOP, HOST.ADD_DELETE_COMPONENTS, HOST.TOGGLE_MAINTENANCE"}}
             {{#if view.content.componentsWithStaleConfigsCount}}
               <div class="alert alert-warning clearfix">
                 <i class="icon-refresh"></i> {{view.needToRestartMessage}}
@@ -56,7 +56,7 @@
                   </button>
               </div>
             {{/if}}
-          {{/isAccessible}}
+          {{/isAuthorized}}
 
           {{#each component in view.sortedComponents}}
             <div class="row-fluid">
@@ -77,7 +77,7 @@
               {{/if}}
             </div>
             <div class="span5 row">
-              {{#isAccessible ADMIN}}
+              {{#isAuthorized "SERVICE.MODIFY_CONFIGS, SERVICE.START_STOP, HOST.ADD_DELETE_COMPONENTS, HOST.TOGGLE_MAINTENANCE"}}
                 {{#if view.clients.length}}
                   <div class="btn-group pull-right">
                     <button id="add_component" data-toggle="dropdown" {{bindAttr class=":btn :dropdown-toggle controller.content.isNotHeartBeating:disabled"}}>
@@ -115,7 +115,7 @@
                     </ul>
                   </div>
                 {{/if}}
-              {{/isAccessible}}
+              {{/isAuthorized}}
             </div>
           </div>
         </div>
@@ -136,9 +136,9 @@
 
                         <dt class="summary-rack-label">{{t common.rack}}:</dt>
                         <dd class="summary-rack-value">&nbsp;{{view.content.rack}}
-                          {{#isAccessible MANAGER}}
+                          {{#isAuthorized "HOST.TOGGLE_MAINTENANCE"}}
                             <a class="set-rack-id" {{action setRackId view.content target="controller"}}><i class="icon-pencil"></i></a>
-                          {{/isAccessible}}
+                          {{/isAuthorized}}
                         </dd>
 
                         <dt class="summary-os-label">{{t common.os}}:</dt>

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/templates/main/service/all_services_actions.hbs
----------------------------------------------------------------------
diff --git a/ambari-web/app/templates/main/service/all_services_actions.hbs b/ambari-web/app/templates/main/service/all_services_actions.hbs
index 1cc0270..63d916f 100644
--- a/ambari-web/app/templates/main/service/all_services_actions.hbs
+++ b/ambari-web/app/templates/main/service/all_services_actions.hbs
@@ -16,45 +16,49 @@
 * limitations under the License.
 }}
 
