ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rle...@apache.org
Subject [2/3] ambari git commit: AMBARI-14141. Enforce granular role-based access control for alert functions (rlevas)
Date Thu, 17 Dec 2015 17:41:24 GMT
http://git-wip-us.apache.org/repos/asf/ambari/blob/66e1595c/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql
index f1fb358..32fd2a6 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql
@@ -1060,7 +1060,7 @@ INSERT INTO roleauthorization(authorization_id, authorization_name)
   SELECT 'SERVICE.VIEW_STATUS_INFO', 'View status information' UNION ALL
   SELECT 'SERVICE.VIEW_CONFIGS', 'View configurations' UNION ALL
   SELECT 'SERVICE.COMPARE_CONFIGS', 'Compare configurations' UNION ALL
-  SELECT 'SERVICE.VIEW_ALERTS', 'View service alerts' UNION ALL
+  SELECT 'SERVICE.VIEW_ALERTS', 'View service-level alerts' UNION ALL
   SELECT 'SERVICE.START_STOP', 'Start/Stop/Restart Service' UNION ALL
   SELECT 'SERVICE.DECOMMISSION_RECOMMISSION', 'Decommission/recommission' UNION ALL
   SELECT 'SERVICE.RUN_SERVICE_CHECK', 'Run service checks' UNION ALL
@@ -1068,9 +1068,10 @@ INSERT INTO roleauthorization(authorization_id, authorization_name)
   SELECT 'SERVICE.RUN_CUSTOM_COMMAND', 'Perform service-specific tasks' UNION ALL
   SELECT 'SERVICE.MODIFY_CONFIGS', 'Modify configurations' UNION ALL
   SELECT 'SERVICE.MANAGE_CONFIG_GROUPS', 'Manage configuration groups' UNION ALL
+  SELECT 'SERVICE.MANAGE_ALERTS', 'Manage service-level alerts' UNION ALL
   SELECT 'SERVICE.MOVE', 'Move to another host' UNION ALL
   SELECT 'SERVICE.ENABLE_HA', 'Enable HA' UNION ALL
-  SELECT 'SERVICE.TOGGLE_ALERTS', 'Enable/disable service alerts' UNION ALL
+  SELECT 'SERVICE.TOGGLE_ALERTS', 'Enable/disable service-level alerts' UNION ALL
   SELECT 'SERVICE.ADD_DELETE_SERVICES', 'Add Service to cluster' UNION ALL
   SELECT 'HOST.VIEW_METRICS', 'View metrics' UNION ALL
   SELECT 'HOST.VIEW_STATUS_INFO', 'View status information' UNION ALL
@@ -1082,11 +1083,12 @@ INSERT INTO roleauthorization(authorization_id, authorization_name)
   SELECT 'CLUSTER.VIEW_STATUS_INFO', 'View status information' UNION ALL
   SELECT 'CLUSTER.VIEW_CONFIGS', 'View configuration' UNION ALL
   SELECT 'CLUSTER.VIEW_STACK_DETAILS', 'View stack version details' UNION ALL
-  SELECT 'CLUSTER.VIEW_ALERTS', 'View alerts' UNION ALL
+  SELECT 'CLUSTER.VIEW_ALERTS', 'View cluster-level alerts' UNION ALL
   SELECT 'CLUSTER.MANAGE_CREDENTIALS', 'Manage external credentials' UNION ALL
   SELECT 'CLUSTER.MODIFY_CONFIGS', 'Modify cluster configurations' UNION ALL
   SELECT 'CLUSTER.MANAGE_CONFIG_GROUPS', 'Manage cluster config groups' UNION ALL
-  SELECT 'CLUSTER.TOGGLE_ALERTS', 'Enable/disable alerts' UNION ALL
+  SELECT 'CLUSTER.MANAGE_ALERTS', 'Manage cluster-level alerts' UNION ALL
+  SELECT 'CLUSTER.TOGGLE_ALERTS', 'Enable/disable cluster-level alerts' UNION ALL
   SELECT 'CLUSTER.TOGGLE_KERBEROS', 'Enable/disable Kerberos' UNION ALL
   SELECT 'CLUSTER.UPGRADE_DOWNGRADE_STACK', 'Upgrade/downgrade stack' UNION ALL
   SELECT 'AMBARI.ADD_DELETE_CLUSTERS', 'Create new clusters' UNION ALL
@@ -1154,6 +1156,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id)
   SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+  SELECT permission_id, 'SERVICE.MANAGE_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
@@ -1181,6 +1184,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id)
   SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
   SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
   SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+  SELECT permission_id, 'SERVICE.MANAGE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
   SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
   SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
   SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
@@ -1211,6 +1215,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id)
   SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+  SELECT permission_id, 'SERVICE.MANAGE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
@@ -1228,6 +1233,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id)
   SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'CLUSTER.MANAGE_CREDENTIALS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'CLUSTER.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+  SELECT permission_id, 'CLUSTER.MANAGE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
@@ -1248,6 +1254,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id)
   SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+  SELECT permission_id, 'SERVICE.MANAGE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
@@ -1266,6 +1273,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id)
   SELECT permission_id, 'CLUSTER.MANAGE_CREDENTIALS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'CLUSTER.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+  SELECT permission_id, 'CLUSTER.MANAGE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL

http://git-wip-us.apache.org/repos/asf/ambari/blob/66e1595c/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql
index 1d9cc71..7894c43 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql
@@ -1158,7 +1158,7 @@ INSERT INTO ambari.roleauthorization(authorization_id, authorization_name)
   SELECT 'SERVICE.VIEW_STATUS_INFO', 'View status information' UNION ALL
   SELECT 'SERVICE.VIEW_CONFIGS', 'View configurations' UNION ALL
   SELECT 'SERVICE.COMPARE_CONFIGS', 'Compare configurations' UNION ALL
-  SELECT 'SERVICE.VIEW_ALERTS', 'View service alerts' UNION ALL
+  SELECT 'SERVICE.VIEW_ALERTS', 'View service-level alerts' UNION ALL
   SELECT 'SERVICE.START_STOP', 'Start/Stop/Restart Service' UNION ALL
   SELECT 'SERVICE.DECOMMISSION_RECOMMISSION', 'Decommission/recommission' UNION ALL
   SELECT 'SERVICE.RUN_SERVICE_CHECK', 'Run service checks' UNION ALL
@@ -1166,9 +1166,10 @@ INSERT INTO ambari.roleauthorization(authorization_id, authorization_name)
   SELECT 'SERVICE.RUN_CUSTOM_COMMAND', 'Perform service-specific tasks' UNION ALL
   SELECT 'SERVICE.MODIFY_CONFIGS', 'Modify configurations' UNION ALL
   SELECT 'SERVICE.MANAGE_CONFIG_GROUPS', 'Manage configuration groups' UNION ALL
+  SELECT 'SERVICE.MANAGE_ALERTS', 'Manage service-level alerts' UNION ALL
   SELECT 'SERVICE.MOVE', 'Move to another host' UNION ALL
   SELECT 'SERVICE.ENABLE_HA', 'Enable HA' UNION ALL
-  SELECT 'SERVICE.TOGGLE_ALERTS', 'Enable/disable service alerts' UNION ALL
+  SELECT 'SERVICE.TOGGLE_ALERTS', 'Enable/disable service-level alerts' UNION ALL
   SELECT 'SERVICE.ADD_DELETE_SERVICES', 'Add Service to cluster' UNION ALL
   SELECT 'HOST.VIEW_METRICS', 'View metrics' UNION ALL
   SELECT 'HOST.VIEW_STATUS_INFO', 'View status information' UNION ALL
@@ -1180,11 +1181,12 @@ INSERT INTO ambari.roleauthorization(authorization_id, authorization_name)
   SELECT 'CLUSTER.VIEW_STATUS_INFO', 'View status information' UNION ALL
   SELECT 'CLUSTER.VIEW_CONFIGS', 'View configuration' UNION ALL
   SELECT 'CLUSTER.VIEW_STACK_DETAILS', 'View stack version details' UNION ALL
-  SELECT 'CLUSTER.VIEW_ALERTS', 'View alerts' UNION ALL
+  SELECT 'CLUSTER.VIEW_ALERTS', 'View cluster-level alerts' UNION ALL
   SELECT 'CLUSTER.MANAGE_CREDENTIALS', 'Manage external credentials' UNION ALL
   SELECT 'CLUSTER.MODIFY_CONFIGS', 'Modify cluster configurations' UNION ALL
+  SELECT 'CLUSTER.MANAGE_ALERTS', 'Manage cluster-level alerts' UNION ALL
+  SELECT 'CLUSTER.TOGGLE_ALERTS', 'Enable/disable cluster-level alerts' UNION ALL
   SELECT 'CLUSTER.MANAGE_CONFIG_GROUPS', 'Manage cluster config groups' UNION ALL
-  SELECT 'CLUSTER.TOGGLE_ALERTS', 'Enable/disable alerts' UNION ALL
   SELECT 'CLUSTER.TOGGLE_KERBEROS', 'Enable/disable Kerberos' UNION ALL
   SELECT 'CLUSTER.UPGRADE_DOWNGRADE_STACK', 'Upgrade/downgrade stack' UNION ALL
   SELECT 'AMBARI.ADD_DELETE_CLUSTERS', 'Create new clusters' UNION ALL
@@ -1252,6 +1254,7 @@ INSERT INTO ambari.permission_roleauthorization(permission_id, authorization_id)
   SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+  SELECT permission_id, 'SERVICE.MANAGE_ALERTS' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'SERVICE.MOVE' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'SERVICE.ENABLE_HA' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM ambari.adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
@@ -1279,6 +1282,7 @@ INSERT INTO ambari.permission_roleauthorization(permission_id, authorization_id)
   SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
   SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
   SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+  SELECT permission_id, 'SERVICE.MANAGE_ALERTS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
   SELECT permission_id, 'SERVICE.MOVE' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
   SELECT permission_id, 'SERVICE.ENABLE_HA' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
   SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
@@ -1309,6 +1313,7 @@ INSERT INTO ambari.permission_roleauthorization(permission_id, authorization_id)
   SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+  SELECT permission_id, 'SERVICE.MANAGE_ALERTS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'SERVICE.MOVE' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'SERVICE.ENABLE_HA' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
@@ -1327,6 +1332,7 @@ INSERT INTO ambari.permission_roleauthorization(permission_id, authorization_id)
   SELECT permission_id, 'CLUSTER.MANAGE_CREDENTIALS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'CLUSTER.MODIFY_CONFIGS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+  SELECT permission_id, 'CLUSTER.MANAGE_ALERTS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM ambari.adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR';
@@ -1346,6 +1352,7 @@ INSERT INTO ambari.permission_roleauthorization(permission_id, authorization_id)
   SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+  SELECT permission_id, 'SERVICE.MANAGE_ALERTS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'SERVICE.MOVE' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'SERVICE.ENABLE_HA' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
@@ -1363,6 +1370,7 @@ INSERT INTO ambari.permission_roleauthorization(permission_id, authorization_id)
   SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'CLUSTER.MANAGE_CREDENTIALS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'CLUSTER.MODIFY_CONFIGS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+  SELECT permission_id, 'CLUSTER.MANAGE_ALERTS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL

