ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rle...@apache.org
Subject ambari git commit: AMBARI-16246. Allow roles to be treated like principals in Ambari DB (rlevas)
Date Tue, 10 May 2016 03:39:19 GMT
Repository: ambari
Updated Branches:
  refs/heads/trunk 2865b1b4a -> 6ea2cc1df


AMBARI-16246. Allow roles to be treated like principals in Ambari DB (rlevas)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/6ea2cc1d
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/6ea2cc1d
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/6ea2cc1d

Branch: refs/heads/trunk
Commit: 6ea2cc1dffb9b45a4e7f43a4eb97dd8ae14b70da
Parents: 2865b1b
Author: Robert Levas <rlevas@hortonworks.com>
Authored: Mon May 9 23:39:03 2016 -0400
Committer: Robert Levas <rlevas@hortonworks.com>
Committed: Mon May 9 23:39:10 2016 -0400

----------------------------------------------------------------------
 .../ambari/server/orm/dao/PermissionDAO.java    |  10 +
 .../server/orm/entities/PermissionEntity.java   |  30 ++-
 .../server/orm/entities/PrincipalEntity.java    |   2 +-
 .../orm/entities/PrincipalTypeEntity.java       |   2 +-
 .../server/upgrade/AbstractUpgradeCatalog.java  |  36 ---
 .../server/upgrade/UpgradeCatalog240.java       |  85 +++++--
 .../main/resources/Ambari-DDL-Derby-CREATE.sql  |  42 +++-
 .../main/resources/Ambari-DDL-MySQL-CREATE.sql  | 208 ++++++++-------
 .../main/resources/Ambari-DDL-Oracle-CREATE.sql |  42 +++-
 .../resources/Ambari-DDL-Postgres-CREATE.sql    | 251 +++++++------------
 .../Ambari-DDL-Postgres-EMBEDDED-CREATE.sql     | 248 +++++++-----------
 .../resources/Ambari-DDL-SQLAnywhere-CREATE.sql |  42 +++-
 .../resources/Ambari-DDL-SQLServer-CREATE.sql   |  34 ++-
 .../security/authorization/TestUsers.java       |  11 +
 .../server/upgrade/UpgradeCatalog240Test.java   |  87 ++-----
 15 files changed, 547 insertions(+), 583 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/6ea2cc1d/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PermissionDAO.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PermissionDAO.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PermissionDAO.java
index 5d1a04a..88d9775 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PermissionDAO.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PermissionDAO.java
@@ -58,6 +58,16 @@ public class PermissionDAO {
   }
 
   /**
+   * Create or updates a permission.
+   *
+   * @param permissionEntity  entity to create or update
+   */
+  @Transactional
+  public PermissionEntity merge(PermissionEntity permissionEntity) {
+    return entityManagerProvider.get().merge(permissionEntity);
+  }
+
+  /**
    * Find a permission entity with the given id.
    *
    * @param id  type id

http://git-wip-us.apache.org/repos/asf/ambari/blob/6ea2cc1d/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PermissionEntity.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PermissionEntity.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PermissionEntity.java
index 43fd71b..f091bab 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PermissionEntity.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PermissionEntity.java
@@ -29,6 +29,7 @@ import javax.persistence.JoinColumns;
 import javax.persistence.JoinTable;
 import javax.persistence.ManyToMany;
 import javax.persistence.ManyToOne;
+import javax.persistence.OneToOne;
 import javax.persistence.Table;
 import javax.persistence.TableGenerator;
 import java.util.Collection;
@@ -41,7 +42,7 @@ import java.util.Collection;
 @TableGenerator(name = "permission_id_generator",
     table = "ambari_sequences", pkColumnName = "sequence_name", valueColumnName = "sequence_value"
     , pkColumnValue = "permission_id_seq"
-    , initialValue = 8
+    , initialValue = 100
 )
 public class PermissionEntity {
 
@@ -85,6 +86,15 @@ public class PermissionEntity {
   @Column(name = "permission_label")
   private String permissionLabel;
 
+  /**
+   * The permission's (admin)principal reference
+   */
+  @OneToOne
+  @JoinColumns({
+      @JoinColumn(name = "principal_id", referencedColumnName = "principal_id", nullable = false),
+  })
+  private PrincipalEntity principal;
+
   @ManyToOne
   @JoinColumns({
       @JoinColumn(name = "resource_type_id", referencedColumnName = "resource_type_id", nullable = false),
@@ -168,6 +178,24 @@ public class PermissionEntity {
   }
 
   /**
+   * Get the principal entity.
+   *
+   * @return the principal entity
+   */
+  public PrincipalEntity getPrincipal() {
+    return principal;
+  }
+
+  /**
+   * Set the principal entity.
+   *
+   * @param principal  the principal entity
+   */
+  public void setPrincipal(PrincipalEntity principal) {
+    this.principal = principal;
+  }
+
+  /**
    * Get the resource type entity.
    *
    * @return  the resource type entity

http://git-wip-us.apache.org/repos/asf/ambari/blob/6ea2cc1d/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalEntity.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalEntity.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalEntity.java
index 25d8d14..fc92a5f 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalEntity.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalEntity.java
@@ -43,7 +43,7 @@ import javax.persistence.TableGenerator;
 @TableGenerator(name = "principal_id_generator",
     table = "ambari_sequences", pkColumnName = "sequence_name", valueColumnName = "sequence_value"
     , pkColumnValue = "principal_id_seq"
-    , initialValue = 2
+    , initialValue = 100
     , allocationSize = 500
 )
 @NamedQueries({

http://git-wip-us.apache.org/repos/asf/ambari/blob/6ea2cc1d/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalTypeEntity.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalTypeEntity.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalTypeEntity.java
index b94f1ff..716d4f7 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalTypeEntity.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalTypeEntity.java
@@ -28,7 +28,7 @@ import javax.persistence.*;
 @TableGenerator(name = "principal_type_id_generator",
     table = "ambari_sequences", pkColumnName = "sequence_name", valueColumnName = "sequence_value"
     , pkColumnValue = "principal_type_id_seq"
-    , initialValue = 3
+    , initialValue = 100
 )
 public class PrincipalTypeEntity {
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/6ea2cc1d/ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java
index 17f9fe1..2e857ed 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java
@@ -155,42 +155,6 @@ public abstract class AbstractUpgradeCatalog implements UpgradeCatalog {
   }
 
   /**
-   * Get a sequence value and increment it in <code>ambariSequencesTable</code>.
-   * @param seqName name of sequence to be fetched and incremented
-   * @throws SQLException, IllegalArgumentException
-   */
-  @Transactional
-  public int getAndIncrementSequence(String seqName) throws SQLException{
-    Statement statement = null;
-    ResultSet rs = null;
-    int value = -1;
-    try {
-      statement = dbAccessor.getConnection().createStatement();
-      if (statement != null) {
-        rs = statement.executeQuery(String.format("SELECT sequence_value from %s where sequence_name='%s'", ambariSequencesTable, seqName));
-
-        if((rs != null) && rs.next()) {
-          value = rs.getInt(1);
-          dbAccessor.executeUpdate(String.format("UPDATE %s SET sequence_value = sequence_value + 1 where sequence_name='%s'", ambariSequencesTable, seqName));
-        } else {
-          LOG.error("Sequence {} not found.", seqName);
-          throw new IllegalArgumentException("Sequence " + seqName + " not found.");
-        }
-
-      }
-    } finally {
-      if (rs != null) {
-        rs.close();
-      }
-      if (statement != null) {
-        statement.close();
-      }
-    }
-
-    return value;
-  }
-
-  /**
    * Add several new sequences to <code>ambariSequencesTable</code>.
    * @param seqNames list of sequences to be inserted
    * @param seqDefaultValue initial value for the sequence

http://git-wip-us.apache.org/repos/asf/ambari/blob/6ea2cc1d/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
index f85a4c7..1404144 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
@@ -41,6 +41,8 @@ import org.apache.ambari.server.orm.dao.AlertDefinitionDAO;
 import org.apache.ambari.server.orm.dao.ClusterDAO;
 import org.apache.ambari.server.orm.dao.PermissionDAO;
 import org.apache.ambari.server.orm.dao.PrivilegeDAO;
+import org.apache.ambari.server.orm.dao.PrincipalDAO;
+import org.apache.ambari.server.orm.dao.PrincipalTypeDAO;
 import org.apache.ambari.server.orm.dao.ResourceTypeDAO;
 import org.apache.ambari.server.orm.dao.RoleAuthorizationDAO;
 import org.apache.ambari.server.orm.dao.UserDAO;
@@ -48,6 +50,7 @@ import org.apache.ambari.server.orm.entities.AlertDefinitionEntity;
 import org.apache.ambari.server.orm.entities.ClusterEntity;
 import org.apache.ambari.server.orm.entities.PermissionEntity;
 import org.apache.ambari.server.orm.entities.PrincipalEntity;
+import org.apache.ambari.server.orm.entities.PrincipalTypeEntity;
 import org.apache.ambari.server.orm.entities.PrivilegeEntity;
 import org.apache.ambari.server.orm.entities.ResourceEntity;
 import org.apache.ambari.server.orm.entities.ResourceTypeEntity;
@@ -82,6 +85,7 @@ import com.google.inject.persist.Transactional;
 public class UpgradeCatalog240 extends AbstractUpgradeCatalog {
 
   protected static final String ADMIN_PERMISSION_TABLE = "adminpermission";
+  protected static final String PRINCIPAL_ID_COL = "principal_id";
   protected static final String ALERT_DEFINITION_TABLE = "alert_definition";
   protected static final String ALERT_CURRENT_TABLE = "alert_current";
   protected static final String ALERT_CURRENT_OCCURRENCES_COLUMN = "occurrences";
@@ -151,6 +155,12 @@ public class UpgradeCatalog240 extends AbstractUpgradeCatalog {
   @Inject
   ClusterDAO clusterDAO;
 