-{{#isAccessible ADMIN}}
-  <div class="service-button" style="margin-top: 10px;">
-    <div class="btn-group display-inline-block span11 offset1">
-      <a class="btn dropdown-toggle span10" data-toggle="dropdown" href="#">{{t common.actions}}
-        <span class="caret"></span>
-      </a>
-      <ul class="pull-left dropdown-menu">
-          <li {{bindAttr class="controller.isAllServicesInstalled:disabled"}}>
-            <a href="#"
-              {{bindAttr class="controller.isAllServicesInstalled:disabled"}}
-              {{action gotoAddService target="controller"}}>
-              <i class="icon-plus icon-white"></i> {{t services.service.add}}</a>
-          </li>
-          <li class="divider"></li>
-          <li {{bindAttr class="controller.isStartAllDisabled:disabled" }}>
-            <a href="#" data-toggle="modal"
-              {{bindAttr class="controller.isStartAllDisabled:disabled" }}
-              {{action "startAllService" target="controller"}}>
-              <i {{bindAttr class=":icon-play controller.isStartAllDisabled:disabled:enabled " }}></i>
-              {{t services.service.startAll}}
+{{#isAuthorized "SERVICE.START_STOP, SERVICE.ADD_DELETE_SERVICES"}}
+    <div class="service-button" style="margin-top: 10px;">
+        <div class="btn-group display-inline-block span11 offset1">
+            <a class="btn dropdown-toggle span10" data-toggle="dropdown" href="#">{{t common.actions}}
+                <span class="caret"></span>
             </a>
-          </li>
-          <li {{bindAttr class="controller.isStopAllDisabled:disabled" }}>
-            <a href="#" data-toggle="modal"
-              {{bindAttr class="controller.isStopAllDisabled:disabled" }}
-              {{action "stopAllService" target="controller"}}>
-              <i {{bindAttr class=":icon-stop controller.isStopAllDisabled:disabled:enabled" }}></i>
-              {{t services.service.stopAll}}
-            </a>
-          </li>
-          <li {{bindAttr class="controller.isRestartAllRequiredDisabled:disabled" }}>
-            <a href="#" data-toggle="modal"
-              {{bindAttr class="controller.isRestartAllRequiredDisabled:disabled" }}
-              {{action "restartAllRequired" target="controller"}}>
-              <i {{bindAttr class=":icon-repeat controller.isRestartAllRequiredDisabled:disabled:enabled" }}></i>
-              {{t services.service.restartAllRequired}}
-            </a>
-          </li>
-      </ul>
+            <ul class="pull-left dropdown-menu">
+                {{#isAuthorized "SERVICE.START_STOP"}}
+                    <li {{bindAttr class="controller.isAllServicesInstalled:disabled"}}>
+                        <a href="#"
+                            {{bindAttr class="controller.isAllServicesInstalled:disabled"}}
+                            {{action gotoAddService target="controller"}}>
+                            <i class="icon-plus icon-white"></i> {{t services.service.add}}</a>
+                    </li>
+                {{/isAuthorized}}
+                {{#isAuthorized "SERVICE.ADD_DELETE_SERVICES"}}
+                    <li class="divider"></li>
+                    <li {{bindAttr class="controller.isStartAllDisabled:disabled" }}>
+                        <a href="#" data-toggle="modal"
+                            {{bindAttr class="controller.isStartAllDisabled:disabled" }}
+                            {{action "startAllService" target="controller"}}>
+                            <i {{bindAttr class=":icon-play controller.isStartAllDisabled:disabled:enabled " }}></i>
+                            {{t services.service.startAll}}
+                        </a>
+                    </li>
+                    <li {{bindAttr class="controller.isStopAllDisabled:disabled" }}>
+                        <a href="#" data-toggle="modal"
+                            {{bindAttr class="controller.isStopAllDisabled:disabled" }}
+                            {{action "stopAllService" target="controller"}}>
+                            <i {{bindAttr class=":icon-stop controller.isStopAllDisabled:disabled:enabled" }}></i>
+                            {{t services.service.stopAll}}
+                        </a>
+                    </li>
+                    <li {{bindAttr class="controller.isRestartAllRequiredDisabled:disabled" }}>
+                        <a href="#" data-toggle="modal"
+                            {{bindAttr class="controller.isRestartAllRequiredDisabled:disabled" }}
+                            {{action "restartAllRequired" target="controller"}}>
+                            <i {{bindAttr class=":icon-repeat controller.isRestartAllRequiredDisabled:disabled:enabled" }}></i>
+                            {{t services.service.restartAllRequired}}
+                        </a>
+                    </li>
+                {{/isAuthorized}}
+            </ul>
+        </div>
     </div>
-  </div>
-{{/isAccessible}}
+{{/isAuthorized}}

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/templates/main/service/info/configs.hbs
----------------------------------------------------------------------
diff --git a/ambari-web/app/templates/main/service/info/configs.hbs b/ambari-web/app/templates/main/service/info/configs.hbs
index 8f4eb0b..40c597c 100644
--- a/ambari-web/app/templates/main/service/info/configs.hbs
+++ b/ambari-web/app/templates/main/service/info/configs.hbs
@@ -19,7 +19,7 @@
 <div id="serviceConfig">
   {{#if dataIsLoaded}}
     {{#if controller.content.isRestartRequired}}
-      {{#isAccessible ADMIN}}
+      {{#isAuthorized "SERVICE.START_STOP"}}
         <div>
           <div class="alert alert-warning clearfix">
             <i class="icon-refresh"></i> {{t services.service.config.restartService.needToRestart}}  <a
@@ -45,7 +45,7 @@
             </div>
           </div>
         </div>
-      {{/isAccessible}}
+      {{/isAuthorized}}
     {{/if}}
     <div class="clearfix"></div>
     {{view App.ServiceConfigView filterBinding="controller.filter" columnsBinding="controller.filterColumns" canEditBinding="controller.canEdit"}}

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/templates/main/service/info/summary.hbs
----------------------------------------------------------------------
diff --git a/ambari-web/app/templates/main/service/info/summary.hbs b/ambari-web/app/templates/main/service/info/summary.hbs
index 037ab16..eecd5d6 100644
--- a/ambari-web/app/templates/main/service/info/summary.hbs
+++ b/ambari-web/app/templates/main/service/info/summary.hbs
@@ -17,7 +17,7 @@
 }}
 