http://git-wip-us.apache.org/repos/asf/ambari/blob/66e1595c/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql
index 55846c0..6df1569 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql
@@ -1012,7 +1012,7 @@ insert into adminpermission(permission_id, permission_name, resource_type_id, pe
     SELECT 'SERVICE.VIEW_STATUS_INFO', 'View status information' UNION ALL
     SELECT 'SERVICE.VIEW_CONFIGS', 'View configurations' UNION ALL
     SELECT 'SERVICE.COMPARE_CONFIGS', 'Compare configurations' UNION ALL
-    SELECT 'SERVICE.VIEW_ALERTS', 'View service alerts' UNION ALL
+    SELECT 'SERVICE.VIEW_ALERTS', 'View service-level alerts' UNION ALL
     SELECT 'SERVICE.START_STOP', 'Start/Stop/Restart Service' UNION ALL
     SELECT 'SERVICE.DECOMMISSION_RECOMMISSION', 'Decommission/recommission' UNION ALL
     SELECT 'SERVICE.RUN_SERVICE_CHECK', 'Run service checks' UNION ALL
@@ -1020,9 +1020,10 @@ insert into adminpermission(permission_id, permission_name, resource_type_id, pe
     SELECT 'SERVICE.RUN_CUSTOM_COMMAND', 'Perform service-specific tasks' UNION ALL
     SELECT 'SERVICE.MODIFY_CONFIGS', 'Modify configurations' UNION ALL
     SELECT 'SERVICE.MANAGE_CONFIG_GROUPS', 'Manage configuration groups' UNION ALL
+    SELECT 'SERVICE.MANAGE_ALERTS', 'Manage service-level alerts' UNION ALL
     SELECT 'SERVICE.MOVE', 'Move to another host' UNION ALL
     SELECT 'SERVICE.ENABLE_HA', 'Enable HA' UNION ALL
-    SELECT 'SERVICE.TOGGLE_ALERTS', 'Enable/disable service alerts' UNION ALL
+    SELECT 'SERVICE.TOGGLE_ALERTS', 'Enable/disable service-level alerts' UNION ALL
     SELECT 'SERVICE.ADD_DELETE_SERVICES', 'Add Service to cluster' UNION ALL
     SELECT 'HOST.VIEW_METRICS', 'View metrics' UNION ALL
     SELECT 'HOST.VIEW_STATUS_INFO', 'View status information' UNION ALL
@@ -1034,11 +1035,12 @@ insert into adminpermission(permission_id, permission_name, resource_type_id, pe
     SELECT 'CLUSTER.VIEW_STATUS_INFO', 'View status information' UNION ALL
     SELECT 'CLUSTER.VIEW_CONFIGS', 'View configuration' UNION ALL
     SELECT 'CLUSTER.VIEW_STACK_DETAILS', 'View stack version details' UNION ALL
-    SELECT 'CLUSTER.VIEW_ALERTS', 'View alerts' UNION ALL
+    SELECT 'CLUSTER.VIEW_ALERTS', 'View cluster-level alerts' UNION ALL
     SELECT 'CLUSTER.MANAGE_CREDENTIALS', 'Manage external credentials' UNION ALL
     SELECT 'CLUSTER.MODIFY_CONFIGS', 'Modify cluster configurations' UNION ALL
+    SELECT 'CLUSTER.MANAGE_ALERTS', 'Manage cluster-level alerts' UNION ALL
+    SELECT 'CLUSTER.TOGGLE_ALERTS', 'Enable/disable cluster-level alerts' UNION ALL
     SELECT 'CLUSTER.MANAGE_CONFIG_GROUPS', 'Manage cluster config groups' UNION ALL
-    SELECT 'CLUSTER.TOGGLE_ALERTS', 'Enable/disable alerts' UNION ALL
     SELECT 'CLUSTER.TOGGLE_KERBEROS', 'Enable/disable Kerberos' UNION ALL
     SELECT 'CLUSTER.UPGRADE_DOWNGRADE_STACK', 'Upgrade/downgrade stack' UNION ALL
     SELECT 'AMBARI.ADD_DELETE_CLUSTERS', 'Create new clusters' UNION ALL
@@ -1106,6 +1108,7 @@ insert into adminpermission(permission_id, permission_name, resource_type_id, pe
     SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+    SELECT permission_id, 'SERVICE.MANAGE_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
@@ -1133,6 +1136,7 @@ insert into adminpermission(permission_id, permission_name, resource_type_id, pe
     SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
     SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
     SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+    SELECT permission_id, 'SERVICE.MANAGE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
     SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
     SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
     SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
@@ -1163,6 +1167,7 @@ insert into adminpermission(permission_id, permission_name, resource_type_id, pe
     SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+    SELECT permission_id, 'SERVICE.MANAGE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
@@ -1180,6 +1185,7 @@ insert into adminpermission(permission_id, permission_name, resource_type_id, pe
     SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'CLUSTER.MANAGE_CREDENTIALS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'CLUSTER.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+    SELECT permission_id, 'CLUSTER.MANAGE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
@@ -1200,6 +1206,7 @@ insert into adminpermission(permission_id, permission_name, resource_type_id, pe
     SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+    SELECT permission_id, 'SERVICE.MANAGE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
@@ -1217,6 +1224,7 @@ insert into adminpermission(permission_id, permission_name, resource_type_id, pe
     SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'CLUSTER.MANAGE_CREDENTIALS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'CLUSTER.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+    SELECT permission_id, 'CLUSTER.MANAGE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL

