ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rle...@apache.org
Subject ambari git commit: Revert "AMBARI-16246. Allow roles to be treated like principals in Ambari DB (rlevas)"
Date Tue, 10 May 2016 13:34:29 GMT
Repository: ambari
Updated Branches:
  refs/heads/trunk 3332dad4d -> b788f4ab4


Revert "AMBARI-16246. Allow roles to be treated like principals in Ambari DB (rlevas)"

This reverts commit 6ea2cc1dffb9b45a4e7f43a4eb97dd8ae14b70da.


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/b788f4ab
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/b788f4ab
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/b788f4ab

Branch: refs/heads/trunk
Commit: b788f4ab4ba3e35690c748e499ad633e7169be3d
Parents: 3332dad
Author: Robert Levas <rlevas@hortonworks.com>
Authored: Tue May 10 09:33:54 2016 -0400
Committer: Robert Levas <rlevas@hortonworks.com>
Committed: Tue May 10 09:33:54 2016 -0400

----------------------------------------------------------------------
 .../ambari/server/orm/dao/PermissionDAO.java    |  10 -
 .../server/orm/entities/PermissionEntity.java   |  30 +--
 .../server/orm/entities/PrincipalEntity.java    |   2 +-
 .../orm/entities/PrincipalTypeEntity.java       |   2 +-
 .../server/upgrade/AbstractUpgradeCatalog.java  |  36 +++
 .../server/upgrade/UpgradeCatalog240.java       |  85 ++-----
 .../main/resources/Ambari-DDL-Derby-CREATE.sql  |  42 +---
 .../main/resources/Ambari-DDL-MySQL-CREATE.sql  | 208 +++++++--------
 .../main/resources/Ambari-DDL-Oracle-CREATE.sql |  42 +---
 .../resources/Ambari-DDL-Postgres-CREATE.sql    | 251 ++++++++++++-------
 .../Ambari-DDL-Postgres-EMBEDDED-CREATE.sql     | 248 +++++++++++-------
 .../resources/Ambari-DDL-SQLAnywhere-CREATE.sql |  42 +---
 .../resources/Ambari-DDL-SQLServer-CREATE.sql   |  34 +--
 .../security/authorization/TestUsers.java       |  11 -
 .../server/upgrade/UpgradeCatalog240Test.java   |  87 +++++--
 15 files changed, 583 insertions(+), 547 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/b788f4ab/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PermissionDAO.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PermissionDAO.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PermissionDAO.java
index 88d9775..5d1a04a 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PermissionDAO.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PermissionDAO.java
@@ -58,16 +58,6 @@ public class PermissionDAO {
   }
 
   /**
-   * Create or updates a permission.
-   *
-   * @param permissionEntity  entity to create or update
-   */
-  @Transactional
-  public PermissionEntity merge(PermissionEntity permissionEntity) {
-    return entityManagerProvider.get().merge(permissionEntity);
-  }
-
-  /**
    * Find a permission entity with the given id.
    *
    * @param id  type id

http://git-wip-us.apache.org/repos/asf/ambari/blob/b788f4ab/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PermissionEntity.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PermissionEntity.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PermissionEntity.java
index f091bab..43fd71b 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PermissionEntity.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PermissionEntity.java
@@ -29,7 +29,6 @@ import javax.persistence.JoinColumns;
 import javax.persistence.JoinTable;
 import javax.persistence.ManyToMany;
 import javax.persistence.ManyToOne;
-import javax.persistence.OneToOne;
 import javax.persistence.Table;
 import javax.persistence.TableGenerator;
 import java.util.Collection;
@@ -42,7 +41,7 @@ import java.util.Collection;
 @TableGenerator(name = "permission_id_generator",
     table = "ambari_sequences", pkColumnName = "sequence_name", valueColumnName = "sequence_value"
     , pkColumnValue = "permission_id_seq"
-    , initialValue = 100
+    , initialValue = 8
 )
 public class PermissionEntity {
 
@@ -86,15 +85,6 @@ public class PermissionEntity {
   @Column(name = "permission_label")
   private String permissionLabel;
 
-  /**
-   * The permission's (admin)principal reference
-   */
-  @OneToOne
-  @JoinColumns({
-      @JoinColumn(name = "principal_id", referencedColumnName = "principal_id", nullable = false),
-  })
-  private PrincipalEntity principal;
-
   @ManyToOne
   @JoinColumns({
       @JoinColumn(name = "resource_type_id", referencedColumnName = "resource_type_id", nullable = false),
@@ -178,24 +168,6 @@ public class PermissionEntity {
   }
 