+  @Inject
+  PrincipalTypeDAO principalTypeDAO;
+
+  @Inject
+  PrincipalDAO principalDAO;
+
   /**
    * Logger.
    */
@@ -263,30 +273,25 @@ public class UpgradeCatalog240 extends AbstractUpgradeCatalog {
     removeStandardDeviationAlerts();
     updateClusterInheritedPermissionsConfig();
     consolidateUserRoles();
+    createRolePrincipals();
   }
 
   protected void updateClusterInheritedPermissionsConfig() throws SQLException {
-    dbAccessor.insertRow(PRINCIPAL_TYPE_TABLE, new String[]{"principal_type_id", "principal_type_name"}, new String[]{"3", "'ALL.CLUSTER.ADMINISTRATOR'"}, true);
-    dbAccessor.insertRow(PRINCIPAL_TYPE_TABLE, new String[]{"principal_type_id", "principal_type_name"}, new String[]{"4", "'ALL.CLUSTER.OPERATOR'"}, true);
-    dbAccessor.insertRow(PRINCIPAL_TYPE_TABLE, new String[]{"principal_type_id", "principal_type_name"}, new String[]{"5", "'ALL.CLUSTER.USER'"}, true);
-    dbAccessor.insertRow(PRINCIPAL_TYPE_TABLE, new String[]{"principal_type_id", "principal_type_name"}, new String[]{"6", "'ALL.SERVICE.ADMINISTRATOR'"}, true);
-    dbAccessor.insertRow(PRINCIPAL_TYPE_TABLE, new String[]{"principal_type_id", "principal_type_name"}, new String[]{"7", "'ALL.SERVICE.OPERATOR'"}, true);
-    getAndIncrementSequence("principal_type_id_seq");
-    getAndIncrementSequence("principal_type_id_seq");
-    getAndIncrementSequence("principal_type_id_seq");
-    getAndIncrementSequence("principal_type_id_seq");
-    getAndIncrementSequence("principal_type_id_seq");
-
-    int nextPrincipalSeqId = getAndIncrementSequence("principal_id_seq");
-    dbAccessor.insertRow(PRINCIPAL_TABLE, new String[]{"principal_id", "principal_type_id"}, new String[]{Integer.toString(nextPrincipalSeqId), "3"}, true);
-    nextPrincipalSeqId = getAndIncrementSequence("principal_id_seq");
-    dbAccessor.insertRow(PRINCIPAL_TABLE, new String[]{"principal_id", "principal_type_id"}, new String[]{Integer.toString(nextPrincipalSeqId), "4"}, true);
-    nextPrincipalSeqId = getAndIncrementSequence("principal_id_seq");
-    dbAccessor.insertRow(PRINCIPAL_TABLE, new String[]{"principal_id", "principal_type_id"}, new String[]{Integer.toString(nextPrincipalSeqId), "5"}, true);
-    nextPrincipalSeqId = getAndIncrementSequence("principal_id_seq");
-    dbAccessor.insertRow(PRINCIPAL_TABLE, new String[]{"principal_id", "principal_type_id"}, new String[]{Integer.toString(nextPrincipalSeqId), "6"}, true);
-    nextPrincipalSeqId = getAndIncrementSequence("principal_id_seq");
-    dbAccessor.insertRow(PRINCIPAL_TABLE, new String[]{"principal_id", "principal_type_id"}, new String[]{Integer.toString(nextPrincipalSeqId), "7"}, true);
+    insertClusterInheritedPrincipal("ALL.CLUSTER.ADMINISTRATOR");
+    insertClusterInheritedPrincipal("ALL.CLUSTER.OPERATOR");
+    insertClusterInheritedPrincipal("ALL.CLUSTER.USER");
+    insertClusterInheritedPrincipal("ALL.SERVICE.ADMINISTRATOR");
+    insertClusterInheritedPrincipal("ALL.SERVICE.OPERATIOR");
+  }
+
+  private void insertClusterInheritedPrincipal(String name) {
+    PrincipalTypeEntity principalTypeEntity = new PrincipalTypeEntity();
+    principalTypeEntity.setName("ALL.CLUSTER.ADMINISTRATOR");
+    principalTypeEntity = principalTypeDAO.merge(principalTypeEntity);
+
+    PrincipalEntity principalEntity = new PrincipalEntity();
+    principalEntity.setPrincipalType(principalTypeEntity);
+    principalDAO.create(principalEntity);
   }
 
   private void createSettingTable() throws SQLException {
@@ -1060,6 +1065,12 @@ public class UpgradeCatalog240 extends AbstractUpgradeCatalog {
     // Add the sort_order column to the adminpermission table
     dbAccessor.addColumn(ADMIN_PERMISSION_TABLE,
         new DBColumnInfo(SORT_ORDER_COL, Short.class, null, 1, false));
+
+    // Add the principal_id column to the adminpermission table
+    //   Note: This is set to nullable here, but will be altered once the column has been set
+    //         properly during the DML update phase.
+    dbAccessor.addColumn(ADMIN_PERMISSION_TABLE,
+        new DBColumnInfo(PRINCIPAL_ID_COL, Long.class, null, null, true));
   }
 
   /**
@@ -1121,6 +1132,38 @@ public class UpgradeCatalog240 extends AbstractUpgradeCatalog {
   }
 
   /**
+   * Create and update records to create the role-based principals.
+   * <p>
+   * This includes creating the new "ROLE" principal type, a principal for each role, and finally
+   * updating the princial_id column for the role.
+   */
+  void createRolePrincipals() throws SQLException {
+    // Create Role Principal Type
+    PrincipalTypeEntity rolePrincipalType = new PrincipalTypeEntity();
+    rolePrincipalType.setName("ROLE");
+
+    // creates the new record and returns an entity with the id set.
+    rolePrincipalType = principalTypeDAO.merge(rolePrincipalType);
+
+    // Get the roles (adminpermissions) and create a principal for each.... set the role's principal_id
+    // value as we go...
+    List<PermissionEntity> roleEntities = permissionDAO.findAll();
+
+    for (PermissionEntity roleEntity : roleEntities) {
+      PrincipalEntity principalEntity = new PrincipalEntity();
+      principalEntity.setPrincipalType(rolePrincipalType);
+
+      roleEntity.setPrincipal(principalDAO.merge(principalEntity));
+
+      permissionDAO.merge(roleEntity);
+    }
+
+    // Fix the adminpermission.principal_id column to be non-nullable:
+    dbAccessor.alterColumn(ADMIN_PERMISSION_TABLE,
+        new DBColumnInfo(PRINCIPAL_ID_COL, Long.class, null, null, false));
+  }
+
+  /**
    * Makes the following changes to the {@value #REPO_VERSION_TABLE} table:
    * <ul>
    * <li>repo_type VARCHAR(255) DEFAULT 'STANDARD' NOT NULL</li>

http://git-wip-us.apache.org/repos/asf/ambari/blob/6ea2cc1d/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql
index f5336bc..04f5cc4 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql
@@ -633,9 +633,11 @@ CREATE TABLE adminpermission (
   permission_name VARCHAR(255) NOT NULL,
   resource_type_id INTEGER NOT NULL,
   permission_label VARCHAR(255),
+  principal_id BIGINT NOT NULL,
   sort_order SMALLINT NOT NULL DEFAULT 1,
   CONSTRAINT PK_adminpermission PRIMARY KEY (permission_id),
   CONSTRAINT FK_permission_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id),
+  CONSTRAINT FK_permission_principal_id FOREIGN KEY (principal_id) REFERENCES adminprincipal(principal_id),
   CONSTRAINT UQ_perm_name_resource_type_id UNIQUE (permission_name, resource_type_id));
 
 CREATE TABLE roleauthorization (
@@ -1027,9 +1029,9 @@ INSERT INTO ambari_sequences (sequence_name, sequence_value)
   union all
   select 'principal_type_id_seq', 8 FROM SYSIBM.SYSDUMMY1
   union all
-  select 'principal_id_seq', 7 FROM SYSIBM.SYSDUMMY1
+  select 'principal_id_seq', 13 FROM SYSIBM.SYSDUMMY1
   union all
-  select 'permission_id_seq', 5 FROM SYSIBM.SYSDUMMY1
+  select 'permission_id_seq', 7 FROM SYSIBM.SYSDUMMY1
   union all
   select 'privilege_id_seq', 1 FROM SYSIBM.SYSDUMMY1
   union all
@@ -1117,7 +1119,9 @@ INSERT INTO adminprincipaltype (principal_type_id, principal_type_name)
   UNION ALL
   SELECT 6, 'ALL.SERVICE.ADMINISTRATOR' FROM SYSIBM.SYSDUMMY1
   UNION ALL
-  SELECT 7, 'ALL.SERVICE.OPERRATOR' FROM SYSIBM.SYSDUMMY1;
+  SELECT 7, 'ALL.SERVICE.OPERRATOR' FROM SYSIBM.SYSDUMMY1
+  UNION ALL
+  SELECT 8, 'ROLE' FROM SYSIBM.SYSDUMMY1;
 
 INSERT INTO adminprincipal (principal_id, principal_type_id)
   SELECT 1, 1 FROM SYSIBM.SYSDUMMY1
@@ -1130,25 +1134,39 @@ INSERT INTO adminprincipal (principal_id, principal_type_id)
   UNION ALL
   SELECT 5, 6 FROM SYSIBM.SYSDUMMY1
   UNION ALL
-  SELECT 6, 7 FROM SYSIBM.SYSDUMMY1;
+  SELECT 6, 7 FROM SYSIBM.SYSDUMMY1
+  UNION ALL
+  SELECT 7, 8 FROM SYSIBM.SYSDUMMY1
+  UNION ALL
+  SELECT 8, 8 FROM SYSIBM.SYSDUMMY1
+  UNION ALL
+  SELECT 9, 8 FROM SYSIBM.SYSDUMMY1
+  UNION ALL
+  SELECT 10, 8 FROM SYSIBM.SYSDUMMY1
+  UNION ALL
+  SELECT 11, 8 FROM SYSIBM.SYSDUMMY1
+  UNION ALL
+  SELECT 12, 8 FROM SYSIBM.SYSDUMMY1
+  UNION ALL
+  SELECT 13, 8 FROM SYSIBM.SYSDUMMY1;
 