http://git-wip-us.apache.org/repos/asf/ambari/blob/66e1595c/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql
index 9f289bc..83b2a7e 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql
@@ -1121,17 +1121,18 @@ BEGIN TRANSACTION
     SELECT 'SERVICE.VIEW_STATUS_INFO', 'View status information' UNION ALL
     SELECT 'SERVICE.VIEW_CONFIGS', 'View configurations' UNION ALL
     SELECT 'SERVICE.COMPARE_CONFIGS', 'Compare configurations' UNION ALL
-    SELECT 'SERVICE.VIEW_ALERTS', 'View service alerts' UNION ALL
+    SELECT 'SERVICE.VIEW_ALERTS', 'View service-level alerts' UNION ALL
     SELECT 'SERVICE.START_STOP', 'Start/Stop/Restart Service' UNION ALL
     SELECT 'SERVICE.DECOMMISSION_RECOMMISSION', 'Decommission/recommission' UNION ALL
     SELECT 'SERVICE.RUN_SERVICE_CHECK', 'Run service checks' UNION ALL
     SELECT 'SERVICE.TOGGLE_MAINTENANCE', 'Turn on/off maintenance mode' UNION ALL
     SELECT 'SERVICE.RUN_CUSTOM_COMMAND', 'Perform service-specific tasks' UNION ALL
     SELECT 'SERVICE.MODIFY_CONFIGS', 'Modify configurations' UNION ALL
+    SELECT 'SERVICE.MANAGE_ALERTS', 'Manage service-level alerts' UNION ALL
     SELECT 'SERVICE.MANAGE_CONFIG_GROUPS', 'Manage configuration groups' UNION ALL
     SELECT 'SERVICE.MOVE', 'Move service to another host' UNION ALL
     SELECT 'SERVICE.ENABLE_HA', 'Enable HA' UNION ALL
-    SELECT 'SERVICE.TOGGLE_ALERTS', 'Enable/disable service alerts' UNION ALL
+    SELECT 'SERVICE.TOGGLE_ALERTS', 'Enable/disable service-level alerts' UNION ALL
     SELECT 'SERVICE.ADD_DELETE_SERVICES', 'Add Service to cluster' UNION ALL
     SELECT 'HOST.VIEW_METRICS', 'View metrics' UNION ALL
     SELECT 'HOST.VIEW_STATUS_INFO', 'View status information' UNION ALL
@@ -1143,11 +1144,12 @@ BEGIN TRANSACTION
     SELECT 'CLUSTER.VIEW_STATUS_INFO', 'View status information' UNION ALL
     SELECT 'CLUSTER.VIEW_CONFIGS', 'View configuration' UNION ALL
     SELECT 'CLUSTER.VIEW_STACK_DETAILS', 'View stack version details' UNION ALL
-    SELECT 'CLUSTER.VIEW_ALERTS', 'View alerts' UNION ALL
+    SELECT 'CLUSTER.VIEW_ALERTS', 'View cluster-level alerts' UNION ALL
     SELECT 'CLUSTER.MANAGE_CREDENTIALS', 'Manage external credentials' UNION ALL
     SELECT 'CLUSTER.MODIFY_CONFIGS', 'Modify cluster configurations' UNION ALL
+    SELECT 'CLUSTER.MANAGE_ALERTS', 'Manage cluster-level alerts' UNION ALL
+    SELECT 'CLUSTER.TOGGLE_ALERTS', 'Enable/disable cluster-level alerts' UNION ALL
     SELECT 'CLUSTER.MANAGE_CONFIG_GROUPS', 'Manage cluster config groups' UNION ALL
-    SELECT 'CLUSTER.TOGGLE_ALERTS', 'Enable/disable alerts' UNION ALL
     SELECT 'CLUSTER.TOGGLE_KERBEROS', 'Enable/disable Kerberos' UNION ALL
     SELECT 'CLUSTER.UPGRADE_DOWNGRADE_STACK', 'Upgrade/downgrade stack' UNION ALL
     SELECT 'AMBARI.ADD_DELETE_CLUSTERS', 'Create new clusters' UNION ALL
@@ -1215,6 +1217,7 @@ BEGIN TRANSACTION
     SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
+    SELECT permission_id, 'SERVICE.MANAGE_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='SERVICE.ADMINISTRATOR' UNION ALL
@@ -1242,6 +1245,7 @@ BEGIN TRANSACTION
     SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
     SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
     SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
+    SELECT permission_id, 'SERVICE.MANAGE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
     SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
     SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
     SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.OPERATOR' UNION ALL
@@ -1272,6 +1276,7 @@ BEGIN TRANSACTION
     SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+    SELECT permission_id, 'SERVICE.MANAGE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
@@ -1289,6 +1294,7 @@ BEGIN TRANSACTION
     SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'CLUSTER.MANAGE_CREDENTIALS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'CLUSTER.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
+    SELECT permission_id, 'CLUSTER.MANAGE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='CLUSTER.ADMINISTRATOR' UNION ALL
@@ -1309,6 +1315,7 @@ BEGIN TRANSACTION
     SELECT permission_id, 'SERVICE.RUN_CUSTOM_COMMAND' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'SERVICE.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'SERVICE.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+    SELECT permission_id, 'SERVICE.MANAGE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'SERVICE.MOVE' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'SERVICE.ENABLE_HA' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'SERVICE.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
@@ -1326,6 +1333,7 @@ BEGIN TRANSACTION
     SELECT permission_id, 'CLUSTER.VIEW_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'CLUSTER.MANAGE_CREDENTIALS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'CLUSTER.MODIFY_CONFIGS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+    SELECT permission_id, 'CLUSTER.MANAGE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'CLUSTER.MANAGE_CONFIG_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
     SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL

http://git-wip-us.apache.org/repos/asf/ambari/blob/66e1595c/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AlertDefinitionResourceProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AlertDefinitionResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AlertDefinitionResourceProviderTest.java
index e589537..d44b7c8 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AlertDefinitionResourceProviderTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AlertDefinitionResourceProviderTest.java
@@ -50,6 +50,10 @@ import org.apache.ambari.server.metadata.ActionMetadata;
 import org.apache.ambari.server.orm.InMemoryDefaultTestModule;
 import org.apache.ambari.server.orm.dao.AlertDefinitionDAO;
 import org.apache.ambari.server.orm.entities.AlertDefinitionEntity;
+import org.apache.ambari.server.orm.entities.ClusterEntity;
+import org.apache.ambari.server.orm.entities.ResourceEntity;
+import org.apache.ambari.server.security.TestAuthenticationFactory;
+import org.apache.ambari.server.security.authorization.AuthorizationException;
 import org.apache.ambari.server.state.Cluster;
 import org.apache.ambari.server.state.Clusters;
 import org.apache.ambari.server.state.alert.AlertDefinition;
@@ -61,6 +65,7 @@ import org.apache.ambari.server.state.alert.Source;
 import org.apache.ambari.server.state.alert.SourceType;
 import org.easymock.Capture;
 import org.easymock.EasyMock;
+import org.junit.After;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Test;
@@ -71,6 +76,8 @@ import com.google.inject.Guice;
 import com.google.inject.Injector;
 import com.google.inject.Module;
 import com.google.inject.util.Modules;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
 
 /**
  * AlertDefinition tests
@@ -95,6 +102,11 @@ public class AlertDefinitionResourceProviderTest {
     m_injector.injectMembers(m_factory);
   }
 
+  @After
+  public void clearAuthentication() {
+    SecurityContextHolder.getContext().setAuthentication(null);
+  }
+
   /**
    * @throws Exception
    */
@@ -110,11 +122,35 @@ public class AlertDefinitionResourceProviderTest {
     assertEquals(0, results.size());
   }
 
+  @Test
+  public void testGetResourcesClusterPredicateAsAdministrator() throws Exception {
+    testGetResourcesClusterPredicate(TestAuthenticationFactory.createAdministrator(), true);
+  }
+
+  @Test
+  public void testGetResourcesClusterPredicateAsClusterAdministrator() throws Exception {
+    testGetResourcesClusterPredicate(TestAuthenticationFactory.createClusterAdministrator(), true);
+  }
+
+  @Test
+  public void testGetResourcesClusterPredicateAsServiceAdministrator() throws Exception {
+    testGetResourcesClusterPredicate(TestAuthenticationFactory.createServiceAdministrator(), true);
+  }
+
+  @Test
+  public void testGetResourcesClusterPredicateAsClusterUser() throws Exception {
+    testGetResourcesClusterPredicate(TestAuthenticationFactory.createClusterUser(), true);
+  }
+
+  @Test
+  public void testGetResourcesClusterPredicateAsViewUser() throws Exception {
+    testGetResourcesClusterPredicate(TestAuthenticationFactory.createViewUser(99L), false);
+  }
+
   /**
    * @throws Exception
    */
-  @Test
-  public void testGetResourcesClusterPredicate() throws Exception {
+  private void testGetResourcesClusterPredicate(Authentication authentication, boolean expectResults) throws Exception {
     Request request = PropertyHelper.getReadRequest(
         AlertDefinitionResourceProvider.ALERT_DEF_CLUSTER_NAME,
         AlertDefinitionResourceProvider.ALERT_DEF_ID,
@@ -126,7 +162,8 @@ public class AlertDefinitionResourceProviderTest {
     Cluster cluster = createMock(Cluster.class);
     expect(amc.getClusters()).andReturn(clusters).atLeastOnce();
     expect(clusters.getCluster((String) anyObject())).andReturn(cluster).atLeastOnce();
-    expect(cluster.getClusterId()).andReturn(Long.valueOf(1)).anyTimes();
+    expect(cluster.getClusterId()).andReturn(1L).anyTimes();
+    expect(cluster.getResourceId()).andReturn(4L).anyTimes();
 