   /**
-   * Get the principal entity.
-   *
-   * @return the principal entity
-   */
-  public PrincipalEntity getPrincipal() {
-    return principal;
-  }
-
-  /**
-   * Set the principal entity.
-   *
-   * @param principal  the principal entity
-   */
-  public void setPrincipal(PrincipalEntity principal) {
-    this.principal = principal;
-  }
-
-  /**
    * Get the resource type entity.
    *
    * @return  the resource type entity

http://git-wip-us.apache.org/repos/asf/ambari/blob/b788f4ab/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalEntity.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalEntity.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalEntity.java
index fc92a5f..25d8d14 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalEntity.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalEntity.java
@@ -43,7 +43,7 @@ import javax.persistence.TableGenerator;
 @TableGenerator(name = "principal_id_generator",
     table = "ambari_sequences", pkColumnName = "sequence_name", valueColumnName = "sequence_value"
     , pkColumnValue = "principal_id_seq"
-    , initialValue = 100
+    , initialValue = 2
     , allocationSize = 500
 )
 @NamedQueries({

http://git-wip-us.apache.org/repos/asf/ambari/blob/b788f4ab/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalTypeEntity.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalTypeEntity.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalTypeEntity.java
index 716d4f7..b94f1ff 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalTypeEntity.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PrincipalTypeEntity.java
@@ -28,7 +28,7 @@ import javax.persistence.*;
 @TableGenerator(name = "principal_type_id_generator",
     table = "ambari_sequences", pkColumnName = "sequence_name", valueColumnName = "sequence_value"
     , pkColumnValue = "principal_type_id_seq"
-    , initialValue = 100
+    , initialValue = 3
 )
 public class PrincipalTypeEntity {
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/b788f4ab/ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java
index 2e857ed..17f9fe1 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/AbstractUpgradeCatalog.java
@@ -155,6 +155,42 @@ public abstract class AbstractUpgradeCatalog implements UpgradeCatalog {
   }
 
   /**
+   * Get a sequence value and increment it in <code>ambariSequencesTable</code>.
+   * @param seqName name of sequence to be fetched and incremented
+   * @throws SQLException, IllegalArgumentException
+   */
+  @Transactional
+  public int getAndIncrementSequence(String seqName) throws SQLException{
+    Statement statement = null;
+    ResultSet rs = null;
+    int value = -1;
+    try {
+      statement = dbAccessor.getConnection().createStatement();
+      if (statement != null) {
+        rs = statement.executeQuery(String.format("SELECT sequence_value from %s where sequence_name='%s'", ambariSequencesTable, seqName));
+
+        if((rs != null) && rs.next()) {
+          value = rs.getInt(1);
+          dbAccessor.executeUpdate(String.format("UPDATE %s SET sequence_value = sequence_value + 1 where sequence_name='%s'", ambariSequencesTable, seqName));
+        } else {
+          LOG.error("Sequence {} not found.", seqName);
+          throw new IllegalArgumentException("Sequence " + seqName + " not found.");
+        }
+
+      }
+    } finally {
+      if (rs != null) {
+        rs.close();
+      }
+      if (statement != null) {
+        statement.close();
+      }
+    }
+
+    return value;
+  }
+
+  /**
    * Add several new sequences to <code>ambariSequencesTable</code>.
    * @param seqNames list of sequences to be inserted
    * @param seqDefaultValue initial value for the sequence

http://git-wip-us.apache.org/repos/asf/ambari/blob/b788f4ab/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
index 8c49ab4..e1688e3 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog240.java
@@ -41,8 +41,6 @@ import org.apache.ambari.server.orm.dao.AlertDefinitionDAO;
 import org.apache.ambari.server.orm.dao.ClusterDAO;
 import org.apache.ambari.server.orm.dao.PermissionDAO;
 import org.apache.ambari.server.orm.dao.PrivilegeDAO;
-import org.apache.ambari.server.orm.dao.PrincipalDAO;
-import org.apache.ambari.server.orm.dao.PrincipalTypeDAO;
 import org.apache.ambari.server.orm.dao.ResourceTypeDAO;
 import org.apache.ambari.server.orm.dao.RoleAuthorizationDAO;
 import org.apache.ambari.server.orm.dao.UserDAO;
@@ -50,7 +48,6 @@ import org.apache.ambari.server.orm.entities.AlertDefinitionEntity;
 import org.apache.ambari.server.orm.entities.ClusterEntity;
 import org.apache.ambari.server.orm.entities.PermissionEntity;
 import org.apache.ambari.server.orm.entities.PrincipalEntity;
-import org.apache.ambari.server.orm.entities.PrincipalTypeEntity;
 import org.apache.ambari.server.orm.entities.PrivilegeEntity;
 import org.apache.ambari.server.orm.entities.ResourceEntity;
 import org.apache.ambari.server.orm.entities.ResourceTypeEntity;
@@ -85,7 +82,6 @@ import com.google.inject.persist.Transactional;
 public class UpgradeCatalog240 extends AbstractUpgradeCatalog {
 
   protected static final String ADMIN_PERMISSION_TABLE = "adminpermission";
-  protected static final String PRINCIPAL_ID_COL = "principal_id";
   protected static final String ALERT_DEFINITION_TABLE = "alert_definition";
   protected static final String ALERT_TARGET_TABLE = "alert_target";
   protected static final String ALERT_TARGET_ENABLED_COLUMN = "is_enabled";
@@ -157,12 +153,6 @@ public class UpgradeCatalog240 extends AbstractUpgradeCatalog {
   @Inject
   ClusterDAO clusterDAO;
 