 INSERT INTO Users (user_id, principal_id, user_name, user_password)
   SELECT 1, 1, 'admin', '538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00' FROM SYSIBM.SYSDUMMY1;
 
-insert into adminpermission(permission_id, permission_name, resource_type_id, permission_label, sort_order)
-  SELECT 1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator', 1 FROM SYSIBM.SYSDUMMY1
+insert into adminpermission(permission_id, permission_name, resource_type_id, permission_label, principal_id, sort_order)
+  SELECT 1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator', 7, 1 FROM SYSIBM.SYSDUMMY1
   UNION ALL
-  SELECT 2, 'CLUSTER.USER', 2, 'Cluster User', 6 FROM SYSIBM.SYSDUMMY1
+  SELECT 2, 'CLUSTER.USER', 2, 'Cluster User', 8, 6 FROM SYSIBM.SYSDUMMY1
   UNION ALL
-  SELECT 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator', 2 FROM SYSIBM.SYSDUMMY1
+  SELECT 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator', 9, 2 FROM SYSIBM.SYSDUMMY1
   UNION ALL
-  SELECT 4, 'VIEW.USER', 3, 'View User', 7 FROM SYSIBM.SYSDUMMY1
+  SELECT 4, 'VIEW.USER', 3, 'View User', 10, 7 FROM SYSIBM.SYSDUMMY1
   UNION ALL
-  SELECT 5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator', 3 FROM SYSIBM.SYSDUMMY1
+  SELECT 5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator', 11, 3 FROM SYSIBM.SYSDUMMY1
   UNION ALL
-  SELECT 6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator', 4 FROM SYSIBM.SYSDUMMY1
+  SELECT 6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator', 12, 4 FROM SYSIBM.SYSDUMMY1
   UNION ALL
-  SELECT 7, 'SERVICE.OPERATOR', 2, 'Service Operator', 5 FROM SYSIBM.SYSDUMMY1;
+  SELECT 7, 'SERVICE.OPERATOR', 2, 'Service Operator', 13, 5 FROM SYSIBM.SYSDUMMY1;
 
 INSERT INTO roleauthorization(authorization_id, authorization_name)
   SELECT 'VIEW.USE', 'Use View' FROM SYSIBM.SYSDUMMY1 UNION ALL

http://git-wip-us.apache.org/repos/asf/ambari/blob/6ea2cc1d/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql
index fca3be3..006fa67 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql
@@ -640,9 +640,11 @@ CREATE TABLE adminpermission (
   permission_name VARCHAR(255) NOT NULL,
   resource_type_id INTEGER NOT NULL,
   permission_label VARCHAR(255),
+  principal_id BIGINT NOT NULL,
   sort_order SMALLINT NOT NULL DEFAULT 1,
   CONSTRAINT PK_adminpermission PRIMARY KEY (permission_id),
   CONSTRAINT FK_permission_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id),
+  CONSTRAINT FK_permission_principal_id FOREIGN KEY (principal_id) REFERENCES adminprincipal(principal_id),
   CONSTRAINT UQ_perm_name_resource_type_id UNIQUE (permission_name, resource_type_id));
 
 CREATE TABLE roleauthorization (
@@ -1002,110 +1004,100 @@ CREATE INDEX idx_alert_group_name on alert_group(group_name);
 CREATE INDEX idx_alert_notice_state on alert_notice(notify_state);
 
 -- In order for the first ID to be 1, must initialize the ambari_sequences table with a sequence_value of 0.
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('cluster_id_seq', 1);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('host_id_seq', 0);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('host_role_command_id_seq', 1);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('user_id_seq', 2);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('group_id_seq', 1);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('member_id_seq', 1);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('configgroup_id_seq', 1);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('requestschedule_id_seq', 1);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('resourcefilter_id_seq', 1);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('viewentity_id_seq', 0);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('operation_level_id_seq', 1);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('view_instance_id_seq', 1);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('resource_type_id_seq', 4);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('resource_id_seq', 2);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('principal_type_id_seq', 8);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('principal_id_seq', 7);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('permission_id_seq', 5);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('privilege_id_seq', 1);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('config_id_seq', 1);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('cluster_version_id_seq', 0);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('host_version_id_seq', 0);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('service_config_id_seq', 1);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('alert_definition_id_seq', 0);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('alert_group_id_seq', 0);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('alert_target_id_seq', 0);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('alert_history_id_seq', 0);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('alert_notice_id_seq', 0);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('alert_current_id_seq', 0);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('repo_version_id_seq', 0);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('upgrade_id_seq', 0);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('upgrade_group_id_seq', 0);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('upgrade_item_id_seq', 0);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('stack_id_seq', 0);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('widget_id_seq', 0);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('widget_layout_id_seq', 0);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('topology_host_info_id_seq', 0);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('topology_host_request_id_seq', 0);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('topology_host_task_id_seq', 0);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('topology_logical_request_id_seq', 0);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('topology_logical_task_id_seq', 0);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('topology_request_id_seq', 0);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('topology_host_group_id_seq', 0);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('setting_id_seq', 0);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('hostcomponentstate_id_seq', 0);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('servicecomponentdesiredstate_id_seq', 0);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('servicecomponent_history_id_seq', 0);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('blueprint_setting_id_seq', 0);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('ambari_operation_history_id_seq', 0);
-
-insert into adminresourcetype (resource_type_id, resource_type_name)
-  select 1, 'AMBARI'
-  union all
-  select 2, 'CLUSTER'
-  union all
-  select 3, 'VIEW';
-
-insert into adminresource (resource_id, resource_type_id)
-  select 1, 1;
-
-insert into adminprincipaltype (principal_type_id, principal_type_name)
-  select 1, 'USER'
-  union all
-  select 2, 'GROUP'
-  union all
-  select 3, 'ALL.CLUSTER.ADMINISTRATOR'
-  union all
-  select 4, 'ALL.CLUSTER.OPERATOR'
-  union all
-  select 5, 'ALL.CLUSTER.USER'
-  union all
-  select 6, 'ALL.SERVICE.ADMINISTRATOR'
-  union all
-  select 7, 'ALL.SERVICE.OPERATOR';
-
-insert into adminprincipal (principal_id, principal_type_id)
-  select 1, 1
-  union all
-  select 2, 3
-  union all
-  select 3, 4
-  union all
-  select 4, 5
-  union all
-  select 5, 6
-  union all
-  select 6, 7;
-
-insert into users(user_id, principal_id, user_name, user_password)
-  select 1, 1, 'admin','538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00';
-
-insert into adminpermission(permission_id, permission_name, resource_type_id, permission_label, sort_order)
-  select 1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator', 1
-  union all
-  select 2, 'CLUSTER.USER', 2, 'Cluster User', 6
-  union all
-  select 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator', 2
-  union all
-  select 4, 'VIEW.USER', 3, 'View User', 7
-  union all
-select 5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator', 3
-  union all
-  select 6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator', 4
-  union all
-  select 7, 'SERVICE.OPERATOR', 2, 'Service Operator', 5;
+INSERT INTO ambari_sequences(sequence_name, sequence_value) VALUES 
+  ('cluster_id_seq', 1),
+  ('host_id_seq', 0),
+  ('host_role_command_id_seq', 1),
+  ('user_id_seq', 2),
+  ('group_id_seq', 1),
+  ('member_id_seq', 1),
+  ('configgroup_id_seq', 1),
+  ('requestschedule_id_seq', 1),
+  ('resourcefilter_id_seq', 1),
+  ('viewentity_id_seq', 0),
+  ('operation_level_id_seq', 1),
+  ('view_instance_id_seq', 1),
+  ('resource_type_id_seq', 4),
+  ('resource_id_seq', 2),
+  ('principal_type_id_seq', 8),
+  ('principal_id_seq', 13),
+  ('permission_id_seq', 7),
+  ('privilege_id_seq', 1),
+  ('config_id_seq', 1),
+  ('cluster_version_id_seq', 0),
+  ('host_version_id_seq', 0),
+  ('service_config_id_seq', 1),
+  ('alert_definition_id_seq', 0),
+  ('alert_group_id_seq', 0),
+  ('alert_target_id_seq', 0),
+  ('alert_history_id_seq', 0),
+  ('alert_notice_id_seq', 0),
+  ('alert_current_id_seq', 0),
+  ('repo_version_id_seq', 0),
+  ('upgrade_id_seq', 0),
+  ('upgrade_group_id_seq', 0),
+  ('upgrade_item_id_seq', 0),
+  ('stack_id_seq', 0),
+  ('widget_id_seq', 0),
+  ('widget_layout_id_seq', 0),
+  ('topology_host_info_id_seq', 0),
+  ('topology_host_request_id_seq', 0),
+  ('topology_host_task_id_seq', 0),
+  ('topology_logical_request_id_seq', 0),
+  ('topology_logical_task_id_seq', 0),
+  ('topology_request_id_seq', 0),
+  ('topology_host_group_id_seq', 0),
+  ('setting_id_seq', 0),
+  ('hostcomponentstate_id_seq', 0),
+  ('servicecomponentdesiredstate_id_seq', 0),
+  ('servicecomponent_history_id_seq', 0),
+  ('blueprint_setting_id_seq', 0),
+  ('ambari_operation_history_id_seq', 0);
+
+INSERT INTO adminresourcetype (resource_type_id, resource_type_name) VALUES
+  (1, 'AMBARI'),
+  (2, 'CLUSTER'),
+  (3, 'VIEW');
+
+INSERT INTO adminresource (resource_id, resource_type_id) VALUES
+  (1, 1);
+
+INSERT INTO adminprincipaltype (principal_type_id, principal_type_name) VALUES
+  (1, 'USER'),
+  (2, 'GROUP'),
+  (3, 'ALL.CLUSTER.ADMINISTRATOR'),
+  (4, 'ALL.CLUSTER.OPERATOR'),
+  (5, 'ALL.CLUSTER.USER'),
+  (6, 'ALL.SERVICE.ADMINISTRATOR'),
+  (7, 'ALL.SERVICE.OPERATOR'),
+  (8, 'ROLE');
+
+INSERT INTO adminprincipal (principal_id, principal_type_id) VALUES
+  (1, 1),
+  (2, 3),
+  (3, 4),
+  (4, 5),
+  (5, 6),
+  (6, 7),
+  (7, 8),
+  (8, 8),
+  (9, 8),
+  (10, 8),
+  (11, 8),
+  (12, 8),
+  (13, 8);
+
+INSERT INTO users(user_id, principal_id, user_name, user_password)
+  SELECT 1, 1, 'admin','538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00';
+
+INSERT INTO adminpermission(permission_id, permission_name, resource_type_id, permission_label, principal_id, sort_order)
+  SELECT 1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator', 7, 1 UNION ALL
+  SELECT 2, 'CLUSTER.USER', 2, 'Cluster User', 8, 6 UNION ALL
+  SELECT 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator', 9, 2 UNION ALL
+  SELECT 4, 'VIEW.USER', 3, 'View User', 10, 7 UNION ALL
+  SELECT 5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator', 11, 3 UNION ALL
+  SELECT 6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator', 12, 4 UNION ALL
+  SELECT 7, 'SERVICE.OPERATOR', 2, 'Service Operator', 13, 5;
 
