Return-Path: 
 <commits-return-22982-apmail-ambari-commits-archive=ambari.apache.org@ambari.apache.org>
X-Original-To: apmail-ambari-commits-archive@www.apache.org
Delivered-To: apmail-ambari-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id E2C7218200
	for <apmail-ambari-commits-archive@www.apache.org>;
 Wed,  9 Dec 2015 17:51:47 +0000 (UTC)
Received: (qmail 828 invoked by uid 500); 9 Dec 2015 17:51:47 -0000
Delivered-To: apmail-ambari-commits-archive@ambari.apache.org
Received: (qmail 734 invoked by uid 500); 9 Dec 2015 17:51:47 -0000
Mailing-List: contact commits-help@ambari.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@ambari.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@ambari.apache.org>
List-Post: <mailto:commits@ambari.apache.org>
List-Id: <commits.ambari.apache.org>
Reply-To: ambari-dev@ambari.apache.org
Delivered-To: mailing list commits@ambari.apache.org
Received: (qmail 704 invoked by uid 99); 9 Dec 2015 17:51:47 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org)
 (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 09 Dec 2015 17:51:47 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at
 git1-us-west.apache.org, from userid 33)
	id DF31BE00AA; Wed,  9 Dec 2015 17:51:46 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: rlevas@apache.org
To: commits@ambari.apache.org
Date: Wed, 09 Dec 2015 17:51:46 -0000
Message-Id: <a0c5cbbec9a94b659ff5fa091bf9f848@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: [1/3] ambari git commit: AMBARI-14192. Enforce granular role-based
 access control for service functions (rlevas)

Repository: ambari
Updated Branches:
  refs/heads/trunk c17f410a1 -> f08db5c99


http://git-wip-us.apache.org/repos/asf/ambari/blob/f08db5c9/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ServiceResourceProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ServiceResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ServiceResourceProviderTest.java
index fc0c1cc..f067f49 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ServiceResourceProviderTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ServiceResourceProviderTest.java
@@ -37,6 +37,8 @@ import org.apache.ambari.server.controller.spi.SystemException;
 import org.apache.ambari.server.controller.utilities.PredicateBuilder;
 import org.apache.ambari.server.controller.utilities.PropertyHelper;
 import org.apache.ambari.server.metadata.RoleCommandOrder;
+import org.apache.ambari.server.security.TestAuthenticationFactory;
+import org.apache.ambari.server.security.authorization.AuthorizationException;
 import org.apache.ambari.server.serveraction.kerberos.KerberosAdminAuthenticationException;
 import org.apache.ambari.server.serveraction.kerberos.KerberosMissingAdminCredentialsException;
 import org.apache.ambari.server.state.Cluster;
@@ -50,8 +52,12 @@ import org.apache.ambari.server.state.ServiceFactory;
 import org.apache.ambari.server.state.StackId;
 import org.apache.ambari.server.state.State;
 import org.easymock.Capture;
+import org.easymock.EasyMock;
 import org.junit.Assert;
+import org.junit.Before;
 import org.junit.Test;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
 
 import java.lang.reflect.Field;
 import java.util.Collection;
@@ -74,6 +80,7 @@ import static org.easymock.EasyMock.eq;
 import static org.easymock.EasyMock.expect;
 import static org.easymock.EasyMock.expectLastCall;
 import static org.easymock.EasyMock.isNull;
+import static org.easymock.EasyMock.newCapture;
 import static org.easymock.EasyMock.replay;
 import static org.easymock.EasyMock.reset;
 import static org.easymock.EasyMock.verify;
@@ -82,9 +89,27 @@ import static org.easymock.EasyMock.verify;
  * ServiceResourceProvider tests.
  */
 public class ServiceResourceProviderTest {
+  @Before
+  public void clearAuthentication() {
+    SecurityContextHolder.getContext().setAuthentication(null);
+  }
 
   @Test
-  public void testCreateResources() throws Exception{
+  public void testCreateResourcesAsAdministrator() throws Exception{
+    testCreateResources(TestAuthenticationFactory.createAdministrator());
+  }
+
+  @Test
+  public void testCreateResourcesAsClusterAdministrator() throws Exception{
+    testCreateResources(TestAuthenticationFactory.createClusterAdministrator());
+  }
+
+  @Test(expected = AuthorizationException.class)
+  public void testCreateResourcesAsServiceAdministrator() throws Exception{
+    testCreateResources(TestAuthenticationFactory.createServiceAdministrator());
+  }
+
+  private void testCreateResources(Authentication authentication) throws Exception{
     AmbariManagementController managementController = createNiceMock(AmbariManagementController.class);
     Clusters clusters = createNiceMock(Clusters.class);
     Cluster cluster = createNiceMock(Cluster.class);
@@ -93,7 +118,7 @@ public class ServiceResourceProviderTest {
     ServiceFactory serviceFactory = createNiceMock(ServiceFactory.class);
     AmbariMetaInfo ambariMetaInfo = createNiceMock(AmbariMetaInfo.class);
 
-    expect(managementController.getClusters()).andReturn(clusters);
+    expect(managementController.getClusters()).andReturn(clusters).anyTimes();
     expect(managementController.getAmbariMetaInfo()).andReturn(ambariMetaInfo);
     expect(managementController.getServiceFactory()).andReturn(serviceFactory);
 
@@ -103,12 +128,15 @@ public class ServiceResourceProviderTest {
 
     expect(cluster.getService("Service100")).andReturn(null);
     expect(cluster.getDesiredStackVersion()).andReturn(stackId);
+    expect(cluster.getClusterId()).andReturn(2L).anyTimes();
 
     expect(ambariMetaInfo.isValidService( (String) anyObject(), (String) anyObject(), (String) anyObject())).andReturn(true);
 
     // replay
     replay(managementController, clusters, cluster, service, ambariMetaInfo, stackId, serviceFactory);
 
+    SecurityContextHolder.getContext().setAuthentication(authentication);
+
     ResourceProvider provider = getServiceProvider(managementController);
 
     // add the property map to a set for the request.  add more maps for multiple creates
@@ -134,7 +162,21 @@ public class ServiceResourceProviderTest {
   }
 
   @Test
-  public void testGetResources() throws Exception{
+  public void testGetResourcesAsAdministrator() throws Exception{
+    testGetResources(TestAuthenticationFactory.createAdministrator());
+  }
+
+  @Test
+  public void testGetResourcesAsClusterAdministrator() throws Exception{
+    testGetResources(TestAuthenticationFactory.createClusterAdministrator());
+  }
+
+  @Test
+  public void testGetResourcesAsServiceAdministrator() throws Exception{
+    testGetResources(TestAuthenticationFactory.createServiceAdministrator());
+  }
+
+  private void testGetResources(Authentication authentication) throws Exception{
     AmbariManagementController managementController = createMock(AmbariManagementController.class);
     Clusters clusters = createNiceMock(Clusters.class);
     Cluster cluster = createNiceMock(Cluster.class);
@@ -164,7 +206,7 @@ public class ServiceResourceProviderTest {
     expect(managementController.getClusters()).andReturn(clusters).anyTimes();
     expect(managementController.getAmbariMetaInfo()).andReturn(ambariMetaInfo).anyTimes();
     expect(managementController.getServiceFactory()).andReturn(serviceFactory).anyTimes();
-    expect(managementController.getHostComponents((Set<ServiceComponentHostRequest>) anyObject())).
+    expect(managementController.getHostComponents(EasyMock.<Set<ServiceComponentHostRequest>>anyObject())).
         andReturn(Collections.<ServiceComponentHostResponse>emptySet()).anyTimes();
 
     expect(clusters.getCluster("Cluster100")).andReturn(cluster).anyTimes();
@@ -207,6 +249,8 @@ public class ServiceResourceProviderTest {
         serviceResponse0, serviceResponse1, serviceResponse2, serviceResponse3, serviceResponse4,
         ambariMetaInfo, stackId, serviceFactory);
 