-  @Inject
-  PrincipalTypeDAO principalTypeDAO;
-
-  @Inject
-  PrincipalDAO principalDAO;
-
   /**
    * Logger.
    */
@@ -276,25 +266,30 @@ public class UpgradeCatalog240 extends AbstractUpgradeCatalog {
     removeStandardDeviationAlerts();
     updateClusterInheritedPermissionsConfig();
     consolidateUserRoles();
-    createRolePrincipals();
   }
 
   protected void updateClusterInheritedPermissionsConfig() throws SQLException {
-    insertClusterInheritedPrincipal("ALL.CLUSTER.ADMINISTRATOR");
-    insertClusterInheritedPrincipal("ALL.CLUSTER.OPERATOR");
-    insertClusterInheritedPrincipal("ALL.CLUSTER.USER");
-    insertClusterInheritedPrincipal("ALL.SERVICE.ADMINISTRATOR");
-    insertClusterInheritedPrincipal("ALL.SERVICE.OPERATIOR");
-  }
-
-  private void insertClusterInheritedPrincipal(String name) {
-    PrincipalTypeEntity principalTypeEntity = new PrincipalTypeEntity();
-    principalTypeEntity.setName("ALL.CLUSTER.ADMINISTRATOR");
-    principalTypeEntity = principalTypeDAO.merge(principalTypeEntity);
-
-    PrincipalEntity principalEntity = new PrincipalEntity();
-    principalEntity.setPrincipalType(principalTypeEntity);
-    principalDAO.create(principalEntity);
+    dbAccessor.insertRow(PRINCIPAL_TYPE_TABLE, new String[]{"principal_type_id", "principal_type_name"}, new String[]{"3", "'ALL.CLUSTER.ADMINISTRATOR'"}, true);
+    dbAccessor.insertRow(PRINCIPAL_TYPE_TABLE, new String[]{"principal_type_id", "principal_type_name"}, new String[]{"4", "'ALL.CLUSTER.OPERATOR'"}, true);
+    dbAccessor.insertRow(PRINCIPAL_TYPE_TABLE, new String[]{"principal_type_id", "principal_type_name"}, new String[]{"5", "'ALL.CLUSTER.USER'"}, true);
+    dbAccessor.insertRow(PRINCIPAL_TYPE_TABLE, new String[]{"principal_type_id", "principal_type_name"}, new String[]{"6", "'ALL.SERVICE.ADMINISTRATOR'"}, true);
+    dbAccessor.insertRow(PRINCIPAL_TYPE_TABLE, new String[]{"principal_type_id", "principal_type_name"}, new String[]{"7", "'ALL.SERVICE.OPERATOR'"}, true);
+    getAndIncrementSequence("principal_type_id_seq");
+    getAndIncrementSequence("principal_type_id_seq");
+    getAndIncrementSequence("principal_type_id_seq");
+    getAndIncrementSequence("principal_type_id_seq");
+    getAndIncrementSequence("principal_type_id_seq");
+
+    int nextPrincipalSeqId = getAndIncrementSequence("principal_id_seq");
+    dbAccessor.insertRow(PRINCIPAL_TABLE, new String[]{"principal_id", "principal_type_id"}, new String[]{Integer.toString(nextPrincipalSeqId), "3"}, true);
+    nextPrincipalSeqId = getAndIncrementSequence("principal_id_seq");
+    dbAccessor.insertRow(PRINCIPAL_TABLE, new String[]{"principal_id", "principal_type_id"}, new String[]{Integer.toString(nextPrincipalSeqId), "4"}, true);
+    nextPrincipalSeqId = getAndIncrementSequence("principal_id_seq");
+    dbAccessor.insertRow(PRINCIPAL_TABLE, new String[]{"principal_id", "principal_type_id"}, new String[]{Integer.toString(nextPrincipalSeqId), "5"}, true);
+    nextPrincipalSeqId = getAndIncrementSequence("principal_id_seq");
+    dbAccessor.insertRow(PRINCIPAL_TABLE, new String[]{"principal_id", "principal_type_id"}, new String[]{Integer.toString(nextPrincipalSeqId), "6"}, true);
+    nextPrincipalSeqId = getAndIncrementSequence("principal_id_seq");
+    dbAccessor.insertRow(PRINCIPAL_TABLE, new String[]{"principal_id", "principal_type_id"}, new String[]{Integer.toString(nextPrincipalSeqId), "7"}, true);
   }
 
   private void createSettingTable() throws SQLException {
@@ -1068,12 +1063,6 @@ public class UpgradeCatalog240 extends AbstractUpgradeCatalog {
     // Add the sort_order column to the adminpermission table
     dbAccessor.addColumn(ADMIN_PERMISSION_TABLE,
         new DBColumnInfo(SORT_ORDER_COL, Short.class, null, 1, false));
-
-    // Add the principal_id column to the adminpermission table
-    //   Note: This is set to nullable here, but will be altered once the column has been set
-    //         properly during the DML update phase.
-    dbAccessor.addColumn(ADMIN_PERMISSION_TABLE,
-        new DBColumnInfo(PRINCIPAL_ID_COL, Long.class, null, null, true));
   }
 
   /**
@@ -1148,38 +1137,6 @@ public class UpgradeCatalog240 extends AbstractUpgradeCatalog {
   }
 