     Predicate predicate = new PredicateBuilder().property(
         AlertDefinitionResourceProvider.ALERT_DEF_CLUSTER_NAME).equals("c1").toPredicate();
@@ -135,26 +172,54 @@ public class AlertDefinitionResourceProviderTest {
 
     replay(amc, clusters, cluster, dao);
 
+    SecurityContextHolder.getContext().setAuthentication(authentication);
+
     AlertDefinitionResourceProvider provider = createProvider(amc);
     Set<Resource> results = provider.getResources(request, predicate);
 
-    assertEquals(1, results.size());
+    assertEquals(expectResults ? 1 : 0, results.size());
 
-    Resource r = results.iterator().next();
+    if(expectResults) {
+      Resource r = results.iterator().next();
 
-    Assert.assertEquals("my_def", r.getPropertyValue(AlertDefinitionResourceProvider.ALERT_DEF_NAME));
+      Assert.assertEquals("my_def", r.getPropertyValue(AlertDefinitionResourceProvider.ALERT_DEF_NAME));
 
-    Assert.assertEquals("Mock Label",
-        r.getPropertyValue(AlertDefinitionResourceProvider.ALERT_DEF_LABEL));
+      Assert.assertEquals("Mock Label",
+          r.getPropertyValue(AlertDefinitionResourceProvider.ALERT_DEF_LABEL));
+    }
 
     verify(amc, clusters, cluster, dao);
   }
 
+  @Test
+  public void testGetSingleResourceAsAdministrator() throws Exception {
+    testGetSingleResource(TestAuthenticationFactory.createAdministrator());
+  }
+
+  @Test
+  public void testGetSingleResourceAsClusterAdministrator() throws Exception {
+    testGetSingleResource(TestAuthenticationFactory.createClusterAdministrator());
+  }
+
+  @Test
+  public void testGetSingleResourceAsServiceAdministrator() throws Exception {
+    testGetSingleResource(TestAuthenticationFactory.createServiceAdministrator());
+  }
+
+  @Test
+  public void testGetSingleResourceAsClusterUser() throws Exception {
+    testGetSingleResource(TestAuthenticationFactory.createClusterUser());
+  }
+
+  @Test(expected = AuthorizationException.class)
+  public void testGetSingleResourceAsViewUser() throws Exception {
+    testGetSingleResource(TestAuthenticationFactory.createViewUser(99L));
+  }
+
   /**
    * @throws Exception
    */
-  @Test
-  public void testGetSingleResource() throws Exception {
+  private void testGetSingleResource(Authentication authentication) throws Exception {
     Request request = PropertyHelper.getReadRequest(
         AlertDefinitionResourceProvider.ALERT_DEF_CLUSTER_NAME,
         AlertDefinitionResourceProvider.ALERT_DEF_ID,
@@ -180,6 +245,8 @@ public class AlertDefinitionResourceProviderTest {
 
     replay(amc, clusters, cluster, dao);
 
+    SecurityContextHolder.getContext().setAuthentication(authentication);
+
     AlertDefinitionResourceProvider provider = createProvider(amc);
     Set<Resource> results = provider.getResources(request, predicate);
 
@@ -213,14 +280,38 @@ public class AlertDefinitionResourceProviderTest {
     Assert.assertNotNull(r.getPropertyValue("AlertDefinition/source/type"));
   }
 
-  /**
+  @Test
+  public void testGetResourcesAssertSourceTypeAsAdministrator() throws Exception {
+    testGetResourcesAssertSourceType(TestAuthenticationFactory.createAdministrator(), true);
+  }
+
+  @Test
+  public void testGetResourcesAssertSourceTypeAsClusterAdministrator() throws Exception {
+    testGetResourcesAssertSourceType(TestAuthenticationFactory.createClusterAdministrator(), true);
+  }
+
+  @Test
+  public void testGetResourcesAssertSourceTypeAsServiceAdministrator() throws Exception {
+    testGetResourcesAssertSourceType(TestAuthenticationFactory.createServiceAdministrator(), true);
+  }
+
+  @Test
+  public void testGetResourcesAssertSourceTypeAsClusterUser() throws Exception {
+    testGetResourcesAssertSourceType(TestAuthenticationFactory.createClusterUser(), true);
+  }
+
+  @Test
+  public void testGetResourcesAssertSourceTypeAsViewUser() throws Exception {
+    testGetResourcesAssertSourceType(TestAuthenticationFactory.createViewUser(99L), false);
+  }
+
+/**
    * Tests that the source structure returned has the entire set of
    * subproperties on it (such as reporting)
    *
    * @throws Exception
    */
-  @Test
-  public void testGetResourcesAssertSourceType() throws Exception {
+  private void testGetResourcesAssertSourceType(Authentication authentication, boolean expectResults) throws Exception {
     Request request = PropertyHelper.getReadRequest(
         AlertDefinitionResourceProvider.ALERT_DEF_CLUSTER_NAME,
         AlertDefinitionResourceProvider.ALERT_DEF_ID,
@@ -234,7 +325,8 @@ public class AlertDefinitionResourceProviderTest {
     Cluster cluster = createMock(Cluster.class);
     expect(amc.getClusters()).andReturn(clusters).atLeastOnce();
     expect(clusters.getCluster((String) anyObject())).andReturn(cluster).atLeastOnce();
-    expect(cluster.getClusterId()).andReturn(Long.valueOf(1)).anyTimes();
+    expect(cluster.getClusterId()).andReturn(1L).anyTimes();
+    expect(cluster.getResourceId()).andReturn(4L).anyTimes();
 
     Predicate predicate = new PredicateBuilder().property(
         AlertDefinitionResourceProvider.ALERT_DEF_CLUSTER_NAME).equals("c1").toPredicate();
@@ -243,20 +335,24 @@ public class AlertDefinitionResourceProviderTest {
 
     replay(amc, clusters, cluster, dao);
 
+    SecurityContextHolder.getContext().setAuthentication(authentication);
+
     AlertDefinitionResourceProvider provider = createProvider(amc);
     Set<Resource> results = provider.getResources(request, predicate);
 
-    assertEquals(1, results.size());
+    assertEquals(expectResults ? 1 : 0, results.size());
 
-    Resource resource = results.iterator().next();
+    if(expectResults) {
+      Resource resource = results.iterator().next();
 
-    Assert.assertEquals("my_def",
-        resource.getPropertyValue(AlertDefinitionResourceProvider.ALERT_DEF_NAME));
+      Assert.assertEquals("my_def",
+          resource.getPropertyValue(AlertDefinitionResourceProvider.ALERT_DEF_NAME));
 
-    Map<String, String> reporting = (Map<String, String>) resource.getPropertyValue("AlertDefinition/source/reporting");
+      Map<String, String> reporting = (Map<String, String>) resource.getPropertyValue("AlertDefinition/source/reporting");
 
-    Assert.assertTrue(reporting.containsKey("ok"));
-    Assert.assertTrue(reporting.containsKey("critical"));
+      Assert.assertTrue(reporting.containsKey("ok"));
+      Assert.assertTrue(reporting.containsKey("critical"));
+    }
 
     verify(amc, clusters, cluster, dao);
 
@@ -268,22 +364,49 @@ public class AlertDefinitionResourceProviderTest {
         AlertDefinitionResourceProvider.ALERT_DEF_NAME);
 
     results = provider.getResources(request, predicate);
-    resource = results.iterator().next();
 
-    Assert.assertEquals(
-        "my_def",
-        resource.getPropertyValue(AlertDefinitionResourceProvider.ALERT_DEF_NAME));
+    if(!results.isEmpty()) {
+      Resource resource = results.iterator().next();
+
+      Assert.assertEquals(
+          "my_def",
+          resource.getPropertyValue(AlertDefinitionResourceProvider.ALERT_DEF_NAME));
+
+      Map<String, String> reporting = (Map<String, String>) resource.getPropertyValue("AlertDefinition/source/reporting");
+
+      Assert.assertNull(reporting);
+    }
+  }
+
+  @Test
+  public void testCreateResourcesAsAdministrator() throws Exception {
+    testCreateResources(TestAuthenticationFactory.createAdministrator());
+  }
+
+  @Test(expected = AuthorizationException.class)
+  public void testCreateResourcesAsClusterAdministrator() throws Exception {
+    testCreateResources(TestAuthenticationFactory.createClusterAdministrator());
+  }
+
+  @Test(expected = AuthorizationException.class)
+  public void testCreateResourcesAsServiceAdministrator() throws Exception {
+    testCreateResources(TestAuthenticationFactory.createServiceAdministrator());
+  }
 