 INSERT INTO roleauthorization(authorization_id, authorization_name)
   SELECT 'VIEW.USE', 'Use View' UNION ALL
@@ -1349,11 +1341,11 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id)
   SELECT permission_id, 'AMBARI.MANAGE_STACK_VERSIONS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'AMBARI.EDIT_STACK_REPOS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR';
 
-insert into adminprivilege (privilege_id, permission_id, resource_id, principal_id)
-  select 1, 1, 1, 1;
+INSERT INTO adminprivilege (privilege_id, permission_id, resource_id, principal_id) VALUES
+  (1, 1, 1, 1);
 
-insert into metainfo(`metainfo_key`, `metainfo_value`)
-  select 'version','${ambariSchemaVersion}';
+INSERT INTO metainfo(`metainfo_key`, `metainfo_value`) VALUES
+  ('version','${ambariSchemaVersion}');
 
 -- Quartz tables
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/6ea2cc1d/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql
index ce0bd84..f7346a0 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql
@@ -630,9 +630,11 @@ CREATE TABLE adminpermission (
   permission_name VARCHAR(255) NOT NULL,
   resource_type_id NUMBER(10) NOT NULL,
   permission_label VARCHAR(255),
+  principal_id NUMBER(19) NOT NULL,
   sort_order SMALLINT DEFAULT 1 NOT NULL,
   CONSTRAINT PK_adminpermission PRIMARY KEY (permission_id),
   CONSTRAINT FK_permission_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id),
+  CONSTRAINT FK_permission_principal_id FOREIGN KEY (principal_id) REFERENCES adminprincipal(principal_id),
   CONSTRAINT UQ_perm_name_resource_type_id UNIQUE (permission_name, resource_type_id));
 
 CREATE TABLE roleauthorization (
@@ -1008,8 +1010,8 @@ INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('view_instan
 INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('resource_type_id_seq', 4);
 INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('resource_id_seq', 2);
 INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('principal_type_id_seq', 8);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('principal_id_seq', 7);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('permission_id_seq', 5);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('principal_id_seq', 13);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('permission_id_seq', 7);
 INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('privilege_id_seq', 1);
 INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('config_id_seq', 1);
 INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('cluster_version_id_seq', 0);
@@ -1067,7 +1069,9 @@ insert into adminprincipaltype (principal_type_id, principal_type_name)
   union all
   select 6, 'ALL.SERVICE.ADMINISTRATOR' from dual
   union all
-  select 7, 'ALL.SERVICE.OPERATOR' from dual;
+  select 7, 'ALL.SERVICE.OPERATOR' from dual
+  union all
+  select 8, 'ROLE' from dual;
 
 insert into adminprincipal (principal_id, principal_type_id)
   select 1, 1 from dual
@@ -1080,25 +1084,39 @@ insert into adminprincipal (principal_id, principal_type_id)
   union all
   select 5, 6 from dual
   union all
-  select 6, 7 from dual;
+  select 6, 7 from dual
+  union all
+  select 7, 8 from dual
+  union all
+  select 8, 8 from dual
+  union all
+  select 9, 8 from dual
+  union all
+  select 10, 8 from dual
+  union all
+  select 11, 8 from dual
+  union all
+  select 12, 8 from dual
+  union all
+  select 13, 8 from dual;
 
 insert into users(user_id, principal_id, user_name, user_password)
 select 1,1,'admin','538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00' from dual;
 
-insert into adminpermission(permission_id, permission_name, resource_type_id, permission_label, sort_order)
-  select 1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator', 1 from dual
+insert into adminpermission(permission_id, permission_name, resource_type_id, permission_label, principal_id, sort_order)
+  select 1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator', 7, 1 from dual
   union all
-  select 2, 'CLUSTER.USER', 2, 'Cluster User', 6 from dual
+  select 2, 'CLUSTER.USER', 2, 'Cluster User', 8, 6 from dual
   union all
-  select 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator', 2 from dual
+  select 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator', 9, 2 from dual
   union all
-  select 4, 'VIEW.USER', 3, 'View User', 7 from dual
+  select 4, 'VIEW.USER', 3, 'View User', 10, 7 from dual
   union all
-  select 5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator', 3 from dual
+  select 5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator', 11, 3 from dual
   union all
-  select 6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator', 4 from dual
+  select 6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator', 12, 4 from dual
   union all
-  select 7, 'SERVICE.OPERATOR', 2, 'Service Operator', 5 from dual;
+  select 7, 'SERVICE.OPERATOR', 2, 'Service Operator', 13, 5 from dual;
 
 INSERT INTO roleauthorization(authorization_id, authorization_name)
   SELECT 'VIEW.USE', 'Use View' FROM dual UNION ALL

http://git-wip-us.apache.org/repos/asf/ambari/blob/6ea2cc1d/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql
index 7fb8c31..a3567b2 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql
@@ -633,9 +633,11 @@ CREATE TABLE adminpermission (
   permission_name VARCHAR(255) NOT NULL,
   resource_type_id INTEGER NOT NULL,
   permission_label VARCHAR(255),
+  principal_id BIGINT NOT NULL,
   sort_order SMALLINT NOT NULL DEFAULT 1,
   CONSTRAINT PK_adminpermission PRIMARY KEY (permission_id),
   CONSTRAINT FK_permission_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id),
+  CONSTRAINT FK_permission_principal_id FOREIGN KEY (principal_id) REFERENCES adminprincipal(principal_id),
   CONSTRAINT UQ_perm_name_resource_type_id UNIQUE (permission_name, resource_type_id));
 