   /**
-   * Create and update records to create the role-based principals.
-   * <p>
-   * This includes creating the new "ROLE" principal type, a principal for each role, and finally
-   * updating the princial_id column for the role.
-   */
-  void createRolePrincipals() throws SQLException {
-    // Create Role Principal Type
-    PrincipalTypeEntity rolePrincipalType = new PrincipalTypeEntity();
-    rolePrincipalType.setName("ROLE");
-
-    // creates the new record and returns an entity with the id set.
-    rolePrincipalType = principalTypeDAO.merge(rolePrincipalType);
-
-    // Get the roles (adminpermissions) and create a principal for each.... set the role's principal_id
-    // value as we go...
-    List<PermissionEntity> roleEntities = permissionDAO.findAll();
-
-    for (PermissionEntity roleEntity : roleEntities) {
-      PrincipalEntity principalEntity = new PrincipalEntity();
-      principalEntity.setPrincipalType(rolePrincipalType);
-
-      roleEntity.setPrincipal(principalDAO.merge(principalEntity));
-
-      permissionDAO.merge(roleEntity);
-    }
-
-    // Fix the adminpermission.principal_id column to be non-nullable:
-    dbAccessor.alterColumn(ADMIN_PERMISSION_TABLE,
-        new DBColumnInfo(PRINCIPAL_ID_COL, Long.class, null, null, false));
-  }
-
-  /**
    * Makes the following changes to the {@value #REPO_VERSION_TABLE} table:
    * <ul>
    * <li>repo_type VARCHAR(255) DEFAULT 'STANDARD' NOT NULL</li>

http://git-wip-us.apache.org/repos/asf/ambari/blob/b788f4ab/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql
index 415e06b..0c1c7fa 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql
@@ -633,11 +633,9 @@ CREATE TABLE adminpermission (
   permission_name VARCHAR(255) NOT NULL,
   resource_type_id INTEGER NOT NULL,
   permission_label VARCHAR(255),
-  principal_id BIGINT NOT NULL,
   sort_order SMALLINT NOT NULL DEFAULT 1,
   CONSTRAINT PK_adminpermission PRIMARY KEY (permission_id),
   CONSTRAINT FK_permission_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id),
-  CONSTRAINT FK_permission_principal_id FOREIGN KEY (principal_id) REFERENCES adminprincipal(principal_id),
   CONSTRAINT UQ_perm_name_resource_type_id UNIQUE (permission_name, resource_type_id));
 
 CREATE TABLE roleauthorization (
@@ -1030,9 +1028,9 @@ INSERT INTO ambari_sequences (sequence_name, sequence_value)
   union all
   select 'principal_type_id_seq', 8 FROM SYSIBM.SYSDUMMY1
   union all
-  select 'principal_id_seq', 13 FROM SYSIBM.SYSDUMMY1
+  select 'principal_id_seq', 7 FROM SYSIBM.SYSDUMMY1
   union all
-  select 'permission_id_seq', 7 FROM SYSIBM.SYSDUMMY1
+  select 'permission_id_seq', 5 FROM SYSIBM.SYSDUMMY1
   union all
   select 'privilege_id_seq', 1 FROM SYSIBM.SYSDUMMY1
   union all
@@ -1120,9 +1118,7 @@ INSERT INTO adminprincipaltype (principal_type_id, principal_type_name)
   UNION ALL
   SELECT 6, 'ALL.SERVICE.ADMINISTRATOR' FROM SYSIBM.SYSDUMMY1
   UNION ALL
-  SELECT 7, 'ALL.SERVICE.OPERRATOR' FROM SYSIBM.SYSDUMMY1
-  UNION ALL
-  SELECT 8, 'ROLE' FROM SYSIBM.SYSDUMMY1;
+  SELECT 7, 'ALL.SERVICE.OPERRATOR' FROM SYSIBM.SYSDUMMY1;
 
 INSERT INTO adminprincipal (principal_id, principal_type_id)
   SELECT 1, 1 FROM SYSIBM.SYSDUMMY1
@@ -1135,39 +1131,25 @@ INSERT INTO adminprincipal (principal_id, principal_type_id)
   UNION ALL
   SELECT 5, 6 FROM SYSIBM.SYSDUMMY1
   UNION ALL
-  SELECT 6, 7 FROM SYSIBM.SYSDUMMY1
-  UNION ALL
-  SELECT 7, 8 FROM SYSIBM.SYSDUMMY1
-  UNION ALL
-  SELECT 8, 8 FROM SYSIBM.SYSDUMMY1
-  UNION ALL
-  SELECT 9, 8 FROM SYSIBM.SYSDUMMY1
-  UNION ALL
-  SELECT 10, 8 FROM SYSIBM.SYSDUMMY1
-  UNION ALL
-  SELECT 11, 8 FROM SYSIBM.SYSDUMMY1
-  UNION ALL
-  SELECT 12, 8 FROM SYSIBM.SYSDUMMY1
-  UNION ALL
-  SELECT 13, 8 FROM SYSIBM.SYSDUMMY1;
+  SELECT 6, 7 FROM SYSIBM.SYSDUMMY1;
 
 INSERT INTO Users (user_id, principal_id, user_name, user_password)
   SELECT 1, 1, 'admin', '538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00' FROM SYSIBM.SYSDUMMY1;
 