 {{#if view.service.isRestartRequired}}
-  {{#isAccessible ADMIN}}
+  {{#isAuthorized "SERVICE.START_STOP"}}
     <div id="summary-restart-bar">
       <div class="alert alert-warning clearfix">
         <i class="icon-refresh"></i> {{{view.needToRestartMessage}}} {{t services.service.config.restartService.needToRestart}}
@@ -43,7 +43,7 @@
         </div>
       </div>
     </div>
-  {{/isAccessible}}
+  {{/isAuthorized}}
 {{/if}}
 
 <div class="service-block">

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/templates/main/service/item.hbs
----------------------------------------------------------------------
diff --git a/ambari-web/app/templates/main/service/item.hbs b/ambari-web/app/templates/main/service/item.hbs
index f276884..ed989a1 100644
--- a/ambari-web/app/templates/main/service/item.hbs
+++ b/ambari-web/app/templates/main/service/item.hbs
@@ -56,7 +56,7 @@
     {{/if}}
   </div>
 
-{{#isAccessible ADMIN}}
+{{#isAuthorized "SERVICE.RUN_CUSTOM_COMMAND, SERVICE.RUN_SERVICE_CHECK, SERVICE.START_STOP, SERVICE.TOGGLE_MAINTENANCE, SERVICE.ENABLE_HA"}}
 <div class="service-button">
   {{#if view.isMaintenanceActive}}
     <div class="btn-group display-inline-block">
@@ -68,6 +68,7 @@
         <!-- dropdown menu links -->
 
         <!-- Start/Stop service actions -->
+        {{#isAuthorized "SERVICE.START_STOP"}}
         {{#unless controller.isClientsOnlyService}}
           <li {{bindAttr class="controller.isStartDisabled:disabled"}}>
             <a href="javascript:void(null)" {{bindAttr class="controller.isStartDisabled:disabled" }}
@@ -84,33 +85,36 @@
             </a>
           </li>
         {{/unless}}
-        {{#if view.maintenance.length}}
-          <!-- Other service actions -->
-          {{#each option in view.maintenance}}
-          <li {{bindAttr class="option.disabled option.isHidden:hidden option.hasSubmenu:dropdown-submenu option.hasSubmenu:submenu-left"}}>
-            <a {{action "doAction" option target="controller" href=true}} {{bindAttr data-title="option.tooltip"}} rel="HealthTooltip">
-                <i {{bindAttr class="option.cssClass"}}></i>
-                {{option.label}}
-            </a>
-            {{#if option.hasSubmenu}}
-              <div class="dropdown-menu-wrap">
-                <ul class="dropdown-menu">
-                  {{#each item in option.submenuOptions}}
-                    <li>
-                      <a {{action "doAction" item target="controller" href=true}}>{{item.context.label}}</a>
-                    </li>
-                  {{/each}}
-                </ul>
-              </div>
-            {{/if}}
-          </li>
-          {{/each}}
-        {{else}}
-          <div class="spinner service-button-spinner"></div>
-        {{/if}}
+        {{/isAuthorized}}
+        {{#isAuthorized "SERVICE.RUN_CUSTOM_COMMAND, SERVICE.RUN_SERVICE_CHECK, SERVICE.TOGGLE_MAINTENANCE, SERVICE.ENABLE_HA"}}
+          {{#if view.maintenance.length}}
+            <!-- Other service actions -->
+            {{#each option in view.maintenance}}
+            <li {{bindAttr class="option.disabled option.isHidden:hidden option.hasSubmenu:dropdown-submenu option.hasSubmenu:submenu-left"}}>
+              <a {{action "doAction" option target="controller" href=true}} {{bindAttr data-title="option.tooltip"}} rel="HealthTooltip">
+                  <i {{bindAttr class="option.cssClass"}}></i>
+                  {{option.label}}
+              </a>
+              {{#if option.hasSubmenu}}
+                <div class="dropdown-menu-wrap">
+                  <ul class="dropdown-menu">
+                    {{#each item in option.submenuOptions}}
+                      <li>
+                        <a {{action "doAction" item target="controller" href=true}}>{{item.context.label}}</a>
+                      </li>
+                    {{/each}}
+                  </ul>
+                </div>
+              {{/if}}
+            </li>
+            {{/each}}
+          {{else}}
+            <div class="spinner service-button-spinner"></div>
+          {{/if}}
+        {{/isAuthorized}}
       </ul>
     </div>
   {{/if}}
 </div>
-{{/isAccessible}}
+{{/isAuthorized}}
 {{outlet}}