-    reporting = (Map<String, String>) resource.getPropertyValue("AlertDefinition/source/reporting");
+  @Test(expected = AuthorizationException.class)
+  public void testCreateResourcesAsClusterUser() throws Exception {
+    testCreateResources(TestAuthenticationFactory.createClusterUser());
+  }
 
-    Assert.assertNull(reporting);
+  @Test(expected = AuthorizationException.class)
+  public void testCreateResourcesAsViewUser() throws Exception {
+    testCreateResources(TestAuthenticationFactory.createViewUser(99L));
   }
 
   /**
    * @throws Exception
    */
-  @Test
-  public void testCreateResources() throws Exception {
+  public void testCreateResources(Authentication authentication) throws Exception {
     AmbariManagementController amc = createMock(AmbariManagementController.class);
     Clusters clusters = createMock(Clusters.class);
     Cluster cluster = createMock(Cluster.class);
@@ -302,6 +425,8 @@ public class AlertDefinitionResourceProviderTest {
 
     replay(amc, clusters, cluster, dao, definitionHash);
 
+    SecurityContextHolder.getContext().setAuthentication(authentication);
+
     Gson gson = m_factory.getGson();
     MetricSource source = (MetricSource)getMockSource();
     AlertDefinitionResourceProvider provider = createProvider(amc);
@@ -402,11 +527,36 @@ public class AlertDefinitionResourceProviderTest {
     verify(amc, clusters, cluster, dao);
   }
 
+  @Test
+  public void testUpdateResourcesAsAdministrator() throws Exception {
+    testUpdateResources(TestAuthenticationFactory.createAdministrator());
+  }
+
+  @Test(expected = AuthorizationException.class)
+  public void testUpdateResourcesAsClusterAdministrator() throws Exception {
+    testUpdateResources(TestAuthenticationFactory.createClusterAdministrator());
+  }
+
+  @Test(expected = AuthorizationException.class)
+  public void testUpdateResourcesAsServiceAdministrator() throws Exception {
+    testUpdateResources(TestAuthenticationFactory.createServiceAdministrator());
+  }
+
+  @Test(expected = AuthorizationException.class)
+  public void testUpdateResourcesAsClusterUser() throws Exception {
+    testUpdateResources(TestAuthenticationFactory.createClusterUser());
+  }
+
+  @Test(expected = AuthorizationException.class)
+  public void testUpdateResourcesAsViewUser() throws Exception {
+    testUpdateResources(TestAuthenticationFactory.createViewUser(99L));
+  }
+
+
   /**
    * @throws Exception
    */
-  @Test
-  public void testUpdateResources() throws Exception {
+  private void testUpdateResources(Authentication authentication) throws Exception {
     AmbariManagementController amc = createMock(AmbariManagementController.class);
     Clusters clusters = createMock(Clusters.class);
     Cluster cluster = createMock(Cluster.class);
@@ -425,6 +575,8 @@ public class AlertDefinitionResourceProviderTest {
 
     replay(amc, clusters, cluster, dao, definitionHash);
 
+    SecurityContextHolder.getContext().setAuthentication(authentication);
+
     MetricSource source = (MetricSource) getMockSource();
 
     Map<String, Object> requestProps = new HashMap<String, Object>();
@@ -557,6 +709,8 @@ public class AlertDefinitionResourceProviderTest {
 
     replay(amc, clusters, cluster, dao, definitionHash);
 
+    SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createAdministrator());
+
     MetricSource source = (MetricSource) getMockSource();
     Map<String, Object> requestProps = new HashMap<String, Object>();
     requestProps.put(AlertDefinitionResourceProvider.ALERT_DEF_CLUSTER_NAME, "c1");
@@ -592,11 +746,35 @@ public class AlertDefinitionResourceProviderTest {
     verify(amc, clusters, cluster, dao);
   }
 
+  @Test
+  public void testDeleteResourcesAsAdministrator() throws Exception {
+    testDeleteResources(TestAuthenticationFactory.createAdministrator());
+  }
+
+  @Test(expected = AuthorizationException.class)
+  public void testDeleteResourcesAsClusterAdministrator() throws Exception {
+    testDeleteResources(TestAuthenticationFactory.createClusterAdministrator());
+  }
+
+  @Test(expected = AuthorizationException.class)
+  public void testDeleteResourcesAsServiceAdministrator() throws Exception {
+    testDeleteResources(TestAuthenticationFactory.createServiceAdministrator());
+  }
+
+  @Test(expected = AuthorizationException.class)
+  public void testDeleteResourcesAsClusterUser() throws Exception {
+    testDeleteResources(TestAuthenticationFactory.createClusterUser());
+  }
+
+  @Test(expected = AuthorizationException.class)
+  public void testDeleteResourcesAsViewUser() throws Exception {
+    testDeleteResources(TestAuthenticationFactory.createViewUser(99L));
+  }
+
   /**
    * @throws Exception
    */
-  @Test
-  public void testDeleteResources() throws Exception {
+  public void testDeleteResources(Authentication authentication) throws Exception {
     AmbariManagementController amc = createMock(AmbariManagementController.class);
     Clusters clusters = createMock(Clusters.class);
     Cluster cluster = createMock(Cluster.class);
@@ -615,6 +793,8 @@ public class AlertDefinitionResourceProviderTest {
 
     replay(amc, clusters, cluster, dao, definitionHash);
 
+    SecurityContextHolder.getContext().setAuthentication(authentication);
+
     AlertDefinitionResourceProvider provider = createProvider(amc);
 
     Map<String, Object> requestProps = new HashMap<String, Object>();
@@ -667,6 +847,12 @@ public class AlertDefinitionResourceProviderTest {
     Source source = getMockSource();
     String sourceJson = new Gson().toJson(source);
 
+    ResourceEntity clusterResourceEntity = new ResourceEntity();
+    clusterResourceEntity.setId(4L);
+
+    ClusterEntity clusterEntity = new ClusterEntity();
+    clusterEntity.setResource(clusterResourceEntity);
+
     AlertDefinitionEntity entity = new AlertDefinitionEntity();
     entity.setClusterId(Long.valueOf(1L));
     entity.setComponentName(null);
@@ -680,6 +866,7 @@ public class AlertDefinitionResourceProviderTest {
     entity.setServiceName(null);
     entity.setSourceType(SourceType.METRIC);
     entity.setSource(sourceJson);
+    entity.setCluster(clusterEntity);
     return Arrays.asList(entity);
   }
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/66e1595c/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AlertGroupResourceProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AlertGroupResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AlertGroupResourceProviderTest.java
index a41eecf..eaf351d 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AlertGroupResourceProviderTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AlertGroupResourceProviderTest.java
@@ -54,6 +54,8 @@ import org.apache.ambari.server.orm.dao.AlertDispatchDAO;
 import org.apache.ambari.server.orm.entities.AlertDefinitionEntity;
 import org.apache.ambari.server.orm.entities.AlertGroupEntity;
 import org.apache.ambari.server.orm.entities.AlertTargetEntity;
+import org.apache.ambari.server.security.TestAuthenticationFactory;
+import org.apache.ambari.server.security.authorization.AuthorizationException;
 import org.apache.ambari.server.state.Cluster;
 import org.apache.ambari.server.state.Clusters;
 import org.apache.ambari.server.state.alert.AlertTarget;
@@ -61,6 +63,7 @@ import org.apache.ambari.server.state.alert.SourceType;
 import org.apache.ambari.server.state.alert.TargetType;
 import org.easymock.Capture;
 import org.easymock.EasyMock;
+import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 
@@ -69,6 +72,8 @@ import com.google.inject.Guice;
 import com.google.inject.Injector;
 import com.google.inject.Module;
 import com.google.inject.util.Modules;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
 
 /**
  * {@link AlertGroupResourceProvider} tests.
@@ -85,7 +90,7 @@ public class AlertGroupResourceProviderTest {
   private static final String ALERT_TARGET_DESC = "Admins and Others";
   private static final String ALERT_TARGET_TYPE = TargetType.EMAIL.name();
 
-  private static final Long ALERT_DEF_ID = Long.valueOf(10);
+  private static final Long ALERT_DEF_ID = 10L;
   private static final String ALERT_DEF_NAME = "Mock Definition";
   private static final String ALERT_DEF_LABEL = "Mock Label";
   private static final String ALERT_DEF_DESCRIPTION = "Mock Description";
@@ -115,31 +120,88 @@ public class AlertGroupResourceProviderTest {
 
     assertNotNull(m_injector);
 