 CREATE TABLE roleauthorization (
@@ -993,159 +995,100 @@ CREATE INDEX idx_alert_notice_state on alert_notice(notify_state);
 ---------inserting some data-----------
 -- In order for the first ID to be 1, must initialize the ambari_sequences table with a sequence_value of 0.
 BEGIN;
-INSERT INTO ambari_sequences (sequence_name, sequence_value)
-  SELECT 'cluster_id_seq', 1
-  UNION ALL
-  SELECT 'host_id_seq', 0
-  UNION ALL
-  SELECT 'user_id_seq', 2
-  UNION ALL
-  SELECT 'group_id_seq', 1
-  UNION ALL
-  SELECT 'member_id_seq', 1
-  UNION ALL
-  SELECT 'host_role_command_id_seq', 1
-  union all
-  select 'configgroup_id_seq', 1
-  union all
-  select 'requestschedule_id_seq', 1
-  union all
-  select 'resourcefilter_id_seq', 1
-  union all
-  select 'viewentity_id_seq', 0
-  union all
-  select 'operation_level_id_seq', 1
-  union all
-  select 'view_instance_id_seq', 1
-  union all
-  select 'resource_type_id_seq', 4
-  union all
-  select 'resource_id_seq', 2
-  union all
-  select 'principal_type_id_seq', 8
-  union all
-  select 'principal_id_seq', 7
-  union all
-  select 'permission_id_seq', 5
-  union all
-  select 'privilege_id_seq', 1
-  union all
-  select 'alert_definition_id_seq', 0
-  union all
-  select 'alert_group_id_seq', 0
-  union all
-  select 'alert_target_id_seq', 0
-  union all
-  select 'alert_history_id_seq', 0
-  union all
-  select 'alert_notice_id_seq', 0
-  union all
-  select 'alert_current_id_seq', 0
-  union all
-  select 'config_id_seq', 1
-  union all
-  select 'repo_version_id_seq', 0
-  union all
-  select 'cluster_version_id_seq', 0
-  union all
-  select 'host_version_id_seq', 0
-  union all
-  select 'service_config_id_seq', 1
-  union all
-  select 'upgrade_id_seq', 0
-  union all
-  select 'upgrade_group_id_seq', 0
-  union all
-  select 'widget_id_seq', 0
-  union all
-  select 'widget_layout_id_seq', 0
-  union all
-  select 'upgrade_item_id_seq', 0
-  union all
-  select 'stack_id_seq', 0
-  union all
-  select 'topology_host_info_id_seq', 0
-  union all
-  select 'topology_host_request_id_seq', 0
-  union all
-  select 'topology_host_task_id_seq', 0
-  union all
-  select 'topology_logical_request_id_seq', 0
-  union all
-  select 'topology_logical_task_id_seq', 0
-  union all
-  select 'topology_request_id_seq', 0
-  union all
-  select 'topology_host_group_id_seq', 0
-  union all
-  select 'setting_id_seq', 0
-  union all
-  select 'hostcomponentstate_id_seq', 0
-  union all
-  select 'servicecomponentdesiredstate_id_seq', 0
-  union all
-  select 'servicecomponent_history_id_seq', 0
-  union all
-  select 'blueprint_setting_id_seq', 0
-  union all
-  select 'ambari_operation_history_id_seq', 0;
-
-
-INSERT INTO adminresourcetype (resource_type_id, resource_type_name)
-  SELECT 1, 'AMBARI'
-  UNION ALL
-  SELECT 2, 'CLUSTER'
-  UNION ALL
-  SELECT 3, 'VIEW';
-
-INSERT INTO adminresource (resource_id, resource_type_id)
-  SELECT 1, 1;
-
-INSERT INTO adminprincipaltype (principal_type_id, principal_type_name)
-  SELECT 1, 'USER'
-  UNION ALL
-  SELECT 2, 'GROUP'
-  UNION ALL
-  SELECT 3, 'ALL.CLUSTER.ADMINISTRATOR'
-  UNION ALL
-  SELECT 4, 'ALL.CLUSTER.OPERATOR'
-  UNION ALL
-  SELECT 5, 'ALL.CLUSTER.USER'
-  UNION ALL
-  SELECT 6, 'ALL.SERVICE.ADMINISTRATOR'
-  UNION ALL
-  SELECT 7, 'ALL.SERVICE.OPERATOR';
-
-INSERT INTO adminprincipal (principal_id, principal_type_id)
-  SELECT 1, 1
-  UNION ALL
-  SELECT 2, 3
-  UNION ALL
-  SELECT 3, 4
-  UNION ALL
-  SELECT 4, 5
-  UNION ALL
-  SELECT 5, 6
-  UNION ALL
-  SELECT 6, 7;
+INSERT INTO ambari_sequences (sequence_name, sequence_value) VALUES
+  ('cluster_id_seq', 1),
+  ('host_id_seq', 0),
+  ('user_id_seq', 2),
+  ('group_id_seq', 1),
+  ('member_id_seq', 1),
+  ('host_role_command_id_seq', 1),
+  ('configgroup_id_seq', 1),
+  ('requestschedule_id_seq', 1),
+  ('resourcefilter_id_seq', 1),
+  ('viewentity_id_seq', 0),
+  ('operation_level_id_seq', 1),
+  ('view_instance_id_seq', 1),
+  ('resource_type_id_seq', 4),
+  ('resource_id_seq', 2),
+  ('principal_type_id_seq', 8),
+  ('principal_id_seq', 13),
+  ('permission_id_seq', 7),
+  ('privilege_id_seq', 1),
+  ('alert_definition_id_seq', 0),
+  ('alert_group_id_seq', 0),
+  ('alert_target_id_seq', 0),
+  ('alert_history_id_seq', 0),
+  ('alert_notice_id_seq', 0),
+  ('alert_current_id_seq', 0),
+  ('config_id_seq', 1),
+  ('repo_version_id_seq', 0),
+  ('cluster_version_id_seq', 0),
+  ('host_version_id_seq', 0),
+  ('service_config_id_seq', 1),
+  ('upgrade_id_seq', 0),
+  ('upgrade_group_id_seq', 0),
+  ('widget_id_seq', 0),
+  ('widget_layout_id_seq', 0),
+  ('upgrade_item_id_seq', 0),
+  ('stack_id_seq', 0),
+  ('topology_host_info_id_seq', 0),
+  ('topology_host_request_id_seq', 0),
+  ('topology_host_task_id_seq', 0),
+  ('topology_logical_request_id_seq', 0),
+  ('topology_logical_task_id_seq', 0),
+  ('topology_request_id_seq', 0),
+  ('topology_host_group_id_seq', 0),
+  ('setting_id_seq', 0),
+  ('hostcomponentstate_id_seq', 0),
+  ('servicecomponentdesiredstate_id_seq', 0),
+  ('servicecomponent_history_id_seq', 0),
+  ('blueprint_setting_id_seq', 0),
+  ('ambari_operation_history_id_seq', 0);
+
+INSERT INTO adminresourcetype (resource_type_id, resource_type_name) VALUES
+  (1, 'AMBARI'),
+  (2, 'CLUSTER'),
+  (3, 'VIEW');
+
+INSERT INTO adminresource (resource_id, resource_type_id) VALUES
+  (1, 1);
+
+INSERT INTO adminprincipaltype (principal_type_id, principal_type_name) VALUES
+  (1, 'USER'),
+  (2, 'GROUP'),
+  (3, 'ALL.CLUSTER.ADMINISTRATOR'),
+  (4, 'ALL.CLUSTER.OPERATOR'),
+  (5, 'ALL.CLUSTER.USER'),
+  (6, 'ALL.SERVICE.ADMINISTRATOR'),
+  (7, 'ALL.SERVICE.OPERATOR'),
+  (8, 'ROLE');
+
+INSERT INTO adminprincipal (principal_id, principal_type_id) VALUES
+  (1, 1),
+  (2, 3),
+  (3, 4),
+  (4, 5),
+  (5, 6),
+  (6, 7),
+  (7, 8),
+  (8, 8),
+  (9, 8),
+  (10, 8),
+  (11, 8),
+  (12, 8),
+  (13, 8);
 
 INSERT INTO Users (user_id, principal_id, user_name, user_password)
   SELECT 1, 1, 'admin', '538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00';
 
-insert into adminpermission(permission_id, permission_name, resource_type_id, permission_label, sort_order)
-  SELECT 1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator', 1
-  UNION ALL
-  SELECT 2, 'CLUSTER.USER', 2, 'Cluster User', 6
-  UNION ALL
-  SELECT 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator', 2
-  UNION ALL
-  SELECT 4, 'VIEW.USER', 3, 'View User', 7
-  UNION ALL
-  SELECT 5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator', 3
-  UNION ALL
-  SELECT 6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator', 4
-  UNION ALL
-  SELECT 7, 'SERVICE.OPERATOR', 2, 'Service Operator', 5;
+INSERT INTO adminpermission(permission_id, permission_name, resource_type_id, permission_label, principal_id, sort_order)
+  SELECT 1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator', 7, 1 UNION ALL
+  SELECT 2, 'CLUSTER.USER', 2, 'Cluster User', 8, 6 UNION ALL
+  SELECT 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator', 9, 2 UNION ALL
+  SELECT 4, 'VIEW.USER', 3, 'View User', 10, 7 UNION ALL
+  SELECT 5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator', 11, 3 UNION ALL
+  SELECT 6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator', 12, 4 UNION ALL
+  SELECT 7, 'SERVICE.OPERATOR', 2, 'Service Operator', 13, 5;
 
 INSERT INTO roleauthorization(authorization_id, authorization_name)
   SELECT 'VIEW.USE', 'Use View' UNION ALL
@@ -1377,7 +1320,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id)
   SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
-   SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+  SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'AMBARI.ADD_DELETE_CLUSTERS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'AMBARI.SET_SERVICE_USERS_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'AMBARI.RENAME_CLUSTER' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
@@ -1389,11 +1332,11 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id)
   SELECT permission_id, 'AMBARI.MANAGE_STACK_VERSIONS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'AMBARI.EDIT_STACK_REPOS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR';
 
-INSERT INTO adminprivilege (privilege_id, permission_id, resource_id, principal_id)
-  SELECT 1, 1, 1, 1;
+INSERT INTO adminprivilege (privilege_id, permission_id, resource_id, principal_id) VALUES
+  (1, 1, 1, 1);
 
-INSERT INTO metainfo (metainfo_key, metainfo_value)
-  SELECT 'version', '${ambariSchemaVersion}';
+INSERT INTO metainfo(`metainfo_key`, `metainfo_value`) VALUES
+('version','${ambariSchemaVersion}');
 COMMIT;
 
 -- Quartz tables

http://git-wip-us.apache.org/repos/asf/ambari/blob/6ea2cc1d/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql
index 0f3a2c2..8814e10 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql
@@ -742,9 +742,11 @@ CREATE TABLE ambari.adminpermission (
   permission_name VARCHAR(255) NOT NULL,
   resource_type_id INTEGER NOT NULL,
   permission_label VARCHAR(255),
+  principal_id BIGINT NOT NULL,
   sort_order SMALLINT NOT NULL DEFAULT 1,
   CONSTRAINT PK_adminpermission PRIMARY KEY (permission_id),
   CONSTRAINT FK_permission_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES ambari.adminresourcetype(resource_type_id),
+  CONSTRAINT FK_permission_principal_id FOREIGN KEY (principal_id) REFERENCES ambari.adminprincipal(principal_id),
   CONSTRAINT UQ_perm_name_resource_type_id UNIQUE (permission_name, resource_type_id));
 