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/utils/ajax/ajax.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/utils/ajax/ajax.js b/ambari-web/app/utils/ajax/ajax.js
index 80c1562..d1d76f3 100644
--- a/ambari-web/app/utils/ajax/ajax.js
+++ b/ambari-web/app/utils/ajax/ajax.js
@@ -2059,6 +2059,10 @@ var urls = {
     real: '/privileges?PrivilegeInfo/principal_name={userName}&fields=*',
     mock: '/data/users/privileges_{userName}.json'
   },
+  'router.user.authorizations': {
+    real: '/users/{userName}/authorizations?fields=*',
+    mock: '/data/users/privileges_{userName}.json'
+  },
   'router.login.clusters': {
     'real': '/clusters?fields=Clusters/provisioning_state',
     'mock': '/data/clusters/info.json'

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/utils/db.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/utils/db.js b/ambari-web/app/utils/db.js
index 366f5a4..858675f 100644
--- a/ambari-web/app/utils/db.js
+++ b/ambari-web/app/utils/db.js
@@ -189,6 +189,10 @@ App.db.setUser = function (user) {
   App.db.set('app', 'user', user);
 };
 
+App.db.setAuth = function (auth) {
+  App.db.set('app', 'auth', auth);
+};
+
 App.db.setAuthenticated = function (authenticated) {
   App.db.set('app', 'authenticated', authenticated);
   App.db.data = localStorage.getObject('ambari');
@@ -346,6 +350,10 @@ App.db.getUser = function () {
   return App.db.get('app', 'user');
 };
 
+App.db.getAuth = function () {
+  return App.db.get('app', 'auth');
+};
+
 App.db.getLoginName = function () {
   return App.db.get('app', 'loginName');
 };

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/utils/helper.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/utils/helper.js b/ambari-web/app/utils/helper.js
index cb71356..3e7caed 100644
--- a/ambari-web/app/utils/helper.js
+++ b/ambari-web/app/utils/helper.js
@@ -360,16 +360,16 @@ Em.Handlebars.registerHelper('highlight', function (property, words, fn) {
   return new Em.Handlebars.SafeString(property);
 });
 
-Em.Handlebars.registerHelper('isAccessible', function (property, options) {
+Em.Handlebars.registerHelper('isAuthorized', function (property, options) {
   var permission = Ember.Object.create({
-    isAccessible: function() {
-      return App.isAccessible(property);
+    isAuthorized: function() {
+      return App.isAuthorized(property);
     }.property('App.router.wizardWatcherController.isWizardRunning')
   });
 
   // wipe out contexts so boundIf uses `this` (the permission) as the context
   options.contexts = null;
-  return Ember.Handlebars.helpers.boundIf.call(permission, "isAccessible", options);
+  return Ember.Handlebars.helpers.boundIf.call(permission, "isAuthorized", options);
 });
 
 /**

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/utils/host_progress_popup.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/utils/host_progress_popup.js b/ambari-web/app/utils/host_progress_popup.js
index 689fde9..ce88db8 100644
--- a/ambari-web/app/utils/host_progress_popup.js
+++ b/ambari-web/app/utils/host_progress_popup.js
@@ -450,7 +450,7 @@ App.HostPopup = Em.Object.create({
           updatedService = this.createService(service);
           servicesInfo.insertAt(index, updatedService);
         }
-        updatedService.set('isAbortable',  App.isAccessible('MANAGER') &&  this.isAbortableByStatus(service.status));
+        updatedService.set('isAbortable',  App.isAuthorized('SERVICE.START_STOP') &&  this.isAbortableByStatus(service.status));
       }, this);
       this.removeOldServices(servicesInfo, currentServices);
       this.setBackgroundOperationHeader(isServiceListHidden);

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/views/common/configs/controls_view.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/views/common/configs/controls_view.js b/ambari-web/app/views/common/configs/controls_view.js
index 78fd950..de7002c 100644
--- a/ambari-web/app/views/common/configs/controls_view.js
+++ b/ambari-web/app/views/common/configs/controls_view.js
@@ -26,7 +26,7 @@ App.ControlsView = Ember.View.extend({
 	serviceConfigProperty: null,
 
 	showActions: function() {
-		return App.isAccessible('ADMIN') && this.get('serviceConfigProperty.isRequiredByAgent') && !this.get('serviceConfigProperty.isComparison');
+		return App.isAuthorized('SERVICE.MODIFY_CONFIGS') && this.get('serviceConfigProperty.isRequiredByAgent') && !this.get('serviceConfigProperty.isComparison');
 	}.property('serviceConfigProperty.isEditable', 'serviceConfigProperty.isRequiredByAgent', 'serviceConfigProperty.isComparison'),
 
 	showSwitchToGroup: Em.computed.and('!serviceConfigProperty.isEditable', 'serviceConfigProperty.group'),