-insert into adminpermission(permission_id, permission_name, resource_type_id, permission_label, principal_id, sort_order)
-  SELECT 1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator', 7, 1 FROM SYSIBM.SYSDUMMY1
+insert into adminpermission(permission_id, permission_name, resource_type_id, permission_label, sort_order)
+  SELECT 1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator', 1 FROM SYSIBM.SYSDUMMY1
   UNION ALL
-  SELECT 2, 'CLUSTER.USER', 2, 'Cluster User', 8, 6 FROM SYSIBM.SYSDUMMY1
+  SELECT 2, 'CLUSTER.USER', 2, 'Cluster User', 6 FROM SYSIBM.SYSDUMMY1
   UNION ALL
-  SELECT 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator', 9, 2 FROM SYSIBM.SYSDUMMY1
+  SELECT 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator', 2 FROM SYSIBM.SYSDUMMY1
   UNION ALL
-  SELECT 4, 'VIEW.USER', 3, 'View User', 10, 7 FROM SYSIBM.SYSDUMMY1
+  SELECT 4, 'VIEW.USER', 3, 'View User', 7 FROM SYSIBM.SYSDUMMY1
   UNION ALL
-  SELECT 5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator', 11, 3 FROM SYSIBM.SYSDUMMY1
+  SELECT 5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator', 3 FROM SYSIBM.SYSDUMMY1
   UNION ALL
-  SELECT 6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator', 12, 4 FROM SYSIBM.SYSDUMMY1
+  SELECT 6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator', 4 FROM SYSIBM.SYSDUMMY1
   UNION ALL
-  SELECT 7, 'SERVICE.OPERATOR', 2, 'Service Operator', 13, 5 FROM SYSIBM.SYSDUMMY1;
+  SELECT 7, 'SERVICE.OPERATOR', 2, 'Service Operator', 5 FROM SYSIBM.SYSDUMMY1;
 
 INSERT INTO roleauthorization(authorization_id, authorization_name)
   SELECT 'VIEW.USE', 'Use View' FROM SYSIBM.SYSDUMMY1 UNION ALL

http://git-wip-us.apache.org/repos/asf/ambari/blob/b788f4ab/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql
index 953ed3d..06e1577 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql
@@ -640,11 +640,9 @@ CREATE TABLE adminpermission (
   permission_name VARCHAR(255) NOT NULL,
   resource_type_id INTEGER NOT NULL,
   permission_label VARCHAR(255),
-  principal_id BIGINT NOT NULL,
   sort_order SMALLINT NOT NULL DEFAULT 1,
   CONSTRAINT PK_adminpermission PRIMARY KEY (permission_id),
   CONSTRAINT FK_permission_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id),
-  CONSTRAINT FK_permission_principal_id FOREIGN KEY (principal_id) REFERENCES adminprincipal(principal_id),
   CONSTRAINT UQ_perm_name_resource_type_id UNIQUE (permission_name, resource_type_id));
 
 CREATE TABLE roleauthorization (
@@ -1005,100 +1003,110 @@ CREATE INDEX idx_alert_group_name on alert_group(group_name);
 CREATE INDEX idx_alert_notice_state on alert_notice(notify_state);
 