 CREATE TABLE ambari.roleauthorization (
@@ -1151,158 +1153,100 @@ CREATE INDEX idx_alert_notice_state on ambari.alert_notice(notify_state);
 ---------inserting some data-----------
 -- In order for the first ID to be 1, must initialize the ambari_sequences table with a sequence_value of 0.
 BEGIN;
-INSERT INTO ambari.ambari_sequences (sequence_name, sequence_value)
-  SELECT 'cluster_id_seq', 1
-  UNION ALL
-  SELECT 'host_id_seq', 0
-  UNION ALL
-  SELECT 'user_id_seq', 2
-  UNION ALL
-  SELECT 'group_id_seq', 1
-  UNION ALL
-  SELECT 'member_id_seq', 1
-  UNION ALL
-  SELECT 'host_role_command_id_seq', 1
-  union all
-  select 'configgroup_id_seq', 1
-  union all
-  select 'requestschedule_id_seq', 1
-  union all
-  select 'resourcefilter_id_seq', 1
-  union all
-  select 'viewentity_id_seq', 0
-  union all
-  select 'operation_level_id_seq', 1
-  union all
-  select 'view_instance_id_seq', 1
-  union all
-  select 'resource_type_id_seq', 4
-  union all
-  select 'resource_id_seq', 2
-  union all
-  select 'principal_type_id_seq', 8
-  union all
-  select 'principal_id_seq', 7
-  union all
-  select 'permission_id_seq', 5
-  union all
-  select 'privilege_id_seq', 1
-  union all
-  select 'alert_definition_id_seq', 0
-  union all
-  select 'alert_group_id_seq', 0
-  union all
-  select 'alert_target_id_seq', 0
-  union all
-  select 'alert_history_id_seq', 0
-  union all
-  select 'alert_notice_id_seq', 0
-  union all
-  select 'alert_current_id_seq', 0
-  union all
-  select 'config_id_seq', 1
-  union all
-  select 'repo_version_id_seq', 0
-  union all
-  select 'cluster_version_id_seq', 0
-  union all
-  select 'host_version_id_seq', 0
-  union all
-  select 'service_config_id_seq', 1
-  union all
-  select 'upgrade_id_seq', 0
-  union all
-  select 'upgrade_group_id_seq', 0
-  union all
-  select 'widget_id_seq', 0
-  union all
-  select 'widget_layout_id_seq', 0
-  union all
-  select 'upgrade_item_id_seq', 0
-  union all
-  select 'stack_id_seq', 0
-  union all
-  select 'topology_host_info_id_seq', 0
-  union all
-  select 'topology_host_request_id_seq', 0
-  union all
-  select 'topology_host_task_id_seq', 0
-  union all
-  select 'topology_logical_request_id_seq', 0
-  union all
-  select 'topology_logical_task_id_seq', 0
-  union all
-  select 'topology_request_id_seq', 0
-  union all
-  select 'topology_host_group_id_seq', 0
-  union all
-  select 'setting_id_seq', 0
-  union all
-  select 'hostcomponentstate_id_seq', 0
-  union all
-  select 'servicecomponentdesiredstate_id_seq', 0
-  union all
-  select 'servicecomponent_history_id_seq', 0
-  union all
-  select 'blueprint_setting_id_seq', 0
-  union all
-  select 'ambari_operation_history_id_seq', 0;
-
-INSERT INTO ambari.adminresourcetype (resource_type_id, resource_type_name)
-  SELECT 1, 'AMBARI'
-  UNION ALL
-  SELECT 2, 'CLUSTER'
-  UNION ALL
-  SELECT 3, 'VIEW';
-
-INSERT INTO ambari.adminresource (resource_id, resource_type_id)
-  SELECT 1, 1;
-
-INSERT INTO ambari.adminprincipaltype (principal_type_id, principal_type_name)
-  SELECT 1, 'USER'
-  UNION ALL
-  SELECT 2, 'GROUP'
-  UNION ALL
-  SELECT 3, 'ALL.CLUSTER.ADMINISTRATOR'
-  UNION ALL
-  SELECT 4, 'ALL.CLUSTER.OPERATOR'
-  UNION ALL
-  SELECT 5, 'ALL.CLUSTER.USER'
-  UNION ALL
-  SELECT 6, 'ALL.SERVICE.ADMINISTRATOR'
-  UNION ALL
-  SELECT 7, 'ALL.SERVICE.OPERATOR';
-
-INSERT INTO ambari.adminprincipal (principal_id, principal_type_id)
-  SELECT 1, 1
-  UNION ALL
-  SELECT 2, 3
-  UNION ALL
-  SELECT 3, 4
-  UNION ALL
-  SELECT 4, 5
-  UNION ALL
-  SELECT 5, 6
-  UNION ALL
-  SELECT 6, 7;
+INSERT INTO ambari.ambari_sequences (sequence_name, sequence_value) VALUES
+  ('cluster_id_seq', 1),
+  ('host_id_seq', 0),
+  ('user_id_seq', 2),
+  ('group_id_seq', 1),
+  ('member_id_seq', 1),
+  ('host_role_command_id_seq', 1),
+  ('configgroup_id_seq', 1),
+  ('requestschedule_id_seq', 1),
+  ('resourcefilter_id_seq', 1),
+  ('viewentity_id_seq', 0),
+  ('operation_level_id_seq', 1),
+  ('view_instance_id_seq', 1),
+  ('resource_type_id_seq', 4),
+  ('resource_id_seq', 2),
+  ('principal_type_id_seq', 8),
+  ('principal_id_seq', 13),
+  ('permission_id_seq', 7),
+  ('privilege_id_seq', 1),
+  ('alert_definition_id_seq', 0),
+  ('alert_group_id_seq', 0),
+  ('alert_target_id_seq', 0),
+  ('alert_history_id_seq', 0),
+  ('alert_notice_id_seq', 0),
+  ('alert_current_id_seq', 0),
+  ('config_id_seq', 1),
+  ('repo_version_id_seq', 0),
+  ('cluster_version_id_seq', 0),
+  ('host_version_id_seq', 0),
+  ('service_config_id_seq', 1),
+  ('upgrade_id_seq', 0),
+  ('upgrade_group_id_seq', 0),
+  ('widget_id_seq', 0),
+  ('widget_layout_id_seq', 0),
+  ('upgrade_item_id_seq', 0),
+  ('stack_id_seq', 0),
+  ('topology_host_info_id_seq', 0),
+  ('topology_host_request_id_seq', 0),
+  ('topology_host_task_id_seq', 0),
+  ('topology_logical_request_id_seq', 0),
+  ('topology_logical_task_id_seq', 0),
+  ('topology_request_id_seq', 0),
+  ('topology_host_group_id_seq', 0),
+  ('setting_id_seq', 0),
+  ('hostcomponentstate_id_seq', 0),
+  ('servicecomponentdesiredstate_id_seq', 0),
+  ('servicecomponent_history_id_seq', 0),
+  ('blueprint_setting_id_seq', 0),
+  ('ambari_operation_history_id_seq', 0);
+
+INSERT INTO ambari.adminresourcetype (resource_type_id, resource_type_name) VALUES
+  (1, 'AMBARI'),
+  (2, 'CLUSTER'),
+  (3, 'VIEW');
+
+INSERT INTO ambari.adminresource (resource_id, resource_type_id) VALUES
+  (1, 1);
+
+INSERT INTO ambari.adminprincipaltype (principal_type_id, principal_type_name) VALUES
+  (1, 'USER'),
+  (2, 'GROUP'),
+  (3, 'ALL.CLUSTER.ADMINISTRATOR'),
+  (4, 'ALL.CLUSTER.OPERATOR'),
+  (5, 'ALL.CLUSTER.USER'),
+  (6, 'ALL.SERVICE.ADMINISTRATOR'),
+  (7, 'ALL.SERVICE.OPERATOR'),
+  (8, 'ROLE');
+
+INSERT INTO ambari.adminprincipal (principal_id, principal_type_id) VALUES
+  (1, 1),
+  (2, 3),
+  (3, 4),
+  (4, 5),
+  (5, 6),
+  (6, 7),
+  (7, 8),
+  (8, 8),
+  (9, 8),
+  (10, 8),
+  (11, 8),
+  (12, 8),
+  (13, 8);
 
 INSERT INTO ambari.Users (user_id, principal_id, user_name, user_password)
   SELECT 1, 1, 'admin', '538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00';
 
-insert into ambari.adminpermission(permission_id, permission_name, resource_type_id, permission_label, sort_order)
-  SELECT 1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator', 1
-  UNION ALL
-  SELECT 2, 'CLUSTER.USER', 2, 'Cluster User', 6
-  UNION ALL
-  SELECT 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator', 2
-  UNION ALL
-  SELECT 4, 'VIEW.USER', 3, 'View User', 7
-  UNION ALL
-  SELECT 5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator', 3
-  UNION ALL
-  SELECT 6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator', 4
-  UNION ALL
-  SELECT 7, 'SERVICE.OPERATOR', 2, 'Service Operator', 5;
+INSERT INTO ambari.adminpermission(permission_id, permission_name, resource_type_id, permission_label, principal_id, sort_order)
+  SELECT 1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator', 7, 1 UNION ALL
+  SELECT 2, 'CLUSTER.USER', 2, 'Cluster User', 8, 6 UNION ALL
+  SELECT 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator', 9, 2 UNION ALL
+  SELECT 4, 'VIEW.USER', 3, 'View User', 10, 7 UNION ALL
+  SELECT 5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator', 11, 3 UNION ALL
+  SELECT 6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator', 12, 4 UNION ALL
+  SELECT 7, 'SERVICE.OPERATOR', 2, 'Service Operator', 13, 5;
 
 INSERT INTO ambari.roleauthorization(authorization_id, authorization_name)
   SELECT 'VIEW.USE', 'Use View' UNION ALL
@@ -1547,11 +1491,11 @@ INSERT INTO ambari.permission_roleauthorization(permission_id, authorization_id)
   SELECT permission_id, 'AMBARI.EDIT_STACK_REPOS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR';
 
 
-INSERT INTO ambari.adminprivilege (privilege_id, permission_id, resource_id, principal_id)
-  SELECT 1, 1, 1, 1;
+INSERT INTO ambari.adminprivilege (privilege_id, permission_id, resource_id, principal_id) VALUES
+  (1, 1, 1, 1);
 