+    SecurityContextHolder.getContext().setAuthentication(authentication);
+
     ResourceProvider provider = getServiceProvider(managementController);
 
     Set<String> propertyIds = new HashSet<String>();
@@ -281,7 +325,7 @@ public class ServiceResourceProviderTest {
     expect(managementController.getClusters()).andReturn(clusters).anyTimes();
     expect(managementController.getAmbariMetaInfo()).andReturn(ambariMetaInfo).anyTimes();
     expect(managementController.getServiceFactory()).andReturn(serviceFactory).anyTimes();
-    expect(managementController.getHostComponents((Set<ServiceComponentHostRequest>) anyObject())).
+    expect(managementController.getHostComponents(EasyMock.<Set<ServiceComponentHostRequest>>anyObject())).
         andReturn(Collections.<ServiceComponentHostResponse>emptySet()).anyTimes();
 
     expect(clusters.getCluster("Cluster100")).andReturn(cluster).anyTimes();
@@ -302,6 +346,8 @@ public class ServiceResourceProviderTest {
     replay(managementController, clusters, cluster, service0, serviceResponse0,
         ambariMetaInfo, stackId, serviceFactory, kerberosHeper);
 
+    SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createAdministrator());
+
     ResourceProvider provider = getServiceProvider(managementController);
     // set kerberos helper on provider
     Class<?> c = provider.getClass();
@@ -309,11 +355,6 @@ public class ServiceResourceProviderTest {
     f.setAccessible(true);
     f.set(provider, kerberosHeper);
 
-    Set<String> propertyIds = new HashSet<String>();
-
-    propertyIds.add(ServiceResourceProvider.SERVICE_CLUSTER_NAME_PROPERTY_ID);
-    propertyIds.add(ServiceResourceProvider.SERVICE_SERVICE_NAME_PROPERTY_ID);
-
     // create the request
     Predicate predicate = new PredicateBuilder().property(ServiceResourceProvider.SERVICE_CLUSTER_NAME_PROPERTY_ID).equals("Cluster100").and().
         property(ServiceResourceProvider.SERVICE_SERVICE_NAME_PROPERTY_ID).equals("KERBEROS").toPredicate();
@@ -353,7 +394,7 @@ public class ServiceResourceProviderTest {
     expect(managementController.getClusters()).andReturn(clusters).anyTimes();
     expect(managementController.getAmbariMetaInfo()).andReturn(ambariMetaInfo).anyTimes();
     expect(managementController.getServiceFactory()).andReturn(serviceFactory).anyTimes();
-    expect(managementController.getHostComponents((Set<ServiceComponentHostRequest>) anyObject())).
+    expect(managementController.getHostComponents(EasyMock.<Set<ServiceComponentHostRequest>>anyObject())).
         andReturn(Collections.<ServiceComponentHostResponse>emptySet()).anyTimes();
 
     expect(clusters.getCluster("Cluster100")).andReturn(cluster).anyTimes();
@@ -375,6 +416,8 @@ public class ServiceResourceProviderTest {
     replay(managementController, clusters, cluster, service0, serviceResponse0,
         ambariMetaInfo, stackId, serviceFactory, kerberosHelper);
 
+    SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createAdministrator());
+
     ResourceProvider provider = getServiceProvider(managementController);
     // set kerberos helper on provider
     Class<?> c = provider.getClass();
@@ -382,11 +425,6 @@ public class ServiceResourceProviderTest {
     f.setAccessible(true);
     f.set(provider, kerberosHelper);
 
-    Set<String> propertyIds = new HashSet<String>();
-
-    propertyIds.add(ServiceResourceProvider.SERVICE_CLUSTER_NAME_PROPERTY_ID);
-    propertyIds.add(ServiceResourceProvider.SERVICE_SERVICE_NAME_PROPERTY_ID);
-
     // create the request
     Predicate predicate = new PredicateBuilder().property(ServiceResourceProvider.SERVICE_CLUSTER_NAME_PROPERTY_ID).equals("Cluster100").and().
         property(ServiceResourceProvider.SERVICE_SERVICE_NAME_PROPERTY_ID).equals("KERBEROS").toPredicate();
@@ -424,7 +462,7 @@ public class ServiceResourceProviderTest {
     expect(managementController.getClusters()).andReturn(clusters).anyTimes();
     expect(managementController.getAmbariMetaInfo()).andReturn(ambariMetaInfo).anyTimes();
     expect(managementController.getServiceFactory()).andReturn(serviceFactory).anyTimes();
-    expect(managementController.getHostComponents((Set<ServiceComponentHostRequest>) anyObject())).
+    expect(managementController.getHostComponents(EasyMock.<Set<ServiceComponentHostRequest>>anyObject())).
         andReturn(Collections.<ServiceComponentHostResponse>emptySet()).anyTimes();
 
     expect(clusters.getCluster("Cluster100")).andReturn(cluster).anyTimes();
@@ -446,6 +484,8 @@ public class ServiceResourceProviderTest {
     replay(managementController, clusters, cluster, service0, serviceResponse0,
         ambariMetaInfo, stackId, serviceFactory, kerberosHeper);
 
+    SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createAdministrator());
+
     ResourceProvider provider = getServiceProvider(managementController);
     // set kerberos helper on provider
     Class<?> c = provider.getClass();
@@ -453,11 +493,6 @@ public class ServiceResourceProviderTest {
     f.setAccessible(true);
     f.set(provider, kerberosHeper);
 
-    Set<String> propertyIds = new HashSet<String>();
-
-    propertyIds.add(ServiceResourceProvider.SERVICE_CLUSTER_NAME_PROPERTY_ID);
-    propertyIds.add(ServiceResourceProvider.SERVICE_SERVICE_NAME_PROPERTY_ID);
-
     // create the request
     Predicate predicate = new PredicateBuilder().property(ServiceResourceProvider.SERVICE_CLUSTER_NAME_PROPERTY_ID).equals("Cluster100").and().
         property(ServiceResourceProvider.SERVICE_SERVICE_NAME_PROPERTY_ID).equals("KERBEROS").toPredicate();
@@ -519,6 +554,8 @@ public class ServiceResourceProviderTest {
     replay(managementController, clusters, cluster, service0, serviceResponse0,
         ambariMetaInfo, stackId, serviceFactory, kerberosHeper);
 