 -- In order for the first ID to be 1, must initialize the ambari_sequences table with a sequence_value of 0.
-INSERT INTO ambari_sequences(sequence_name, sequence_value) VALUES 
-  ('cluster_id_seq', 1),
-  ('host_id_seq', 0),
-  ('host_role_command_id_seq', 1),
-  ('user_id_seq', 2),
-  ('group_id_seq', 1),
-  ('member_id_seq', 1),
-  ('configgroup_id_seq', 1),
-  ('requestschedule_id_seq', 1),
-  ('resourcefilter_id_seq', 1),
-  ('viewentity_id_seq', 0),
-  ('operation_level_id_seq', 1),
-  ('view_instance_id_seq', 1),
-  ('resource_type_id_seq', 4),
-  ('resource_id_seq', 2),
-  ('principal_type_id_seq', 8),
-  ('principal_id_seq', 13),
-  ('permission_id_seq', 7),
-  ('privilege_id_seq', 1),
-  ('config_id_seq', 1),
-  ('cluster_version_id_seq', 0),
-  ('host_version_id_seq', 0),
-  ('service_config_id_seq', 1),
-  ('alert_definition_id_seq', 0),
-  ('alert_group_id_seq', 0),
-  ('alert_target_id_seq', 0),
-  ('alert_history_id_seq', 0),
-  ('alert_notice_id_seq', 0),
-  ('alert_current_id_seq', 0),
-  ('repo_version_id_seq', 0),
-  ('upgrade_id_seq', 0),
-  ('upgrade_group_id_seq', 0),
-  ('upgrade_item_id_seq', 0),
-  ('stack_id_seq', 0),
-  ('widget_id_seq', 0),
-  ('widget_layout_id_seq', 0),
-  ('topology_host_info_id_seq', 0),
-  ('topology_host_request_id_seq', 0),
-  ('topology_host_task_id_seq', 0),
-  ('topology_logical_request_id_seq', 0),
-  ('topology_logical_task_id_seq', 0),
-  ('topology_request_id_seq', 0),
-  ('topology_host_group_id_seq', 0),
-  ('setting_id_seq', 0),
-  ('hostcomponentstate_id_seq', 0),
-  ('servicecomponentdesiredstate_id_seq', 0),
-  ('servicecomponent_history_id_seq', 0),
-  ('blueprint_setting_id_seq', 0),
-  ('ambari_operation_history_id_seq', 0);
-
-INSERT INTO adminresourcetype (resource_type_id, resource_type_name) VALUES
-  (1, 'AMBARI'),
-  (2, 'CLUSTER'),
-  (3, 'VIEW');
-
-INSERT INTO adminresource (resource_id, resource_type_id) VALUES
-  (1, 1);
-
-INSERT INTO adminprincipaltype (principal_type_id, principal_type_name) VALUES
-  (1, 'USER'),
-  (2, 'GROUP'),
-  (3, 'ALL.CLUSTER.ADMINISTRATOR'),
-  (4, 'ALL.CLUSTER.OPERATOR'),
-  (5, 'ALL.CLUSTER.USER'),
-  (6, 'ALL.SERVICE.ADMINISTRATOR'),
-  (7, 'ALL.SERVICE.OPERATOR'),
-  (8, 'ROLE');
-
-INSERT INTO adminprincipal (principal_id, principal_type_id) VALUES
-  (1, 1),
-  (2, 3),
-  (3, 4),
-  (4, 5),
-  (5, 6),
-  (6, 7),
-  (7, 8),
-  (8, 8),
-  (9, 8),
-  (10, 8),
-  (11, 8),
-  (12, 8),
-  (13, 8);
-
-INSERT INTO users(user_id, principal_id, user_name, user_password)
-  SELECT 1, 1, 'admin','538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00';
-
-INSERT INTO adminpermission(permission_id, permission_name, resource_type_id, permission_label, principal_id, sort_order)
-  SELECT 1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator', 7, 1 UNION ALL
-  SELECT 2, 'CLUSTER.USER', 2, 'Cluster User', 8, 6 UNION ALL
-  SELECT 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator', 9, 2 UNION ALL
-  SELECT 4, 'VIEW.USER', 3, 'View User', 10, 7 UNION ALL
-  SELECT 5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator', 11, 3 UNION ALL
-  SELECT 6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator', 12, 4 UNION ALL
-  SELECT 7, 'SERVICE.OPERATOR', 2, 'Service Operator', 13, 5;
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('cluster_id_seq', 1);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('host_id_seq', 0);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('host_role_command_id_seq', 1);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('user_id_seq', 2);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('group_id_seq', 1);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('member_id_seq', 1);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('configgroup_id_seq', 1);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('requestschedule_id_seq', 1);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('resourcefilter_id_seq', 1);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('viewentity_id_seq', 0);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('operation_level_id_seq', 1);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('view_instance_id_seq', 1);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('resource_type_id_seq', 4);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('resource_id_seq', 2);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('principal_type_id_seq', 8);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('principal_id_seq', 7);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('permission_id_seq', 5);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('privilege_id_seq', 1);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('config_id_seq', 1);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('cluster_version_id_seq', 0);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('host_version_id_seq', 0);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('service_config_id_seq', 1);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('alert_definition_id_seq', 0);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('alert_group_id_seq', 0);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('alert_target_id_seq', 0);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('alert_history_id_seq', 0);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('alert_notice_id_seq', 0);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('alert_current_id_seq', 0);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('repo_version_id_seq', 0);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('upgrade_id_seq', 0);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('upgrade_group_id_seq', 0);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('upgrade_item_id_seq', 0);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('stack_id_seq', 0);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('widget_id_seq', 0);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('widget_layout_id_seq', 0);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('topology_host_info_id_seq', 0);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('topology_host_request_id_seq', 0);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('topology_host_task_id_seq', 0);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('topology_logical_request_id_seq', 0);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('topology_logical_task_id_seq', 0);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('topology_request_id_seq', 0);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('topology_host_group_id_seq', 0);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('setting_id_seq', 0);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('hostcomponentstate_id_seq', 0);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('servicecomponentdesiredstate_id_seq', 0);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('servicecomponent_history_id_seq', 0);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('blueprint_setting_id_seq', 0);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('ambari_operation_history_id_seq', 0);
+
+insert into adminresourcetype (resource_type_id, resource_type_name)
+  select 1, 'AMBARI'
+  union all
+  select 2, 'CLUSTER'
+  union all
+  select 3, 'VIEW';
+
+insert into adminresource (resource_id, resource_type_id)
+  select 1, 1;
+
+insert into adminprincipaltype (principal_type_id, principal_type_name)
+  select 1, 'USER'
+  union all
+  select 2, 'GROUP'
+  union all
+  select 3, 'ALL.CLUSTER.ADMINISTRATOR'
+  union all
+  select 4, 'ALL.CLUSTER.OPERATOR'
+  union all
+  select 5, 'ALL.CLUSTER.USER'
+  union all
+  select 6, 'ALL.SERVICE.ADMINISTRATOR'
+  union all
+  select 7, 'ALL.SERVICE.OPERATOR';
+
+insert into adminprincipal (principal_id, principal_type_id)
+  select 1, 1
+  union all
+  select 2, 3
+  union all
+  select 3, 4
+  union all
+  select 4, 5
+  union all
+  select 5, 6
+  union all
+  select 6, 7;
+
+insert into users(user_id, principal_id, user_name, user_password)
+  select 1, 1, 'admin','538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00';
+
+insert into adminpermission(permission_id, permission_name, resource_type_id, permission_label, sort_order)
+  select 1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator', 1
+  union all
+  select 2, 'CLUSTER.USER', 2, 'Cluster User', 6
+  union all
+  select 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator', 2
+  union all
+  select 4, 'VIEW.USER', 3, 'View User', 7
+  union all
+select 5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator', 3
+  union all
+  select 6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator', 4
+  union all
+  select 7, 'SERVICE.OPERATOR', 2, 'Service Operator', 5;
 