-    expect(m_amc.getClusters()).andReturn(m_clusters).atLeastOnce();
-    expect(m_clusters.getCluster((String) anyObject())).andReturn(m_cluster).atLeastOnce();
-    expect(m_cluster.getClusterId()).andReturn(Long.valueOf(1)).anyTimes();
+    expect(m_amc.getClusters()).andReturn(m_clusters).anyTimes();
+    expect(m_clusters.getCluster((String) anyObject())).andReturn(m_cluster).anyTimes();
+    expect(m_clusters.getClusterById(1L)).andReturn(m_cluster).anyTimes();
+    expect(m_cluster.getClusterId()).andReturn(1L).anyTimes();
+    expect(m_cluster.getResourceId()).andReturn(4L).anyTimes();
+  }
+
+  @After
+  public void clearAuthentication() {
+    SecurityContextHolder.getContext().setAuthentication(null);
+  }
+
+  @Test
+  public void testGetResourcesNoPredicateAsAdministrator() throws Exception {
+    testGetResourcesNoPredicate(TestAuthenticationFactory.createAdministrator());
+  }
+
+  @Test
+  public void testGetResourcesNoPredicateAsClusterAdministrator() throws Exception {
+    testGetResourcesNoPredicate(TestAuthenticationFactory.createClusterAdministrator());
+  }
+
+  @Test
+  public void testGetResourcesNoPredicateAsServiceAdministrator() throws Exception {
+    testGetResourcesNoPredicate(TestAuthenticationFactory.createServiceAdministrator());
+  }
+
+  @Test
+  public void testGetResourcesNoPredicateAsClusterUser() throws Exception {
+    testGetResourcesNoPredicate(TestAuthenticationFactory.createClusterUser());
+  }
+
+  @Test
+  public void testGetResourcesNoPredicateAsViewUser() throws Exception {
+    testGetResourcesNoPredicate(TestAuthenticationFactory.createViewUser(99L));
   }
 
   /**
    * @throws Exception
    */
-  @Test
-  public void testGetResourcesNoPredicate() throws Exception {
-    AlertGroupResourceProvider provider = createProvider(null);
+  private void testGetResourcesNoPredicate(Authentication authentication) throws Exception {
+    AlertGroupResourceProvider provider = createProvider(m_amc);
 
     Request request = PropertyHelper.getReadRequest("AlertGroup/cluster_name",
         "AlertGroup/id");
 
+    SecurityContextHolder.getContext().setAuthentication(authentication);
+
     Set<Resource> results = provider.getResources(request, null);
 
     assertEquals(0, results.size());
   }
 
+  @Test
+  public void testGetResourcesClusterPredicateAsAdministrator() throws Exception {
+    testGetResourcesClusterPredicate(TestAuthenticationFactory.createAdministrator(), true);
+  }
+
+  @Test
+  public void testGetResourcesClusterPredicateAsClusterAdministrator() throws Exception {
+    testGetResourcesClusterPredicate(TestAuthenticationFactory.createClusterAdministrator(), true);
+  }
+
+  @Test
+  public void testGetResourcesClusterPredicateAsServiceAdministrator() throws Exception {
+    testGetResourcesClusterPredicate(TestAuthenticationFactory.createServiceAdministrator(), true);
+  }
+
+  @Test
+  public void testGetResourcesClusterPredicateAsClusterUser() throws Exception {
+    testGetResourcesClusterPredicate(TestAuthenticationFactory.createClusterUser(), true);
+  }
+
+  @Test
+  public void testGetResourcesClusterPredicateAsViewUser() throws Exception {
+    testGetResourcesClusterPredicate(TestAuthenticationFactory.createViewUser(99L), false);
+  }
+
   /**
    * @throws Exception
    */
-  @Test
-  public void testGetResourcesClusterPredicate() throws Exception {
+  private void testGetResourcesClusterPredicate(Authentication authentication, boolean expectResults) throws Exception {
     Request request = PropertyHelper.getReadRequest(
         AlertGroupResourceProvider.ALERT_GROUP_ID,
         AlertGroupResourceProvider.ALERT_GROUP_NAME,
@@ -154,36 +216,64 @@ public class AlertGroupResourceProviderTest {
 
     replay(m_amc, m_clusters, m_cluster, m_dao);
 
+    SecurityContextHolder.getContext().setAuthentication(authentication);
+
     AlertGroupResourceProvider provider = createProvider(m_amc);
     Set<Resource> results = provider.getResources(request, predicate);
 
-    assertEquals(1, results.size());
+    assertEquals(expectResults ? 1 : 0, results.size());
 
-    Resource r = results.iterator().next();
+    if(expectResults) {
+      Resource r = results.iterator().next();
 
-    assertEquals(ALERT_GROUP_NAME,
-        r.getPropertyValue(AlertGroupResourceProvider.ALERT_GROUP_NAME));
+      assertEquals(ALERT_GROUP_NAME,
+          r.getPropertyValue(AlertGroupResourceProvider.ALERT_GROUP_NAME));
 
-    assertEquals(ALERT_GROUP_ID,
-        r.getPropertyValue(AlertGroupResourceProvider.ALERT_GROUP_ID));
+      assertEquals(ALERT_GROUP_ID,
+          r.getPropertyValue(AlertGroupResourceProvider.ALERT_GROUP_ID));
 
-    assertEquals(ALERT_GROUP_CLUSTER_NAME,
-        r.getPropertyValue(AlertGroupResourceProvider.ALERT_GROUP_CLUSTER_NAME));
+      assertEquals(ALERT_GROUP_CLUSTER_NAME,
+          r.getPropertyValue(AlertGroupResourceProvider.ALERT_GROUP_CLUSTER_NAME));
 
-    // verify definitions do not come back when not requested
-    assertNull(r.getPropertyValue(AlertGroupResourceProvider.ALERT_GROUP_DEFINITIONS));
+      // verify definitions do not come back when not requested
+      assertNull(r.getPropertyValue(AlertGroupResourceProvider.ALERT_GROUP_DEFINITIONS));
 
-    // verify alerts do not come back when not requested
-    assertNull(r.getPropertyValue(AlertGroupResourceProvider.ALERT_GROUP_TARGETS));
+      // verify alerts do not come back when not requested
+      assertNull(r.getPropertyValue(AlertGroupResourceProvider.ALERT_GROUP_TARGETS));
+    }
 
     verify(m_amc, m_clusters, m_cluster, m_dao);
   }
 
+  @Test
+  public void testGetResourcesAllPropertiesAsAdministrator() throws Exception {
+    testGetResourcesAllProperties(TestAuthenticationFactory.createAdministrator(), true);
+  }
+
+  @Test
+  public void testGetResourcesAllPropertiesAsClusterAdministrator() throws Exception {
+    testGetResourcesAllProperties(TestAuthenticationFactory.createClusterAdministrator(), true);
+  }
+
+  @Test
+  public void testGetResourcesAllPropertiesAsServiceAdministrator() throws Exception {
+    testGetResourcesAllProperties(TestAuthenticationFactory.createServiceAdministrator(), true);
+  }
+
+  @Test
+  public void testGetResourcesAllPropertiesAsClusterUser() throws Exception {
+    testGetResourcesAllProperties(TestAuthenticationFactory.createClusterUser(), true);
+  }
+
+  @Test
+  public void testGetResourcesAllPropertiesAsViewUser() throws Exception {
+    testGetResourcesAllProperties(TestAuthenticationFactory.createViewUser(99L), false);
+  }
+
   /**
    * @throws Exception
    */
-  @Test
-  public void testGetResourcesAllProperties() throws Exception {
+  private void testGetResourcesAllProperties(Authentication authentication, boolean expectResults) throws Exception {
     Request request = PropertyHelper.getReadRequest();
 
     Predicate predicate = new PredicateBuilder().property(
@@ -194,43 +284,70 @@ public class AlertGroupResourceProviderTest {
 
     replay(m_amc, m_clusters, m_cluster, m_dao);
 
+    SecurityContextHolder.getContext().setAuthentication(authentication);
+
     AlertGroupResourceProvider provider = createProvider(m_amc);
     Set<Resource> results = provider.getResources(request, predicate);
 
-    assertEquals(1, results.size());
+    assertEquals(expectResults ? 1 : 0, results.size());
 
-    Resource r = results.iterator().next();
+    if(expectResults) {
+      Resource r = results.iterator().next();
 
-    assertEquals(ALERT_GROUP_NAME,
-        r.getPropertyValue(AlertGroupResourceProvider.ALERT_GROUP_NAME));
+      assertEquals(ALERT_GROUP_NAME,
+          r.getPropertyValue(AlertGroupResourceProvider.ALERT_GROUP_NAME));
 
-    assertEquals(ALERT_GROUP_ID,
-        r.getPropertyValue(AlertGroupResourceProvider.ALERT_GROUP_ID));
+      assertEquals(ALERT_GROUP_ID,
+          r.getPropertyValue(AlertGroupResourceProvider.ALERT_GROUP_ID));
 