+    SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createAdministrator());
+
     ResourceProvider provider = getServiceProvider(managementController);
     // set kerberos helper on provider
     Class<?> c = provider.getClass();
@@ -526,11 +563,6 @@ public class ServiceResourceProviderTest {
     f.setAccessible(true);
     f.set(provider, kerberosHeper);
 
-    Set<String> propertyIds = new HashSet<String>();
-
-    propertyIds.add(ServiceResourceProvider.SERVICE_CLUSTER_NAME_PROPERTY_ID);
-    propertyIds.add(ServiceResourceProvider.SERVICE_SERVICE_NAME_PROPERTY_ID);
-
     // create the request
     Predicate predicate = new PredicateBuilder().property(ServiceResourceProvider.SERVICE_CLUSTER_NAME_PROPERTY_ID).equals("Cluster100").and().
         property(ServiceResourceProvider.SERVICE_SERVICE_NAME_PROPERTY_ID).equals("KERBEROS").toPredicate();
@@ -550,9 +582,22 @@ public class ServiceResourceProviderTest {
         ambariMetaInfo, stackId, serviceFactory, kerberosHeper);
   }
 
+  @Test
+  public void testUpdateResourcesAsAdministrator() throws Exception{
+    testUpdateResources(TestAuthenticationFactory.createAdministrator());
+  }
 
   @Test
-  public void testUpdateResources() throws Exception{
+  public void testUpdateResourcesAsClusterAdministrator() throws Exception{
+    testUpdateResources(TestAuthenticationFactory.createClusterAdministrator());
+  }
+
+  @Test
+  public void testUpdateResourcesAsServiceAdministrator() throws Exception{
+    testUpdateResources(TestAuthenticationFactory.createServiceAdministrator());
+  }
+
+  private void testUpdateResources(Authentication authentication) throws Exception{
     MaintenanceStateHelper maintenanceStateHelper = createNiceMock(MaintenanceStateHelper.class);
     AmbariManagementController managementController = createMock(AmbariManagementController.class);
     Clusters clusters = createNiceMock(Clusters.class);
@@ -574,18 +619,19 @@ public class ServiceResourceProviderTest {
 
     expect(clusters.getCluster("Cluster100")).andReturn(cluster).anyTimes();
 
+    expect(cluster.getClusterId()).andReturn(2L).anyTimes();
     expect(cluster.getService("Service102")).andReturn(service0);
 
     expect(service0.getDesiredState()).andReturn(State.INSTALLED).anyTimes();
     expect(service0.getServiceComponents()).andReturn(Collections.<String, ServiceComponent>emptyMap()).anyTimes();
 
-    Capture<Map<String, String>> requestPropertiesCapture = new Capture<Map<String, String>>();
-    Capture<Map<State, List<Service>>> changedServicesCapture = new Capture<Map<State, List<Service>>>();
-    Capture<Map<State, List<ServiceComponent>>> changedCompsCapture = new Capture<Map<State, List<ServiceComponent>>>();
-    Capture<Map<String, Map<State, List<ServiceComponentHost>>>> changedScHostsCapture = new Capture<Map<String, Map<State, List<ServiceComponentHost>>>>();
-    Capture<Map<String, String>> requestParametersCapture = new Capture<Map<String, String>>();
-    Capture<Collection<ServiceComponentHost>> ignoredScHostsCapture = new Capture<Collection<ServiceComponentHost>>();
-    Capture<Cluster> clusterCapture = new Capture<Cluster>();
+    Capture<Map<String, String>> requestPropertiesCapture = newCapture();
+    Capture<Map<State, List<Service>>> changedServicesCapture = newCapture();
+    Capture<Map<State, List<ServiceComponent>>> changedCompsCapture = newCapture();
+    Capture<Map<String, Map<State, List<ServiceComponentHost>>>> changedScHostsCapture = newCapture();
+    Capture<Map<String, String>> requestParametersCapture = newCapture();
+    Capture<Collection<ServiceComponentHost>> ignoredScHostsCapture = newCapture();
+    Capture<Cluster> clusterCapture = newCapture();
 
     expect(managementController.addStages((RequestStageContainer) isNull(), capture(clusterCapture), capture(requestPropertiesCapture),
         capture(requestParametersCapture), capture(changedServicesCapture), capture(changedCompsCapture),
@@ -605,6 +651,8 @@ public class ServiceResourceProviderTest {
     replay(managementController, clusters, cluster, rco, maintenanceStateHelper,
         service0, serviceFactory, ambariMetaInfo, requestStages, requestStatusResponse);
 
+    SecurityContextHolder.getContext().setAuthentication(authentication);
+
     ServiceResourceProvider provider = getServiceProvider(managementController, maintenanceStateHelper);
 
     // add the property map to a set for the request.
@@ -626,7 +674,21 @@ public class ServiceResourceProviderTest {
   }
 
   @Test
-  public void testReconfigureClientsFlag() throws Exception {
+  public void testReconfigureClientsFlagAsAdministrator() throws Exception {
+    testReconfigureClientsFlag(TestAuthenticationFactory.createAdministrator());
+  }
+
+  @Test
+  public void testReconfigureClientsFlagAsClusterAdministrator() throws Exception {
+    testReconfigureClientsFlag(TestAuthenticationFactory.createAdministrator("clusterAdmin"));
+  }
+
+  @Test
+  public void testReconfigureClientsFlagAsServiceAdministrator() throws Exception {
+    testReconfigureClientsFlag(TestAuthenticationFactory.createServiceAdministrator());
+  }
+
+  private void testReconfigureClientsFlag(Authentication authentication) throws Exception {
     MaintenanceStateHelper maintenanceStateHelper = createNiceMock(MaintenanceStateHelper.class);
     AmbariManagementController managementController1 = createMock(AmbariManagementController.class);
     AmbariManagementController managementController2 = createMock
@@ -648,9 +710,9 @@ public class ServiceResourceProviderTest {
     mapRequestProps.put("context", "Called from a test");
 
     // set expectations
-    expect(managementController1.getHostComponents((Set<ServiceComponentHostRequest>) anyObject())).
+    expect(managementController1.getHostComponents(EasyMock.<Set<ServiceComponentHostRequest>>anyObject())).
         andReturn(Collections.<ServiceComponentHostResponse>emptySet()).anyTimes();
-    expect(managementController2.getHostComponents((Set<ServiceComponentHostRequest>) anyObject())).
+    expect(managementController2.getHostComponents(EasyMock.<Set<ServiceComponentHostRequest>>anyObject())).
         andReturn(Collections.<ServiceComponentHostResponse>emptySet()).anyTimes();
 
     expect(clusters.getCluster("Cluster100")).andReturn(cluster).anyTimes();
@@ -661,6 +723,7 @@ public class ServiceResourceProviderTest {
     expect(managementController2.getClusters()).andReturn(clusters).anyTimes();
     expect(managementController2.getAmbariMetaInfo()).andReturn(ambariMetaInfo).anyTimes();
 