 INSERT INTO roleauthorization(authorization_id, authorization_name)
   SELECT 'VIEW.USE', 'Use View' UNION ALL
@@ -1342,11 +1350,11 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id)
   SELECT permission_id, 'AMBARI.MANAGE_STACK_VERSIONS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'AMBARI.EDIT_STACK_REPOS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR';
 
-INSERT INTO adminprivilege (privilege_id, permission_id, resource_id, principal_id) VALUES
-  (1, 1, 1, 1);
+insert into adminprivilege (privilege_id, permission_id, resource_id, principal_id)
+  select 1, 1, 1, 1;
 
-INSERT INTO metainfo(`metainfo_key`, `metainfo_value`) VALUES
-  ('version','${ambariSchemaVersion}');
+insert into metainfo(`metainfo_key`, `metainfo_value`)
+  select 'version','${ambariSchemaVersion}';
 
 -- Quartz tables
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/b788f4ab/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql
index cd88e8b..6b487d9 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql
@@ -630,11 +630,9 @@ CREATE TABLE adminpermission (
   permission_name VARCHAR(255) NOT NULL,
   resource_type_id NUMBER(10) NOT NULL,
   permission_label VARCHAR(255),
-  principal_id NUMBER(19) NOT NULL,
   sort_order SMALLINT DEFAULT 1 NOT NULL,
   CONSTRAINT PK_adminpermission PRIMARY KEY (permission_id),
   CONSTRAINT FK_permission_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id),
-  CONSTRAINT FK_permission_principal_id FOREIGN KEY (principal_id) REFERENCES adminprincipal(principal_id),
   CONSTRAINT UQ_perm_name_resource_type_id UNIQUE (permission_name, resource_type_id));
 
 CREATE TABLE roleauthorization (
@@ -1011,8 +1009,8 @@ INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('view_instan
 INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('resource_type_id_seq', 4);
 INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('resource_id_seq', 2);
 INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('principal_type_id_seq', 8);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('principal_id_seq', 13);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('permission_id_seq', 7);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('principal_id_seq', 7);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('permission_id_seq', 5);
 INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('privilege_id_seq', 1);
 INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('config_id_seq', 1);
 INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('cluster_version_id_seq', 0);
@@ -1070,9 +1068,7 @@ insert into adminprincipaltype (principal_type_id, principal_type_name)
   union all
   select 6, 'ALL.SERVICE.ADMINISTRATOR' from dual
   union all
-  select 7, 'ALL.SERVICE.OPERATOR' from dual
-  union all
-  select 8, 'ROLE' from dual;
+  select 7, 'ALL.SERVICE.OPERATOR' from dual;
 
 insert into adminprincipal (principal_id, principal_type_id)
   select 1, 1 from dual
@@ -1085,39 +1081,25 @@ insert into adminprincipal (principal_id, principal_type_id)
   union all
   select 5, 6 from dual
   union all
-  select 6, 7 from dual
-  union all
-  select 7, 8 from dual
-  union all
-  select 8, 8 from dual
-  union all
-  select 9, 8 from dual
-  union all
-  select 10, 8 from dual
-  union all
-  select 11, 8 from dual
-  union all
-  select 12, 8 from dual
-  union all
-  select 13, 8 from dual;
+  select 6, 7 from dual;
 
 insert into users(user_id, principal_id, user_name, user_password)
 select 1,1,'admin','538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00' from dual;
 
-insert into adminpermission(permission_id, permission_name, resource_type_id, permission_label, principal_id, sort_order)
-  select 1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator', 7, 1 from dual
+insert into adminpermission(permission_id, permission_name, resource_type_id, permission_label, sort_order)
+  select 1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator', 1 from dual
   union all
-  select 2, 'CLUSTER.USER', 2, 'Cluster User', 8, 6 from dual
+  select 2, 'CLUSTER.USER', 2, 'Cluster User', 6 from dual
   union all
-  select 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator', 9, 2 from dual
+  select 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator', 2 from dual
   union all
-  select 4, 'VIEW.USER', 3, 'View User', 10, 7 from dual
+  select 4, 'VIEW.USER', 3, 'View User', 7 from dual
   union all
-  select 5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator', 11, 3 from dual
+  select 5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator', 3 from dual
   union all
-  select 6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator', 12, 4 from dual
+  select 6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator', 4 from dual
   union all
-  select 7, 'SERVICE.OPERATOR', 2, 'Service Operator', 13, 5 from dual;
+  select 7, 'SERVICE.OPERATOR', 2, 'Service Operator', 5 from dual;
 