-INSERT INTO ambari.metainfo (metainfo_key, metainfo_value)
-  SELECT 'version', '${ambariSchemaVersion}';
+INSERT INTO ambari.metainfo (metainfo_key, metainfo_value) VALUES
+  ('version', '${ambariSchemaVersion}');
 COMMIT;
 
 -- Quartz tables

http://git-wip-us.apache.org/repos/asf/ambari/blob/6ea2cc1d/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql
index b89389c..5e588b4 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql
@@ -629,9 +629,11 @@ CREATE TABLE adminpermission (
   permission_name VARCHAR(255) NOT NULL,
   resource_type_id INTEGER NOT NULL,
   permission_label VARCHAR(255),
+  principal_id NUMERIC(19) NOT NULL,
   sort_order SMALLINT NOT NULL DEFAULT 1,
   CONSTRAINT PK_adminpermission PRIMARY KEY (permission_id),
   CONSTRAINT FK_permission_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id),
+  CONSTRAINT FK_permission_principal_id FOREIGN KEY (principal_id) REFERENCES adminprincipal(principal_id),
   CONSTRAINT UQ_perm_name_resource_type_id UNIQUE (permission_name, resource_type_id));
 
 CREATE TABLE roleauthorization (
@@ -1007,8 +1009,8 @@ INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('view_instan
 INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('resource_type_id_seq', 4);
 INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('resource_id_seq', 2);
 INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('principal_type_id_seq', 8);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('principal_id_seq', 7);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('permission_id_seq', 5);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('principal_id_seq', 13);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('permission_id_seq', 7);
 INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('privilege_id_seq', 1);
 INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('config_id_seq', 1);
 INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('cluster_version_id_seq', 0);
@@ -1064,7 +1066,9 @@ insert into adminprincipaltype (principal_type_id, principal_type_name)
   union all
   select 6, 'ALL.SERVICE.ADMINISTRATOR'
   union all
-  select 7, 'ALL.SERVICE.OPERATOR';
+  select 7, 'ALL.SERVICE.OPERATOR'
+  union all
+  select 8, 'ROLE';
 
 insert into adminprincipal (principal_id, principal_type_id)
   select 1, 1
@@ -1077,25 +1081,39 @@ insert into adminprincipal (principal_id, principal_type_id)
   union all
   select 5, 6
   union all
-  select 6, 7;
+  select 6, 7
+  union all
+  select 7, 8
+  union all
+  select 8, 8
+  union all
+  select 9, 8
+  union all
+  select 10, 8
+  union all
+  select 11, 8
+  union all
+  select 12, 8
+  union all
+  select 13, 8;
 
 insert into users(user_id, principal_id, user_name, user_password)
   select 1, 1, 'admin','538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00';
 
-insert into adminpermission(permission_id, permission_name, resource_type_id, permission_label, sort_order)
-  select 1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator', 1
+insert into adminpermission(permission_id, permission_name, resource_type_id, permission_label, principal_id, sort_order)
+  select 1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator', 7, 1
   union all
-  select 2, 'CLUSTER.USER', 2, 'Cluster User', 6
+  select 2, 'CLUSTER.USER', 2, 'Cluster User', 8, 6
   union all
-  select 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator', 2
+  select 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator', 9, 2
   union all
-  select 4, 'VIEW.USER', 3, 'View User', 7
+  select 4, 'VIEW.USER', 3, 'View User', 10, 7
   union all
-  select 5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator', 3
+  select 5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator', 11, 3
   union all
-  select 6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator', 4
+  select 6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator', 12, 4
   union all
-  select 7, 'SERVICE.OPERATOR', 2, 'Service Operator', 5;
+  select 7, 'SERVICE.OPERATOR', 2, 'Service Operator', 13, 5;
 
   INSERT INTO roleauthorization(authorization_id, authorization_name)
     SELECT 'VIEW.USE', 'Use View' UNION ALL

http://git-wip-us.apache.org/repos/asf/ambari/blob/6ea2cc1d/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql
index 1107c4d..4f21502 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql
@@ -640,9 +640,11 @@ CREATE TABLE adminpermission (
   permission_name VARCHAR(255) NOT NULL,
   resource_type_id INTEGER NOT NULL,
   permission_label VARCHAR(255),
+  principal_id BIGINT NOT NULL,
   sort_order SMALLINT NOT NULL DEFAULT 1,
   CONSTRAINT PK_adminpermission PRIMARY KEY CLUSTERED (permission_id),
   CONSTRAINT FK_permission_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id),
+  CONSTRAINT FK_permission_principal_id FOREIGN KEY (principal_id) REFERENCES adminprincipal(principal_id),
   CONSTRAINT UQ_perm_name_resource_type_id UNIQUE (permission_name, resource_type_id));
 
 CREATE TABLE roleauthorization (
@@ -1033,8 +1035,8 @@ BEGIN TRANSACTION
     ('resource_type_id_seq', 4),
     ('resource_id_seq', 2),
     ('principal_type_id_seq', 8),
-    ('principal_id_seq', 7),
-    ('permission_id_seq', 5),
+    ('principal_id_seq', 13),
+    ('permission_id_seq', 7),
     ('privilege_id_seq', 1),
     ('alert_definition_id_seq', 0),
     ('alert_group_id_seq', 0),
@@ -1084,7 +1086,8 @@ BEGIN TRANSACTION
     (4, 'ALL.CLUSTER.OPERATOR'),
     (5, 'ALL.CLUSTER.USER'),
     (6, 'ALL.SERVICE.ADMINISTRATOR'),
-    (7, 'ALL.SERVICE.OPERATOR');
+    (7, 'ALL.SERVICE.OPERATOR'),
+    (8, 'ROLE');
 
   insert into adminprincipal (principal_id, principal_type_id)
   values
@@ -1093,20 +1096,27 @@ BEGIN TRANSACTION
     (3, 4),
     (4, 5),
     (5, 6),
-    (6, 7);
+    (6, 7),
+    (7, 8),
+    (8, 8),
+    (9, 8),
+    (10, 8),
+    (11, 8),
+    (12, 8),
+    (13, 8);
 
   insert into users(user_id, principal_id, user_name, user_password)
     select 1, 1, 'admin','538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00';
 
-  insert into adminpermission(permission_id, permission_name, resource_type_id, permission_label, sort_order)
+  insert into adminpermission(permission_id, permission_name, resource_type_id, permission_label, principal_id, sort_order)
   values
-    (1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator', 1),
-    (2, 'CLUSTER.USER', 2, 'Cluster User', 6),
-    (3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator', 2),
-    (4, 'VIEW.USER', 3, 'View User', 7),
-    (5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator', 3),
-    (6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator', 4),
-    (7, 'SERVICE.OPERATOR', 2, 'Service Operator', 5);
+    (1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator', 7, 1),
+    (2, 'CLUSTER.USER', 2, 'Cluster User', 8, 6),
+    (3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator', 9, 2),
+    (4, 'VIEW.USER', 3, 'View User', 10, 7),
+    (5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator', 11, 3),
+    (6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator', 12, 4),
+    (7, 'SERVICE.OPERATOR', 2, 'Service Operator', 13, 5);
 
   INSERT INTO roleauthorization(authorization_id, authorization_name)
     SELECT 'VIEW.USE', 'Use View' UNION ALL

http://git-wip-us.apache.org/repos/asf/ambari/blob/6ea2cc1d/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java
index ad8cce1..dee4490 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java
@@ -41,6 +41,8 @@ import org.apache.ambari.server.orm.dao.ResourceDAO;
 import org.apache.ambari.server.orm.dao.ResourceTypeDAO;
 import org.apache.ambari.server.orm.dao.UserDAO;
 import org.apache.ambari.server.orm.entities.PermissionEntity;
+import org.apache.ambari.server.orm.entities.PrincipalEntity;
+import org.apache.ambari.server.orm.entities.PrincipalTypeEntity;
 import org.apache.ambari.server.orm.entities.ResourceEntity;
 import org.apache.ambari.server.orm.entities.ResourceTypeEntity;
 import org.apache.ambari.server.orm.entities.UserEntity;
@@ -108,9 +110,18 @@ public class TestUsers {
     resourceEntity.setResourceType(resourceTypeEntity);
     resourceDAO.create(resourceEntity);
 
+    PrincipalTypeEntity principalTypeEntity = new PrincipalTypeEntity();
+    principalTypeEntity.setName("ROLE");
+    principalTypeEntity = principalTypeDAO.merge(principalTypeEntity);
+
+    PrincipalEntity principalEntity = new PrincipalEntity();
+    principalEntity.setPrincipalType(principalTypeEntity);
+    principalEntity = principalDAO.merge(principalEntity);
+
     PermissionEntity adminPermissionEntity = new PermissionEntity();
     adminPermissionEntity.setId(PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION);
     adminPermissionEntity.setPermissionName(PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION_NAME);
+    adminPermissionEntity.setPrincipal(principalEntity);
     adminPermissionEntity.setResourceType(resourceTypeEntity);
     permissionDAO.create(adminPermissionEntity);
   }

http://git-wip-us.apache.org/repos/asf/ambari/blob/6ea2cc1d/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java
index 7c85ba7..a061c22 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java
@@ -42,8 +42,6 @@ import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 
-import javax.persistence.EntityManager;
-
 import com.google.common.collect.Maps;
 import com.google.gson.Gson;
 import com.google.inject.AbstractModule;
@@ -128,7 +126,8 @@ public class UpgradeCatalog240Test {
 