+    expect(cluster.getClusterId()).andReturn(2L).anyTimes();
     expect(cluster.getService("Service102")).andReturn(service0).anyTimes();
 
     expect(service0.convertToResponse()).andReturn(serviceResponse0).anyTimes();
@@ -670,13 +733,13 @@ public class ServiceResourceProviderTest {
     expect(serviceResponse0.getClusterName()).andReturn("Cluster100").anyTimes();
     expect(serviceResponse0.getServiceName()).andReturn("Service102").anyTimes();
 
-    Capture<Map<String, String>> requestPropertiesCapture = new Capture<Map<String, String>>();
-    Capture<Map<State, List<Service>>> changedServicesCapture = new Capture<Map<State, List<Service>>>();
-    Capture<Map<State, List<ServiceComponent>>> changedCompsCapture = new Capture<Map<State, List<ServiceComponent>>>();
-    Capture<Map<String, Map<State, List<ServiceComponentHost>>>> changedScHostsCapture = new Capture<Map<String, Map<State, List<ServiceComponentHost>>>>();
-    Capture<Map<String, String>> requestParametersCapture = new Capture<Map<String, String>>();
-    Capture<Collection<ServiceComponentHost>> ignoredScHostsCapture = new Capture<Collection<ServiceComponentHost>>();
-    Capture<Cluster> clusterCapture = new Capture<Cluster>();
+    Capture<Map<String, String>> requestPropertiesCapture = newCapture();
+    Capture<Map<State, List<Service>>> changedServicesCapture = newCapture();
+    Capture<Map<State, List<ServiceComponent>>> changedCompsCapture = newCapture();
+    Capture<Map<String, Map<State, List<ServiceComponentHost>>>> changedScHostsCapture = newCapture();
+    Capture<Map<String, String>> requestParametersCapture = newCapture();
+    Capture<Collection<ServiceComponentHost>> ignoredScHostsCapture = newCapture();
+    Capture<Cluster> clusterCapture = newCapture();
 
     expect(managementController1.addStages((RequestStageContainer) isNull(), capture(clusterCapture), capture(requestPropertiesCapture),
         capture(requestParametersCapture), capture(changedServicesCapture), capture(changedCompsCapture),
@@ -708,6 +771,8 @@ public class ServiceResourceProviderTest {
     replay(managementController1, response1, managementController2, requestStages1, requestStages2, response2,
         clusters, cluster, service0, serviceResponse0, ambariMetaInfo, rco, maintenanceStateHelper);
 
+    SecurityContextHolder.getContext().setAuthentication(authentication);
+
     ServiceResourceProvider provider1 = getServiceProvider(managementController1, maintenanceStateHelper);
 
     ServiceResourceProvider provider2 = getServiceProvider(managementController2, maintenanceStateHelper);
@@ -743,7 +808,21 @@ public class ServiceResourceProviderTest {
   }
 
   @Test
-  public void testDeleteResources() throws Exception{
+  public void testDeleteResourcesAsAdministrator() throws Exception{
+    testDeleteResources(TestAuthenticationFactory.createAdministrator());
+  }
+
+  @Test
+  public void testDeleteResourcesAsClusterAdministrator() throws Exception{
+    testDeleteResources(TestAuthenticationFactory.createClusterAdministrator());
+  }
+
+  @Test(expected = AuthorizationException.class)
+  public void testDeleteResourcesAsServiceAdministrator() throws Exception{
+    testDeleteResources(TestAuthenticationFactory.createServiceAdministrator());
+  }
+
+  private void testDeleteResources(Authentication authentication) throws Exception{
     AmbariManagementController managementController = createMock(AmbariManagementController.class);
     Clusters clusters = createNiceMock(Clusters.class);
     Cluster cluster = createNiceMock(Cluster.class);
@@ -754,6 +833,7 @@ public class ServiceResourceProviderTest {
     // set expectations
     expect(managementController.getClusters()).andReturn(clusters).anyTimes();
     expect(clusters.getCluster("Cluster100")).andReturn(cluster).anyTimes();
+    expect(cluster.getClusterId()).andReturn(2L).anyTimes();
     expect(cluster.getService(serviceName)).andReturn(service).anyTimes();
     expect(service.getDesiredState()).andReturn(State.INSTALLED).anyTimes();
     expect(service.getName()).andReturn(serviceName).anyTimes();
@@ -764,6 +844,8 @@ public class ServiceResourceProviderTest {
     // replay
     replay(managementController, clusters, cluster, service);
 
+    SecurityContextHolder.getContext().setAuthentication(authentication);
+
     ResourceProvider provider = getServiceProvider(managementController);
 
     AbstractResourceProviderTest.TestObserver observer = new AbstractResourceProviderTest.TestObserver();
@@ -799,6 +881,7 @@ public class ServiceResourceProviderTest {
     // set expectations
     expect(managementController.getClusters()).andReturn(clusters).anyTimes();
     expect(clusters.getCluster("Cluster100")).andReturn(cluster).anyTimes();
+    expect(cluster.getClusterId()).andReturn(2L).anyTimes();
     expect(cluster.getService(serviceName)).andReturn(service).anyTimes();
     expect(service.getDesiredState()).andReturn(State.STARTED).anyTimes();
     expect(service.getName()).andReturn(serviceName).anyTimes();
@@ -809,6 +892,8 @@ public class ServiceResourceProviderTest {
     // replay
     replay(managementController, clusters, cluster, service);
 
+    SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createAdministrator());
+
     ResourceProvider provider = getServiceProvider(managementController);
 
     AbstractResourceProviderTest.TestObserver observer = new AbstractResourceProviderTest.TestObserver();
@@ -859,6 +944,8 @@ public class ServiceResourceProviderTest {
     // replay
     replay(managementController, clusters, cluster, service, sc);
 
+    SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createAdministrator());
+
     ResourceProvider provider = getServiceProvider(managementController);
 
     AbstractResourceProviderTest.TestObserver observer = new AbstractResourceProviderTest.TestObserver();
@@ -900,7 +987,7 @@ public class ServiceResourceProviderTest {
         Component = component;
         DesiredState = desiredState;
       }
-    };
+    }
 
     //
     // Set up three components in INSTALLED state, so that the service can be deleted, no matter what state the service is in
@@ -936,6 +1023,8 @@ public class ServiceResourceProviderTest {
     // replay
     replay(managementController, clusters, cluster, service, component1.Component, component2.Component, component3.Component);
 
+    SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createAdministrator());
+
     ResourceProvider provider = getServiceProvider(managementController);
 