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/views/common/table_view.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/views/common/table_view.js b/ambari-web/app/views/common/table_view.js
index 823cb40..28c6477 100644
--- a/ambari-web/app/views/common/table_view.js
+++ b/ambari-web/app/views/common/table_view.js
@@ -161,7 +161,7 @@ App.TableView = Em.View.extend(App.UserPref, {
     // this user is first time login
     var displayLengthDefault = this.get('defaultDisplayLength');
     this.set('displayLength', displayLengthDefault);
-    if (App.isAccessible('upgrade_ADMIN')) {
+    if (App.isAuthorized('SERVICE.VIEW_METRICS')) {
       this.saveDisplayLength();
     }
     this.filter();
@@ -369,7 +369,7 @@ App.TableView = Em.View.extend(App.UserPref, {
     Em.run.next(function() {
       App.db.setDisplayLength(self.get('controller.name'), self.get('displayLength'));
       if (!App.get('testMode')) {
-        if (App.isAccessible('upgrade_ADMIN')) {
+        if (App.isAuthorized('SERVICE.VIEW_METRICS')) {
           self.postUserPref(self.displayLengthKey(), self.get('displayLength'));
         }
       }

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/views/main/admin/stack_upgrade/services_view.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/views/main/admin/stack_upgrade/services_view.js b/ambari-web/app/views/main/admin/stack_upgrade/services_view.js
index df0a05a..8805c47 100644
--- a/ambari-web/app/views/main/admin/stack_upgrade/services_view.js
+++ b/ambari-web/app/views/main/admin/stack_upgrade/services_view.js
@@ -23,7 +23,7 @@ App.MainAdminStackServicesView = Em.View.extend({
   templateName: require('templates/main/admin/stack_upgrade/services'),
 
   isAddServiceAvailable: function () {
-    return App.isAccessible('ADMIN');
+    return App.isAuthorized('CLUSTER.UPGRADE_DOWNGRADE_STACK');
   }.property('App.supports.opsDuringRollingUpgrade', 'App.upgradeState', 'App.isAdmin'),
 
   /**
@@ -51,7 +51,7 @@ App.MainAdminStackServicesView = Em.View.extend({
    * @param event
    */
   goToAddService: function (event) {
-    if (!App.isAccessible('ADMIN')) {
+    if (!App.isAuthorized('SERVICE.ADD_DELETE_SERVICES')) {
       return;
     } else if (event.context == "KERBEROS") {
       App.router.get('mainAdminKerberosController').checkAndStartKerberosWizard();

http://git-wip-us.apache.org/repos/asf/ambari/blob/10c51442/ambari-web/app/views/main/admin/stack_upgrade/upgrade_version_box_view.js
----------------------------------------------------------------------
diff --git a/ambari-web/app/views/main/admin/stack_upgrade/upgrade_version_box_view.js b/ambari-web/app/views/main/admin/stack_upgrade/upgrade_version_box_view.js
index 0f60337..5edb75c 100644
--- a/ambari-web/app/views/main/admin/stack_upgrade/upgrade_version_box_view.js
+++ b/ambari-web/app/views/main/admin/stack_upgrade/upgrade_version_box_view.js
@@ -159,12 +159,12 @@ App.UpgradeVersionBoxView = Em.View.extend({
     }
     else if (status === 'INIT') {
       element.setProperties(statePropertiesMap[status]);
-      element.set('isDisabled', !App.isAccessible('ADMIN') || this.get('controller.requestInProgress') || isInstalling);
+      element.set('isDisabled', this.get('controller.requestInProgress') || isInstalling);
     }
     else if ((status === 'INSTALLED' && !this.get('isUpgrading')) ||
              (['INSTALL_FAILED', 'OUT_OF_SYNC'].contains(status))) {
       if (stringUtils.compareVersions(this.get('content.repositoryVersion'), Em.get(currentVersion, 'repository_version')) === 1) {
-        var isDisabled = !App.isAccessible('ADMIN') || this.get('controller.requestInProgress') || isInstalling;
+        var isDisabled = !App.isAuthorized('CLUSTER.UPGRADE_DOWNGRADE_STACK') || this.get('controller.requestInProgress') || isInstalling;
         element.set('isButtonGroup', true);
         if (status === 'OUT_OF_SYNC') {
           element.set('text', Em.I18n.t('admin.stackVersions.version.reinstall'));


Mime
View raw message