   @Test
   public void testExecuteDDLUpdates() throws SQLException, AmbariException {
-    Capture<DBAccessor.DBColumnInfo> capturedColumnInfo = newCapture();
+    Capture<DBAccessor.DBColumnInfo> capturedSortOrderColumnInfo = newCapture();
+    Capture<DBAccessor.DBColumnInfo> capturedPermissionIDColumnInfo = newCapture();
     Capture<DBAccessor.DBColumnInfo> capturedScColumnInfo = newCapture();
     Capture<DBAccessor.DBColumnInfo> capturedScDesiredVersionColumnInfo = newCapture();
 
@@ -139,7 +138,8 @@ public class UpgradeCatalog240Test {
     ResultSet resultSet = createNiceMock(ResultSet.class);
     Capture<List<DBAccessor.DBColumnInfo>> capturedSettingColumns = EasyMock.newCapture();
 
-    dbAccessor.addColumn(eq("adminpermission"), capture(capturedColumnInfo));
+    dbAccessor.addColumn(eq("adminpermission"), capture(capturedSortOrderColumnInfo));
+    dbAccessor.addColumn(eq("adminpermission"), capture(capturedPermissionIDColumnInfo));
     dbAccessor.addColumn(eq(UpgradeCatalog240.SERVICE_COMPONENT_DESIRED_STATE_TABLE), capture(capturedScColumnInfo));
     dbAccessor.addColumn(eq(UpgradeCatalog240.SERVICE_COMPONENT_DESIRED_STATE_TABLE),
         capture(capturedScDesiredVersionColumnInfo));
@@ -248,13 +248,21 @@ public class UpgradeCatalog240Test {
     UpgradeCatalog240 upgradeCatalog240 = injector.getInstance(UpgradeCatalog240.class);
     upgradeCatalog240.executeDDLUpdates();
 
-    DBAccessor.DBColumnInfo columnInfo = capturedColumnInfo.getValue();
-    Assert.assertNotNull(columnInfo);
-    Assert.assertEquals(UpgradeCatalog240.SORT_ORDER_COL, columnInfo.getName());
-    Assert.assertEquals(null, columnInfo.getLength());
-    Assert.assertEquals(Short.class, columnInfo.getType());
-    Assert.assertEquals(1, columnInfo.getDefaultValue());
-    Assert.assertEquals(false, columnInfo.isNullable());
+    DBAccessor.DBColumnInfo columnSortOrderInfo = capturedSortOrderColumnInfo.getValue();
+    Assert.assertNotNull(columnSortOrderInfo);
+    Assert.assertEquals(UpgradeCatalog240.SORT_ORDER_COL, columnSortOrderInfo.getName());
+    Assert.assertEquals(null, columnSortOrderInfo.getLength());
+    Assert.assertEquals(Short.class, columnSortOrderInfo.getType());
+    Assert.assertEquals(1, columnSortOrderInfo.getDefaultValue());
+    Assert.assertEquals(false, columnSortOrderInfo.isNullable());
+
+    DBAccessor.DBColumnInfo columnPrincipalIDInfo = capturedPermissionIDColumnInfo.getValue();
+    Assert.assertNotNull(columnPrincipalIDInfo);
+    Assert.assertEquals(UpgradeCatalog240.PRINCIPAL_ID_COL, columnPrincipalIDInfo.getName());
+    Assert.assertEquals(null, columnPrincipalIDInfo.getLength());
+    Assert.assertEquals(Long.class, columnPrincipalIDInfo.getType());
+    Assert.assertEquals(null, columnPrincipalIDInfo.getDefaultValue());
+    Assert.assertEquals(true, columnPrincipalIDInfo.isNullable());
 
     // Verify if recovery_enabled column was added to servicecomponentdesiredstate table
     DBAccessor.DBColumnInfo columnScInfo = capturedScColumnInfo.getValue();
@@ -396,18 +404,15 @@ public class UpgradeCatalog240Test {
     Method removeHiveOozieDBConnectionConfigs = UpgradeCatalog240.class.getDeclaredMethod("removeHiveOozieDBConnectionConfigs");
     Method updateClustersAndHostsVersionStateTableDML = UpgradeCatalog240.class.getDeclaredMethod("updateClustersAndHostsVersionStateTableDML");
     Method removeStandardDeviationAlerts = UpgradeCatalog240.class.getDeclaredMethod("removeStandardDeviationAlerts");
-    Method getAndIncrementSequence = AbstractUpgradeCatalog.class.getDeclaredMethod("getAndIncrementSequence", String.class);
     Method consolidateUserRoles = UpgradeCatalog240.class.getDeclaredMethod("consolidateUserRoles");
+    Method updateClusterInheritedPermissionsConfig = UpgradeCatalog240.class.getDeclaredMethod("updateClusterInheritedPermissionsConfig");
+    Method createRolePrincipals = UpgradeCatalog240.class.getDeclaredMethod("createRolePrincipals");
 
-    Capture<String> capturedStatements = newCapture(CaptureType.ALL);
-    Capture<String> capturedTablesNames = newCapture(CaptureType.ALL);
-    Capture<String[]> captureColumnNames = newCapture(CaptureType.ALL);
-    Capture<String[]> captureColumnValues = newCapture(CaptureType.ALL);
 
+    Capture<String> capturedStatements = newCapture(CaptureType.ALL);
 
     DBAccessor dbAccessor = createStrictMock(DBAccessor.class);
     expect(dbAccessor.executeUpdate(capture(capturedStatements))).andReturn(1).times(7);
-    expect(dbAccessor.insertRow(capture(capturedTablesNames), capture(captureColumnNames), capture(captureColumnValues), anyBoolean())).andReturn(true).times(10);
 
     UpgradeCatalog240 upgradeCatalog240 = createMockBuilder(UpgradeCatalog240.class)
             .addMockedMethod(addNewConfigurationsFromXml)
@@ -424,12 +429,11 @@ public class UpgradeCatalog240Test {
             .addMockedMethod(removeHiveOozieDBConnectionConfigs)
             .addMockedMethod(updateClustersAndHostsVersionStateTableDML)
             .addMockedMethod(removeStandardDeviationAlerts)
-            .addMockedMethod(getAndIncrementSequence)
             .addMockedMethod(consolidateUserRoles)
+            .addMockedMethod(updateClusterInheritedPermissionsConfig)
+            .addMockedMethod(createRolePrincipals)
             .createMock();
 
-    expect(upgradeCatalog240.getAndIncrementSequence(anyString())).andReturn(1).anyTimes();
-
     Field field = AbstractUpgradeCatalog.class.getDeclaredField("dbAccessor");
     field.set(upgradeCatalog240, dbAccessor);
 
@@ -448,6 +452,8 @@ public class UpgradeCatalog240Test {
     upgradeCatalog240.updateClustersAndHostsVersionStateTableDML();
     upgradeCatalog240.removeStandardDeviationAlerts();
     upgradeCatalog240.consolidateUserRoles();
+    upgradeCatalog240.createRolePrincipals();
+    upgradeCatalog240.updateClusterInheritedPermissionsConfig();
 
     replay(upgradeCatalog240, dbAccessor);
 
@@ -465,47 +471,6 @@ public class UpgradeCatalog240Test {
     Assert.assertTrue(statements.contains("UPDATE adminpermission SET sort_order=5 WHERE permission_name='SERVICE.OPERATOR'"));
     Assert.assertTrue(statements.contains("UPDATE adminpermission SET sort_order=6 WHERE permission_name='CLUSTER.USER'"));
     Assert.assertTrue(statements.contains("UPDATE adminpermission SET sort_order=7 WHERE permission_name='VIEW.USER'"));
-
-
-    List<String> tableNames = capturedTablesNames.getValues();
-    Assert.assertNotNull(tableNames);
-    Assert.assertEquals(10, tableNames.size());
-    Assert.assertTrue(tableNames.contains("adminprincipaltype"));
-    Assert.assertTrue(tableNames.contains("adminprincipal"));
-
-    List<String[]> tableColumns = captureColumnNames.getValues();
-    Assert.assertNotNull(tableColumns);
-    Assert.assertEquals(10, tableColumns.size());
-    Assert.assertTrue(shouldOnlyHaveValidColumns(tableColumns));
-
-    List<String[]> tableColumnsValue = captureColumnValues.getValues();
-    Assert.assertNotNull(tableColumnsValue);
-    Assert.assertEquals(10, tableColumnsValue.size());
-    isValidValues(tableColumnsValue.get(0), "3", "'ALL.CLUSTER.ADMINISTRATOR'");
-    isValidValues(tableColumnsValue.get(1), "4", "'ALL.CLUSTER.OPERATOR'");
-    isValidValues(tableColumnsValue.get(2), "5", "'ALL.CLUSTER.USER'");
-    isValidValues(tableColumnsValue.get(3), "6", "'ALL.SERVICE.ADMINISTRATOR'");
-    isValidValues(tableColumnsValue.get(4), "7", "'ALL.SERVICE.OPERATOR'");
-    isValidValues(tableColumnsValue.get(5), "1", "3");
-    isValidValues(tableColumnsValue.get(6), "1", "4");
-    isValidValues(tableColumnsValue.get(7), "1", "5");
-    isValidValues(tableColumnsValue.get(8), "1", "6");
-    isValidValues(tableColumnsValue.get(9), "1", "7");
-  }
-
-  private void isValidValues(String[] actual, String expectedFirst, String expectedSecond) {
-    Assert.assertEquals(expectedFirst, actual[0]);
-    Assert.assertEquals(expectedSecond, actual[1]);
-  }
-
-  private boolean shouldOnlyHaveValidColumns(List<String[]> tableColumns) {
-    for(String[] columns: tableColumns) {
-      if (!(("principal_type_id".equalsIgnoreCase(columns[0]) && "principal_type_name".equalsIgnoreCase(columns[1]))
-        || ("principal_id".equalsIgnoreCase(columns[0]) && "principal_type_id".equalsIgnoreCase(columns[1])))) {
-        return false;
-      }
-    }
-    return true;
   }
 
   @Test


Mime
View raw message