-    assertEquals(ALERT_GROUP_CLUSTER_NAME,
-        r.getPropertyValue(AlertGroupResourceProvider.ALERT_GROUP_CLUSTER_NAME));
+      assertEquals(ALERT_GROUP_CLUSTER_NAME,
+          r.getPropertyValue(AlertGroupResourceProvider.ALERT_GROUP_CLUSTER_NAME));
 
 
-    // verify definitions and targets come back when requested
-    List<AlertDefinitionResponse> definitions = (List<AlertDefinitionResponse>) r.getPropertyValue(AlertGroupResourceProvider.ALERT_GROUP_DEFINITIONS);
-    List<AlertTarget> targets = (List<AlertTarget>) r.getPropertyValue(AlertGroupResourceProvider.ALERT_GROUP_TARGETS);
+      // verify definitions and targets come back when requested
+      List<AlertDefinitionResponse> definitions = (List<AlertDefinitionResponse>) r.getPropertyValue(AlertGroupResourceProvider.ALERT_GROUP_DEFINITIONS);
+      List<AlertTarget> targets = (List<AlertTarget>) r.getPropertyValue(AlertGroupResourceProvider.ALERT_GROUP_TARGETS);
 
-    assertNotNull(definitions);
-    assertEquals(1, definitions.size());
-    assertEquals(ALERT_DEF_NAME, definitions.get(0).getName());
-    assertEquals(SourceType.METRIC, definitions.get(0).getSourceType());
-    assertNotNull(targets);
-    assertEquals(1, targets.size());
+      assertNotNull(definitions);
+      assertEquals(1, definitions.size());
+      assertEquals(ALERT_DEF_NAME, definitions.get(0).getName());
+      assertEquals(SourceType.METRIC, definitions.get(0).getSourceType());
+      assertNotNull(targets);
+      assertEquals(1, targets.size());
+    }
 
     verify(m_amc, m_clusters, m_cluster, m_dao);
   }
 
+  @Test
+  public void testGetSingleResourceAsAdministrator() throws Exception {
+    testGetSingleResource(TestAuthenticationFactory.createAdministrator(), true);
+  }
+
+  @Test
+  public void testGetSingleResourceAsClusterAdministrator() throws Exception {
+    testGetSingleResource(TestAuthenticationFactory.createClusterAdministrator(), true);
+  }
+
+  @Test
+  public void testGetSingleResourceAsServiceAdministrator() throws Exception {
+    testGetSingleResource(TestAuthenticationFactory.createServiceAdministrator(), true);
+  }
+
+  @Test
+  public void testGetSingleResourceAsClusterUser() throws Exception {
+    testGetSingleResource(TestAuthenticationFactory.createClusterUser(), true);
+  }
+
+  @Test(expected = AuthorizationException.class)
+  public void testGetSingleResourceAsViewUser() throws Exception {
+    testGetSingleResource(TestAuthenticationFactory.createViewUser(99L), false);
+  }
   /**
    * @throws Exception
    */
-  @Test
   @SuppressWarnings("unchecked")
-  public void testGetSingleResource() throws Exception {
+  private void testGetSingleResource(Authentication authentication, boolean expectResults) throws Exception {
     Request request = PropertyHelper.getReadRequest();
 
     AmbariManagementController amc = createMock(AmbariManagementController.class);
@@ -244,46 +361,76 @@ public class AlertGroupResourceProviderTest {
     expect(m_dao.findGroupById(ALERT_GROUP_ID.longValue())).andReturn(
         getMockEntities().get(0));
 
-    replay(amc, m_dao);
+    expect(amc.getClusters()).andReturn(m_clusters).atLeastOnce();
+
+    replay(amc, m_dao, m_clusters, m_cluster);
+
+    SecurityContextHolder.getContext().setAuthentication(authentication);
 
     AlertGroupResourceProvider provider = createProvider(amc);
     Set<Resource> results = provider.getResources(request, predicate);
 
-    assertEquals(1, results.size());
+    assertEquals(expectResults ? 1 : 0, results.size());
 
-    Resource r = results.iterator().next();
+    if(expectResults) {
+      Resource r = results.iterator().next();
 
-    assertEquals(ALERT_GROUP_NAME,
-        r.getPropertyValue(AlertGroupResourceProvider.ALERT_GROUP_NAME));
+      assertEquals(ALERT_GROUP_NAME,
+          r.getPropertyValue(AlertGroupResourceProvider.ALERT_GROUP_NAME));
 
-    assertEquals(ALERT_GROUP_ID,
-        r.getPropertyValue(AlertGroupResourceProvider.ALERT_GROUP_ID));
+      assertEquals(ALERT_GROUP_ID,
+          r.getPropertyValue(AlertGroupResourceProvider.ALERT_GROUP_ID));
 
-    assertEquals(ALERT_GROUP_CLUSTER_NAME,
-        r.getPropertyValue(AlertGroupResourceProvider.ALERT_GROUP_CLUSTER_NAME));
+      assertEquals(ALERT_GROUP_CLUSTER_NAME,
+          r.getPropertyValue(AlertGroupResourceProvider.ALERT_GROUP_CLUSTER_NAME));
 
-    // verify definitions and targets are returned on single instances
-    List<AlertDefinitionResponse> definitions = (List<AlertDefinitionResponse>) r.getPropertyValue(AlertGroupResourceProvider.ALERT_GROUP_DEFINITIONS);
-    List<AlertTarget> targets = (List<AlertTarget>) r.getPropertyValue(AlertGroupResourceProvider.ALERT_GROUP_TARGETS);
+      // verify definitions and targets are returned on single instances
+      List<AlertDefinitionResponse> definitions = (List<AlertDefinitionResponse>) r.getPropertyValue(AlertGroupResourceProvider.ALERT_GROUP_DEFINITIONS);
+      List<AlertTarget> targets = (List<AlertTarget>) r.getPropertyValue(AlertGroupResourceProvider.ALERT_GROUP_TARGETS);
 
-    assertNotNull(definitions);
-    assertNotNull(targets);
+      assertNotNull(definitions);
+      assertNotNull(targets);
 
-    assertEquals(1, definitions.size());
-    assertEquals(ALERT_DEF_NAME, definitions.get(0).getName());
-    assertEquals(SourceType.METRIC, definitions.get(0).getSourceType());
+      assertEquals(1, definitions.size());
+      assertEquals(ALERT_DEF_NAME, definitions.get(0).getName());
+      assertEquals(SourceType.METRIC, definitions.get(0).getSourceType());
 
-    assertEquals(1, targets.size());
-    assertEquals(ALERT_TARGET_NAME, targets.get(0).getName());
+      assertEquals(1, targets.size());
+      assertEquals(ALERT_TARGET_NAME, targets.get(0).getName());
+    }
 
     verify(amc, m_dao);
   }
 
+  @Test
+  public void testCreateResourcesAsAdministrator() throws Exception {
+    testCreateResources(TestAuthenticationFactory.createAdministrator());
+  }
+
+  @Test
+  public void testCreateResourcesAsClusterAdministrator() throws Exception {
+    testCreateResources(TestAuthenticationFactory.createClusterAdministrator());
+  }
+
+  @Test(expected = AuthorizationException.class)
+  public void testCreateResourcesAsServiceAdministrator() throws Exception {
+    testCreateResources(TestAuthenticationFactory.createServiceAdministrator());
+  }
+
+  @Test(expected = AuthorizationException.class)
+  public void testCreateResourcesAsClusterUser() throws Exception {
+    testCreateResources(TestAuthenticationFactory.createClusterUser());
+  }
+
+  @Test(expected = AuthorizationException.class)
+  public void testCreateResourcesAsViewUser() throws Exception {
+    testCreateResources(TestAuthenticationFactory.createViewUser(99L));
+  }
+
   /**
    * @throws Exception
    */
-  @Test
-  public void testCreateResources() throws Exception {
+  public void testCreateResources(Authentication authentication) throws Exception {
     Capture<List<AlertGroupEntity>> listCapture = new Capture<List<AlertGroupEntity>>();
 
     // the definition IDs to associate with the group
@@ -316,6 +463,8 @@ public class AlertGroupResourceProviderTest {
 
     replay(m_amc, m_clusters, m_cluster, m_dao, m_definitionDao);
 
+    SecurityContextHolder.getContext().setAuthentication(authentication);
+
     AlertGroupResourceProvider provider = createProvider(m_amc);
 
     Map<String, Object> requestProps = new HashMap<String, Object>();
@@ -344,12 +493,36 @@ public class AlertGroupResourceProviderTest {
     verify(m_amc, m_clusters, m_cluster, m_dao, m_definitionDao);
   }
 