     AbstractResourceProviderTest.TestObserver observer = new AbstractResourceProviderTest.TestObserver();
@@ -1026,7 +1115,7 @@ public class ServiceResourceProviderTest {
     expect(managementController.getAmbariMetaInfo()).andReturn(ambariMetaInfo).anyTimes();
     expect(managementController.getClusters()).andReturn(clusters).anyTimes();
     expect(clusters.getCluster("C1")).andReturn(cluster).anyTimes();
-    expect(managementController.getHostComponents((Set<ServiceComponentHostRequest>) anyObject())).andReturn(responses).anyTimes();
+    expect(managementController.getHostComponents(EasyMock.<Set<ServiceComponentHostRequest>>anyObject())).andReturn(responses).anyTimes();
     expect(cluster.getDesiredStackVersion()).andReturn(stackId);
 
     expect(stackId.getStackName()).andReturn("S1").anyTimes();
@@ -1077,7 +1166,7 @@ public class ServiceResourceProviderTest {
     expect(managementController.getAmbariMetaInfo()).andReturn(ambariMetaInfo).anyTimes();
     expect(managementController.getClusters()).andReturn(clusters).anyTimes();
     expect(clusters.getCluster("C1")).andReturn(cluster).anyTimes();
-    expect(managementController.getHostComponents((Set<ServiceComponentHostRequest>) anyObject())).andReturn(responses).anyTimes();
+    expect(managementController.getHostComponents(EasyMock.<Set<ServiceComponentHostRequest>>anyObject())).andReturn(responses).anyTimes();
     expect(cluster.getDesiredStackVersion()).andReturn(stackId);
 
     expect(stackId.getStackName()).andReturn("S1").anyTimes();
@@ -1126,7 +1215,7 @@ public class ServiceResourceProviderTest {
     expect(managementController.getAmbariMetaInfo()).andReturn(ambariMetaInfo).anyTimes();
     expect(managementController.getClusters()).andReturn(clusters).anyTimes();
     expect(clusters.getCluster("C1")).andReturn(cluster).anyTimes();
-    expect(managementController.getHostComponents((Set<ServiceComponentHostRequest>) anyObject())).andReturn(responses).anyTimes();
+    expect(managementController.getHostComponents(EasyMock.<Set<ServiceComponentHostRequest>>anyObject())).andReturn(responses).anyTimes();
     expect(cluster.getDesiredStackVersion()).andReturn(stackId);
 
     expect(stackId.getStackName()).andReturn("S1").anyTimes();
@@ -1175,7 +1264,7 @@ public class ServiceResourceProviderTest {
     expect(managementController.getAmbariMetaInfo()).andReturn(ambariMetaInfo).anyTimes();
     expect(managementController.getClusters()).andReturn(clusters).anyTimes();
     expect(clusters.getCluster("C1")).andReturn(cluster).anyTimes();
-    expect(managementController.getHostComponents((Set<ServiceComponentHostRequest>) anyObject())).andReturn(responses).anyTimes();
+    expect(managementController.getHostComponents(EasyMock.<Set<ServiceComponentHostRequest>>anyObject())).andReturn(responses).anyTimes();
     expect(cluster.getDesiredStackVersion()).andReturn(stackId);
 
     expect(stackId.getStackName()).andReturn("S1").anyTimes();
@@ -1221,7 +1310,7 @@ public class ServiceResourceProviderTest {
     expect(managementController.getAmbariMetaInfo()).andReturn(ambariMetaInfo).anyTimes();
     expect(managementController.getClusters()).andReturn(clusters).anyTimes();
     expect(clusters.getCluster("C1")).andReturn(cluster).anyTimes();
-    expect(managementController.getHostComponents((Set<ServiceComponentHostRequest>) anyObject())).andReturn(responses).anyTimes();
+    expect(managementController.getHostComponents(EasyMock.<Set<ServiceComponentHostRequest>>anyObject())).andReturn(responses).anyTimes();
     expect(cluster.getDesiredStackVersion()).andReturn(stackId);
 
     expect(stackId.getStackName()).andReturn("S1").anyTimes();
@@ -1268,7 +1357,7 @@ public class ServiceResourceProviderTest {
     expect(managementController.getAmbariMetaInfo()).andReturn(ambariMetaInfo).anyTimes();
     expect(managementController.getClusters()).andReturn(clusters).anyTimes();
     expect(clusters.getCluster("C1")).andReturn(cluster).anyTimes();
-    expect(managementController.getHostComponents((Set<ServiceComponentHostRequest>) anyObject())).andReturn(responses).anyTimes();
+    expect(managementController.getHostComponents(EasyMock.<Set<ServiceComponentHostRequest>>anyObject())).andReturn(responses).anyTimes();
     expect(cluster.getDesiredStackVersion()).andReturn(stackId);
 
     expect(stackId.getStackName()).andReturn("S1").anyTimes();
@@ -1316,7 +1405,7 @@ public class ServiceResourceProviderTest {
     expect(managementController.getAmbariMetaInfo()).andReturn(ambariMetaInfo).anyTimes();
     expect(managementController.getClusters()).andReturn(clusters).anyTimes();
     expect(clusters.getCluster("C1")).andReturn(cluster).anyTimes();
-    expect(managementController.getHostComponents((Set<ServiceComponentHostRequest>) anyObject())).andReturn(responses).anyTimes();
+    expect(managementController.getHostComponents(EasyMock.<Set<ServiceComponentHostRequest>>anyObject())).andReturn(responses).anyTimes();
     expect(cluster.getDesiredStackVersion()).andReturn(stackId);
 
     expect(stackId.getStackName()).andReturn("S1").anyTimes();
@@ -1370,7 +1459,7 @@ public class ServiceResourceProviderTest {
     expect(managementController.getAmbariMetaInfo()).andReturn(ambariMetaInfo).anyTimes();
     expect(managementController.getClusters()).andReturn(clusters).anyTimes();
     expect(clusters.getCluster("C1")).andReturn(cluster).anyTimes();
-    expect(managementController.getHostComponents((Set<ServiceComponentHostRequest>) anyObject())).andReturn(responses).anyTimes();
+    expect(managementController.getHostComponents(EasyMock.<Set<ServiceComponentHostRequest>>anyObject())).andReturn(responses).anyTimes();
     expect(cluster.getDesiredStackVersion()).andReturn(stackId);
 
     expect(stackId.getStackName()).andReturn("S1").anyTimes();
@@ -1426,7 +1515,7 @@ public class ServiceResourceProviderTest {
     expect(managementController.getAmbariMetaInfo()).andReturn(ambariMetaInfo).anyTimes();
     expect(managementController.getClusters()).andReturn(clusters).anyTimes();
     expect(clusters.getCluster("C1")).andReturn(cluster).anyTimes();
-    expect(managementController.getHostComponents((Set<ServiceComponentHostRequest>) anyObject())).andReturn(responses).anyTimes();
+    expect(managementController.getHostComponents(EasyMock.<Set<ServiceComponentHostRequest>>anyObject())).andReturn(responses).anyTimes();
     expect(cluster.getDesiredStackVersion()).andReturn(stackId);
 
     expect(stackId.getStackName()).andReturn("S1").anyTimes();
@@ -1484,7 +1573,7 @@ public class ServiceResourceProviderTest {
     expect(managementController.getAmbariMetaInfo()).andReturn(ambariMetaInfo).anyTimes();
     expect(managementController.getClusters()).andReturn(clusters).anyTimes();
     expect(clusters.getCluster("C1")).andReturn(cluster).anyTimes();
-    expect(managementController.getHostComponents((Set<ServiceComponentHostRequest>) anyObject())).andReturn(responses).anyTimes();
+    expect(managementController.getHostComponents(EasyMock.<Set<ServiceComponentHostRequest>>anyObject())).andReturn(responses).anyTimes();
     expect(cluster.getDesiredStackVersion()).andReturn(stackId);
 