+  @Test
+  public void testUpdateResourcesAsAdministrator() throws Exception {
+    testUpdateResources(TestAuthenticationFactory.createAdministrator());
+  }
+
+  @Test(expected = AuthorizationException.class)
+  public void testUpdateResourcesAsClusterAdministrator() throws Exception {
+    testUpdateResources(TestAuthenticationFactory.createClusterAdministrator());
+  }
+
+  @Test(expected = AuthorizationException.class)
+  public void testUpdateResourcesAsServiceAdministrator() throws Exception {
+    testUpdateResources(TestAuthenticationFactory.createServiceAdministrator());
+  }
+
+  @Test(expected = AuthorizationException.class)
+  public void testUpdateResourcesAsClusterUser() throws Exception {
+    testUpdateResources(TestAuthenticationFactory.createClusterUser());
+  }
+
+  @Test(expected = AuthorizationException.class)
+  public void testUpdateResourcesAsViewUser() throws Exception {
+    testUpdateResources(TestAuthenticationFactory.createViewUser(99L));
+  }
+
   /**
    * @throws Exception
    */
-  @Test
   @SuppressWarnings("unchecked")
-  public void testUpdateResources() throws Exception {
+  public void testUpdateResources(Authentication authentication) throws Exception {
     Capture<AlertGroupEntity> entityCapture = new Capture<AlertGroupEntity>();
 
     // the definition IDs to associate with the group
@@ -387,6 +560,8 @@ public class AlertGroupResourceProviderTest {
 
     replay(m_amc, m_clusters, m_cluster, m_dao, m_definitionDao);
 
+    SecurityContextHolder.getContext().setAuthentication(authentication);
+
     AlertGroupResourceProvider provider = createProvider(m_amc);
     Map<String, Object> requestProps = new HashMap<String, Object>();
     requestProps.put(AlertGroupResourceProvider.ALERT_GROUP_NAME,
@@ -430,14 +605,38 @@ public class AlertGroupResourceProviderTest {
     verify(m_amc, m_clusters, m_cluster, m_dao, m_definitionDao);
   }
 
+  @Test
+  public void testUpdateDefaultGroupAsAdministrator() throws Exception {
+     testUpdateDefaultGroup(TestAuthenticationFactory.createAdministrator());
+  }
+
+  @Test
+  public void testUpdateDefaultGroupAsClusterAdministrator() throws Exception {
+    testUpdateDefaultGroup(TestAuthenticationFactory.createClusterAdministrator());
+  }
+
+  @Test(expected = AuthorizationException.class)
+  public void testUpdateDefaultGroupAsServiceAdministrator() throws Exception {
+    testUpdateDefaultGroup(TestAuthenticationFactory.createServiceAdministrator());
+  }
+
+  @Test(expected = AuthorizationException.class)
+  public void testUpdateDefaultGroupAsClusterUser() throws Exception {
+    testUpdateDefaultGroup(TestAuthenticationFactory.createClusterUser());
+  }
+
+  @Test(expected = AuthorizationException.class)
+  public void testUpdateDefaultGroupAsViewUser() throws Exception {
+    testUpdateDefaultGroup(TestAuthenticationFactory.createViewUser(99L));
+  }
+
   /**
    * Tests that updating a default group doesn't change read-only properties
    *
    * @throws Exception
    */
-  @Test
   @SuppressWarnings("unchecked")
-  public void testUpdateDefaultGroup() throws Exception {
+  private  void testUpdateDefaultGroup(Authentication authentication) throws Exception {
     Capture<AlertGroupEntity> entityCapture = new Capture<AlertGroupEntity>();
 
     // the definition IDs to associate with the group
@@ -464,6 +663,7 @@ public class AlertGroupResourceProviderTest {
 
     AlertGroupEntity group = new AlertGroupEntity();
     group.setDefault(true);
+    group.setClusterId(1L);
     group.setGroupName(ALERT_GROUP_NAME);
     group.setAlertDefinitions(getMockDefinitions());
     group.setAlertTargets(getMockTargets());
@@ -476,7 +676,9 @@ public class AlertGroupResourceProviderTest {
     expect(m_dao.findTargetsById(EasyMock.eq(newTargets))).andReturn(
         newTargetEntities).once();
 
-    replay(m_dao, m_definitionDao);
+    replay(m_dao, m_definitionDao, m_amc, m_clusters, m_cluster);
+
+    SecurityContextHolder.getContext().setAuthentication(authentication);
 
     AlertGroupResourceProvider provider = createProvider(m_amc);
 
@@ -517,11 +719,35 @@ public class AlertGroupResourceProviderTest {
     verify(m_dao, m_definitionDao);
   }
 
+  @Test
+  public void testDeleteResourcesAsAdministrator() throws Exception {
+    testDeleteResources(TestAuthenticationFactory.createAdministrator());
+  }
+
+  @Test
+  public void testDeleteResourcesAsClusterAdministrator() throws Exception {
+    testDeleteResources(TestAuthenticationFactory.createClusterAdministrator());
+  }
+
+  @Test(expected = AuthorizationException.class)
+  public void testDeleteResourcesAsServiceAdministrator() throws Exception {
+    testDeleteResources(TestAuthenticationFactory.createServiceAdministrator());
+  }
+
+  @Test(expected = AuthorizationException.class)
+  public void testDeleteResourcesAsClusterUser() throws Exception {
+    testDeleteResources(TestAuthenticationFactory.createClusterUser());
+  }
+
+  @Test(expected = AuthorizationException.class)
+  public void testDeleteResourcesAsViewUser() throws Exception {
+    testDeleteResources(TestAuthenticationFactory.createViewUser(99L));
+  }
+
   /**
    * @throws Exception
    */
-  @Test
-  public void testDeleteResources() throws Exception {
+  private void testDeleteResources(Authentication authentication) throws Exception {
     Capture<AlertGroupEntity> entityCapture = new Capture<AlertGroupEntity>();
     Capture<List<AlertGroupEntity>> listCapture = new Capture<List<AlertGroupEntity>>();
 
@@ -530,6 +756,8 @@ public class AlertGroupResourceProviderTest {
 
     replay(m_amc, m_clusters, m_cluster, m_dao);
 
+    SecurityContextHolder.getContext().setAuthentication(authentication);
+
     AlertGroupResourceProvider provider = createProvider(m_amc);
 
     Map<String, Object> requestProps = new HashMap<String, Object>();
@@ -569,13 +797,37 @@ public class AlertGroupResourceProviderTest {
     verify(m_amc, m_clusters, m_cluster, m_dao);
   }
 
+  @Test
+  public void testDeleteDefaultGroupAsAdministrator() throws Exception {
+    testDeleteDefaultGroup(TestAuthenticationFactory.createAdministrator());
+  }
+
+  @Test(expected = AuthorizationException.class)
+  public void testDeleteDefaultGroupAsClusterAdministrator() throws Exception {
+    testDeleteDefaultGroup(TestAuthenticationFactory.createClusterAdministrator());
+  }
+
+  @Test(expected = AuthorizationException.class)
+  public void testDeleteDefaultGroupAsServiceAdministrator() throws Exception {
+    testDeleteDefaultGroup(TestAuthenticationFactory.createServiceAdministrator());
+  }
+
+  @Test(expected = AuthorizationException.class)
+  public void testDeleteDefaultGroupAsClusterUser() throws Exception {
+    testDeleteDefaultGroup(TestAuthenticationFactory.createClusterUser());
+  }
+
+  @Test(expected = AuthorizationException.class)
+  public void testDeleteDefaultGroupAsViewUser() throws Exception {
+    testDeleteDefaultGroup(TestAuthenticationFactory.createViewUser(99L));
+  }
+
   /**
    * Tests that a default group cannot be deleted via the resource provider.
    *
    * @throws Exception
    */
-  @Test
-  public void testDeleteDefaultGroup() throws Exception {
+  private void testDeleteDefaultGroup(Authentication authentication) throws Exception {
     AlertGroupEntity group = new AlertGroupEntity();
     group.setGroupId(ALERT_GROUP_ID);
     group.setDefault(true);
@@ -586,7 +838,9 @@ public class AlertGroupResourceProviderTest {
     resetToStrict(m_dao);
     expect(m_dao.findGroupById(ALERT_GROUP_ID)).andReturn(group).anyTimes();
 
-    replay(m_dao);
+    replay(m_dao, m_amc, m_clusters, m_cluster);
+
+    SecurityContextHolder.getContext().setAuthentication(authentication);
 
     AlertGroupResourceProvider provider = createProvider(m_amc);
 
@@ -597,7 +851,7 @@ public class AlertGroupResourceProviderTest {
         ALERT_GROUP_ID.toString()).toPredicate();
 
     provider.deleteResources(predicate);
-    verify(m_dao);
+    verify(m_dao, m_amc);
   }
 
   /**


Mime
View raw message