     expect(stackId.getStackName()).andReturn("S1").anyTimes();
@@ -1534,7 +1623,7 @@ public class ServiceResourceProviderTest {
     expect(managementController.getAmbariMetaInfo()).andReturn(ambariMetaInfo).anyTimes();
     expect(managementController.getClusters()).andReturn(clusters).anyTimes();
     expect(clusters.getCluster("C1")).andReturn(cluster).anyTimes();
-    expect(managementController.getHostComponents((Set<ServiceComponentHostRequest>) anyObject())).andReturn(responses).anyTimes();
+    expect(managementController.getHostComponents(EasyMock.<Set<ServiceComponentHostRequest>>anyObject())).andReturn(responses).anyTimes();
     expect(cluster.getDesiredStackVersion()).andReturn(stackId);
 
     expect(stackId.getStackName()).andReturn("S1").anyTimes();
@@ -1582,7 +1671,7 @@ public class ServiceResourceProviderTest {
     expect(managementController.getAmbariMetaInfo()).andReturn(ambariMetaInfo).anyTimes();
     expect(managementController.getClusters()).andReturn(clusters).anyTimes();
     expect(clusters.getCluster("C1")).andReturn(cluster).anyTimes();
-    expect(managementController.getHostComponents((Set<ServiceComponentHostRequest>) anyObject())).andReturn(responses).anyTimes();
+    expect(managementController.getHostComponents(EasyMock.<Set<ServiceComponentHostRequest>>anyObject())).andReturn(responses).anyTimes();
     expect(cluster.getDesiredStackVersion()).andReturn(stackId);
 
     expect(stackId.getStackName()).andReturn("S1").anyTimes();
@@ -1630,7 +1719,7 @@ public class ServiceResourceProviderTest {
     expect(managementController.getAmbariMetaInfo()).andReturn(ambariMetaInfo).anyTimes();
     expect(managementController.getClusters()).andReturn(clusters).anyTimes();
     expect(clusters.getCluster("C1")).andReturn(cluster).anyTimes();
-    expect(managementController.getHostComponents((Set<ServiceComponentHostRequest>) anyObject())).andReturn(responses).anyTimes();
+    expect(managementController.getHostComponents(EasyMock.<Set<ServiceComponentHostRequest>>anyObject())).andReturn(responses).anyTimes();
     expect(cluster.getDesiredStackVersion()).andReturn(stackId);
 
     expect(stackId.getStackName()).andReturn("S1").anyTimes();
@@ -1676,7 +1765,7 @@ public class ServiceResourceProviderTest {
     expect(managementController.getAmbariMetaInfo()).andReturn(ambariMetaInfo).anyTimes();
     expect(managementController.getClusters()).andReturn(clusters).anyTimes();
     expect(clusters.getCluster("C1")).andReturn(cluster).anyTimes();
-    expect(managementController.getHostComponents((Set<ServiceComponentHostRequest>) anyObject())).andReturn(responses).anyTimes();
+    expect(managementController.getHostComponents(EasyMock.<Set<ServiceComponentHostRequest>>anyObject())).andReturn(responses).anyTimes();
     expect(cluster.getDesiredStackVersion()).andReturn(stackId);
 
     expect(stackId.getStackName()).andReturn("S1").anyTimes();
@@ -1719,7 +1808,7 @@ public class ServiceResourceProviderTest {
     expect(managementController.getAmbariMetaInfo()).andReturn(ambariMetaInfo).anyTimes();
     expect(managementController.getClusters()).andReturn(clusters).anyTimes();
     expect(clusters.getCluster("C1")).andReturn(cluster).anyTimes();
-    expect(managementController.getHostComponents((Set<ServiceComponentHostRequest>) anyObject())).andReturn(responses).anyTimes();
+    expect(managementController.getHostComponents(EasyMock.<Set<ServiceComponentHostRequest>>anyObject())).andReturn(responses).anyTimes();
     expect(cluster.getDesiredStackVersion()).andReturn(stackId);
 
     expect(stackId.getStackName()).andReturn("S1").anyTimes();
@@ -1769,7 +1858,7 @@ public class ServiceResourceProviderTest {
     expect(componentInfo.isMaster()).andReturn(false).once();
     expect(componentInfo.isMaster()).andReturn(true).once();
     expect(componentInfo.isClient()).andReturn(false).anyTimes();
-    expect(managementController.getHostComponents((Set<ServiceComponentHostRequest>) anyObject())).andReturn(responses).anyTimes();
+    expect(managementController.getHostComponents(EasyMock.<Set<ServiceComponentHostRequest>>anyObject())).andReturn(responses).anyTimes();
     expect(cluster.getDesiredStackVersion()).andReturn(stackId);
 
     expect(stackId.getStackName()).andReturn("S1").anyTimes();
@@ -1810,7 +1899,7 @@ public class ServiceResourceProviderTest {
     expect(managementController.getAmbariMetaInfo()).andReturn(ambariMetaInfo).anyTimes();
     expect(managementController.getClusters()).andReturn(clusters).anyTimes();
     expect(clusters.getCluster("C1")).andReturn(cluster).anyTimes();
-    expect(managementController.getHostComponents((Set<ServiceComponentHostRequest>) anyObject())).andReturn(responses).anyTimes();
+    expect(managementController.getHostComponents(EasyMock.<Set<ServiceComponentHostRequest>>anyObject())).andReturn(responses).anyTimes();
     expect(cluster.getDesiredStackVersion()).andReturn(stackId);
 
     expect(stackId.getStackName()).andReturn("S1").anyTimes();
@@ -1853,7 +1942,7 @@ public class ServiceResourceProviderTest {
     expect(managementController.getAmbariMetaInfo()).andReturn(ambariMetaInfo).anyTimes();
     expect(managementController.getClusters()).andReturn(clusters).anyTimes();
     expect(clusters.getCluster("C1")).andReturn(cluster).anyTimes();
-    expect(managementController.getHostComponents((Set<ServiceComponentHostRequest>) anyObject())).andReturn(responses).anyTimes();
+    expect(managementController.getHostComponents(EasyMock.<Set<ServiceComponentHostRequest>>anyObject())).andReturn(responses).anyTimes();
     expect(cluster.getDesiredStackVersion()).andReturn(stackId);
 
     expect(stackId.getStackName()).andReturn("S1").anyTimes();
@@ -1893,7 +1982,7 @@ public class ServiceResourceProviderTest {
     // set expectations
     expect(managementController.getClusters()).andReturn(clusters).anyTimes();
     expect(clusters.getCluster("C1")).andReturn(cluster).anyTimes();
-    expect(managementController.getHostComponents((Set<ServiceComponentHostRequest>) anyObject())).andReturn(responses).anyTimes();
+    expect(managementController.getHostComponents(EasyMock.<Set<ServiceComponentHostRequest>>anyObject())).andReturn(responses).anyTimes();
     
     replay(managementController, clusters, cluster);
     
@@ -1922,7 +2011,7 @@ public class ServiceResourceProviderTest {
     // set expectations
     expect(managementController.getClusters()).andReturn(clusters).anyTimes();
     expect(clusters.getCluster("C1")).andReturn(cluster).anyTimes();
-    expect(managementController.getHostComponents((Set<ServiceComponentHostRequest>) anyObject())).andReturn(responses).anyTimes();
+    expect(managementController.getHostComponents(EasyMock.<Set<ServiceComponentHostRequest>>anyObject())).andReturn(responses).anyTimes();
     
     replay(managementController, clusters, cluster);
     
@@ -1960,7 +2049,7 @@ public class ServiceResourceProviderTest {
     expect(managementController.getAmbariMetaInfo()).andReturn(ambariMetaInfo).anyTimes();
     expect(managementController.getClusters()).andReturn(clusters).anyTimes();
     expect(clusters.getCluster("C1")).andReturn(cluster).anyTimes();
-    expect(managementController.getHostComponents((Set<ServiceComponentHostRequest>) anyObject())).andReturn(responses).anyTimes();
+    expect(managementController.getHostComponents(EasyMock.<Set<ServiceComponentHostRequest>>anyObject())).andReturn(responses).anyTimes();
     expect(cluster.getDesiredStackVersion()).andReturn(stackId);
 
     expect(stackId.getStackName()).andReturn("S1").anyTimes();
@@ -2016,7 +2105,7 @@ public class ServiceResourceProviderTest {
     expect(managementController.getAmbariMetaInfo()).andReturn(ambariMetaInfo).anyTimes();
     expect(managementController.getClusters()).andReturn(clusters).anyTimes();
     expect(clusters.getCluster("C1")).andReturn(cluster).anyTimes();
-    expect(managementController.getHostComponents((Set<ServiceComponentHostRequest>) anyObject())).andReturn(responses).anyTimes();
+    expect(managementController.getHostComponents(EasyMock.<Set<ServiceComponentHostRequest>>anyObject())).andReturn(responses).anyTimes();
     expect(cluster.getDesiredStackVersion()).andReturn(stackId);
 
     expect(stackId.getStackName()).andReturn("S1").anyTimes();
@@ -2080,7 +2169,7 @@ public class ServiceResourceProviderTest {
     expect(managementController.getAmbariMetaInfo()).andReturn(ambariMetaInfo).anyTimes();
     expect(managementController.getClusters()).andReturn(clusters).anyTimes();
     expect(clusters.getCluster("C1")).andReturn(cluster).anyTimes();
-    expect(managementController.getHostComponents((Set<ServiceComponentHostRequest>) anyObject())).andReturn(responses).anyTimes();
+    expect(managementController.getHostComponents(EasyMock.<Set<ServiceComponentHostRequest>>anyObject())).andReturn(responses).anyTimes();
     expect(cluster.getDesiredStackVersion()).andReturn(stackId).anyTimes();
 
     expect(stackId.getStackName()).andReturn("S1").anyTimes();
@@ -2177,7 +2266,8 @@ public class ServiceResourceProviderTest {
             managementController, maintenanceStateHelper);
   }
 
-  public static void createServices(AmbariManagementController controller, Set<ServiceRequest> requests) throws AmbariException {
+  public static void createServices(AmbariManagementController controller, Set<ServiceRequest> requests)
+      throws AmbariException, AuthorizationException {
     ServiceResourceProvider provider = getServiceProvider(controller);
     provider.createServices(requests);
   }
@@ -2191,8 +2281,8 @@ public class ServiceResourceProviderTest {
   public static RequestStatusResponse updateServices(AmbariManagementController controller,
                                                      Set<ServiceRequest> requests,
                                                      Map<String, String> requestProperties, boolean runSmokeTest,
-                                                     boolean reconfigureClients) throws AmbariException
-  {
+                                                     boolean reconfigureClients)
+      throws AmbariException, AuthorizationException {
     return updateServices(controller, requests, requestProperties, runSmokeTest, reconfigureClients, null);
   }
 
@@ -2204,8 +2294,8 @@ public class ServiceResourceProviderTest {
                                                      Set<ServiceRequest> requests,
                                                      Map<String, String> requestProperties, boolean runSmokeTest,
                                                      boolean reconfigureClients,
-                                                     MaintenanceStateHelper maintenanceStateHelper) throws AmbariException
-  {
+                                                     MaintenanceStateHelper maintenanceStateHelper)
+      throws AmbariException, AuthorizationException {
     ServiceResourceProvider provider;
     if (maintenanceStateHelper != null) {
       provider = getServiceProvider(controller, maintenanceStateHelper);
@@ -2221,7 +2311,7 @@ public class ServiceResourceProviderTest {
 
 
   public static RequestStatusResponse deleteServices(AmbariManagementController controller, Set<ServiceRequest> requests)
-      throws AmbariException {
+      throws AmbariException, AuthorizationException {
     ServiceResourceProvider provider = getServiceProvider(controller);
     return provider.deleteServices(requests);
   }

http://git-wip-us.apache.org/repos/asf/ambari/blob/f08db5c9/ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java b/ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java
index 94f119c..8abe757 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/TestAuthenticationFactory.java
@@ -30,25 +30,52 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
 
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.EnumSet;
 import java.util.Set;
 
 public class TestAuthenticationFactory {
+  public static Authentication createAdministrator() {
+    return createAdministrator("admin");
+  }
+
   public static Authentication createAdministrator(String name) {
     return new TestAuthorization(name, Collections.singleton(createAdministratorGrantedAuthority()));
   }
 
+  public static Authentication createClusterAdministrator() {
+    return createClusterAdministrator("clusterAdmin");
+  }
+
   public static Authentication createClusterAdministrator(String name) {
     return new TestAuthorization(name, Collections.singleton(createClusterAdministratorGrantedAuthority()));
   }
 
+  public static Authentication createServiceAdministrator() {
+    return createServiceAdministrator("serviceAdmin");
+  }
+
   public static Authentication createServiceAdministrator(String name) {
     return new TestAuthorization(name, Collections.singleton(createServiceAdministratorGrantedAuthority()));
   }
 
+  public static Authentication createServiceOperator() {
+    return createServiceOperator("serviceOp");
+  }
+
+  public static Authentication createServiceOperator(String name) {
+    return new TestAuthorization(name, Collections.singleton(createServiceOperatorGrantedAuthority()));
+  }
+
+  public static Authentication createClusterUser() {
+    return createClusterUser("clusterUser");
+  }
+
+  public static Authentication createClusterUser(String name) {
+    return new TestAuthorization(name, Collections.singleton(createClusterUserGrantedAuthority()));
+  }
+
   private static GrantedAuthority createAdministratorGrantedAuthority() {
     return new AmbariGrantedAuthority(createAdministratorPrivilegeEntity());
   }
@@ -61,6 +88,14 @@ public class TestAuthenticationFactory {
     return new AmbariGrantedAuthority(createServiceAdministratorPrivilegeEntity());
   }
 
+  private static GrantedAuthority createServiceOperatorGrantedAuthority() {
+    return new AmbariGrantedAuthority(createServiceOperatorPrivilegeEntity());
+  }
+
+  private static GrantedAuthority createClusterUserGrantedAuthority() {
+    return new AmbariGrantedAuthority(createClusterUserPrivilegeEntity());
+  }
+
   private static PrivilegeEntity createAdministratorPrivilegeEntity() {
     PrivilegeEntity privilegeEntity = new PrivilegeEntity();
     privilegeEntity.setResource(createAmbariResourceEntity());
@@ -82,6 +117,20 @@ public class TestAuthenticationFactory {
     return privilegeEntity;
   }
 
+  private static PrivilegeEntity createServiceOperatorPrivilegeEntity() {
+    PrivilegeEntity privilegeEntity = new PrivilegeEntity();
+    privilegeEntity.setResource(createClusterResourceEntity());
+    privilegeEntity.setPermission(createServiceOperatorPermission());
+    return privilegeEntity;
+  }
+
+  private static PrivilegeEntity createClusterUserPrivilegeEntity() {
+    PrivilegeEntity privilegeEntity = new PrivilegeEntity();
+    privilegeEntity.setResource(createClusterResourceEntity());
+    privilegeEntity.setPermission(createClusterUserPermission());
+    return privilegeEntity;
+  }
+
   private static PermissionEntity createAdministratorPermission() {
     PermissionEntity permissionEntity = new PermissionEntity();
     permissionEntity.setResourceType(createResourceTypeEntity(ResourceType.AMBARI));
@@ -93,6 +142,8 @@ public class TestAuthenticationFactory {
     PermissionEntity permissionEntity = new PermissionEntity();
     permissionEntity.setResourceType(createResourceTypeEntity(ResourceType.CLUSTER));
     permissionEntity.setAuthorizations(createAuthorizations(EnumSet.of(
+        RoleAuthorization.CLUSTER_MANAGE_CREDENTIALS,
+        RoleAuthorization.CLUSTER_MODIFY_CONFIGS,
         RoleAuthorization.CLUSTER_TOGGLE_ALERTS,
         RoleAuthorization.CLUSTER_TOGGLE_KERBEROS,
         RoleAuthorization.CLUSTER_UPGRADE_DOWNGRADE_STACK,
@@ -156,6 +207,50 @@ public class TestAuthenticationFactory {
     return permissionEntity;
   }
 
+  private static PermissionEntity createServiceOperatorPermission() {
+    PermissionEntity permissionEntity = new PermissionEntity();
+    permissionEntity.setResourceType(createResourceTypeEntity(ResourceType.CLUSTER));
+    permissionEntity.setAuthorizations(createAuthorizations(EnumSet.of(
+        RoleAuthorization.SERVICE_VIEW_CONFIGS,
+        RoleAuthorization.SERVICE_VIEW_METRICS,
+        RoleAuthorization.SERVICE_VIEW_STATUS_INFO,
+        RoleAuthorization.SERVICE_COMPARE_CONFIGS,
+        RoleAuthorization.SERVICE_VIEW_ALERTS,
+        RoleAuthorization.SERVICE_START_STOP,
+        RoleAuthorization.SERVICE_DECOMMISSION_RECOMMISSION,
+        RoleAuthorization.SERVICE_RUN_CUSTOM_COMMAND,
+        RoleAuthorization.SERVICE_RUN_SERVICE_CHECK,
+        RoleAuthorization.HOST_VIEW_CONFIGS,
+        RoleAuthorization.HOST_VIEW_METRICS,
+        RoleAuthorization.HOST_VIEW_STATUS_INFO,
+        RoleAuthorization.CLUSTER_VIEW_ALERTS,
+        RoleAuthorization.CLUSTER_VIEW_CONFIGS,
+        RoleAuthorization.CLUSTER_VIEW_STACK_DETAILS,
+        RoleAuthorization.CLUSTER_VIEW_STATUS_INFO
+    )));
+    return permissionEntity;
+  }
+
+  private static PermissionEntity createClusterUserPermission() {
+    PermissionEntity permissionEntity = new PermissionEntity();
+    permissionEntity.setResourceType(createResourceTypeEntity(ResourceType.CLUSTER));
+    permissionEntity.setAuthorizations(createAuthorizations(EnumSet.of(
+        RoleAuthorization.SERVICE_VIEW_CONFIGS,
+        RoleAuthorization.SERVICE_VIEW_METRICS,
+        RoleAuthorization.SERVICE_VIEW_STATUS_INFO,
+        RoleAuthorization.SERVICE_COMPARE_CONFIGS,
+        RoleAuthorization.SERVICE_VIEW_ALERTS,
+        RoleAuthorization.HOST_VIEW_CONFIGS,
+        RoleAuthorization.HOST_VIEW_METRICS,
+        RoleAuthorization.HOST_VIEW_STATUS_INFO,
+        RoleAuthorization.CLUSTER_VIEW_ALERTS,
+        RoleAuthorization.CLUSTER_VIEW_CONFIGS,
+        RoleAuthorization.CLUSTER_VIEW_STACK_DETAILS,
+        RoleAuthorization.CLUSTER_VIEW_STATUS_INFO
+    )));
+    return permissionEntity;
+  }
+
   private static ResourceEntity createAmbariResourceEntity() {
     ResourceEntity resourceEntity = new ResourceEntity();
     resourceEntity.setId(null);

http://git-wip-us.apache.org/repos/asf/ambari/blob/f08db5c9/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java
index bd1d12b..62f719d 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java
@@ -131,15 +131,19 @@ public class AuthorizationHelperTest {
     administratorRoleAuthorizationEntity.setAuthorizationId(RoleAuthorization.AMBARI_MANAGE_USERS.getId());
 
     ResourceTypeEntity clusterResourceTypeEntity = new ResourceTypeEntity();
-    clusterResourceTypeEntity.setId(ResourceType.CLUSTER.getId());
+    clusterResourceTypeEntity.setId(1);
     clusterResourceTypeEntity.setName(ResourceType.CLUSTER.name());
 
+    ResourceTypeEntity cluster2ResourceTypeEntity = new ResourceTypeEntity();
+    cluster2ResourceTypeEntity.setId(2);
+    cluster2ResourceTypeEntity.setName(ResourceType.CLUSTER.name());
+
     ResourceEntity clusterResourceEntity = new ResourceEntity();
     clusterResourceEntity.setResourceType(clusterResourceTypeEntity);
     clusterResourceEntity.setId(1L);
 
     ResourceEntity cluster2ResourceEntity = new ResourceEntity();
-    cluster2ResourceEntity.setResourceType(clusterResourceTypeEntity);
+    cluster2ResourceEntity.setResourceType(cluster2ResourceTypeEntity);
     cluster2ResourceEntity.setId(2L);
 
     PermissionEntity readOnlyPermissionEntity = new PermissionEntity();