 INSERT INTO roleauthorization(authorization_id, authorization_name)
   SELECT 'VIEW.USE', 'Use View' FROM dual UNION ALL

http://git-wip-us.apache.org/repos/asf/ambari/blob/b788f4ab/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql
index e11231c..5cf3fea 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql
@@ -633,11 +633,9 @@ CREATE TABLE adminpermission (
   permission_name VARCHAR(255) NOT NULL,
   resource_type_id INTEGER NOT NULL,
   permission_label VARCHAR(255),
-  principal_id BIGINT NOT NULL,
   sort_order SMALLINT NOT NULL DEFAULT 1,
   CONSTRAINT PK_adminpermission PRIMARY KEY (permission_id),
   CONSTRAINT FK_permission_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id),
-  CONSTRAINT FK_permission_principal_id FOREIGN KEY (principal_id) REFERENCES adminprincipal(principal_id),
   CONSTRAINT UQ_perm_name_resource_type_id UNIQUE (permission_name, resource_type_id));
 
 CREATE TABLE roleauthorization (
@@ -996,100 +994,159 @@ CREATE INDEX idx_alert_notice_state on alert_notice(notify_state);
 ---------inserting some data-----------
 -- In order for the first ID to be 1, must initialize the ambari_sequences table with a sequence_value of 0.
 BEGIN;
-INSERT INTO ambari_sequences (sequence_name, sequence_value) VALUES
-  ('cluster_id_seq', 1),
-  ('host_id_seq', 0),
-  ('user_id_seq', 2),
-  ('group_id_seq', 1),
-  ('member_id_seq', 1),
-  ('host_role_command_id_seq', 1),
-  ('configgroup_id_seq', 1),
-  ('requestschedule_id_seq', 1),
-  ('resourcefilter_id_seq', 1),
-  ('viewentity_id_seq', 0),
-  ('operation_level_id_seq', 1),
-  ('view_instance_id_seq', 1),
-  ('resource_type_id_seq', 4),
-  ('resource_id_seq', 2),
-  ('principal_type_id_seq', 8),
-  ('principal_id_seq', 13),
-  ('permission_id_seq', 7),
-  ('privilege_id_seq', 1),
-  ('alert_definition_id_seq', 0),
-  ('alert_group_id_seq', 0),
-  ('alert_target_id_seq', 0),
-  ('alert_history_id_seq', 0),
-  ('alert_notice_id_seq', 0),
-  ('alert_current_id_seq', 0),
-  ('config_id_seq', 1),
-  ('repo_version_id_seq', 0),
-  ('cluster_version_id_seq', 0),
-  ('host_version_id_seq', 0),
-  ('service_config_id_seq', 1),
-  ('upgrade_id_seq', 0),
-  ('upgrade_group_id_seq', 0),
-  ('widget_id_seq', 0),
-  ('widget_layout_id_seq', 0),
-  ('upgrade_item_id_seq', 0),
-  ('stack_id_seq', 0),
-  ('topology_host_info_id_seq', 0),
-  ('topology_host_request_id_seq', 0),
-  ('topology_host_task_id_seq', 0),
-  ('topology_logical_request_id_seq', 0),
-  ('topology_logical_task_id_seq', 0),
-  ('topology_request_id_seq', 0),
-  ('topology_host_group_id_seq', 0),
-  ('setting_id_seq', 0),
-  ('hostcomponentstate_id_seq', 0),
-  ('servicecomponentdesiredstate_id_seq', 0),
-  ('servicecomponent_history_id_seq', 0),
-  ('blueprint_setting_id_seq', 0),
-  ('ambari_operation_history_id_seq', 0);
-
-INSERT INTO adminresourcetype (resource_type_id, resource_type_name) VALUES
-  (1, 'AMBARI'),
-  (2, 'CLUSTER'),
-  (3, 'VIEW');
-
-INSERT INTO adminresource (resource_id, resource_type_id) VALUES
-  (1, 1);
-
-INSERT INTO adminprincipaltype (principal_type_id, principal_type_name) VALUES
-  (1, 'USER'),
-  (2, 'GROUP'),
-  (3, 'ALL.CLUSTER.ADMINISTRATOR'),
-  (4, 'ALL.CLUSTER.OPERATOR'),
-  (5, 'ALL.CLUSTER.USER'),
-  (6, 'ALL.SERVICE.ADMINISTRATOR'),
-  (7, 'ALL.SERVICE.OPERATOR'),
-  (8, 'ROLE');
-
-INSERT INTO adminprincipal (principal_id, principal_type_id) VALUES
-  (1, 1),
-  (2, 3),
-  (3, 4),
-  (4, 5),
-  (5, 6),
-  (6, 7),
-  (7, 8),
-  (8, 8),
-  (9, 8),
-  (10, 8),
-  (11, 8),
-  (12, 8),
-  (13, 8);
+INSERT INTO ambari_sequences (sequence_name, sequence_value)
+  SELECT 'cluster_id_seq', 1
+  UNION ALL
+  SELECT 'host_id_seq', 0
+  UNION ALL
+  SELECT 'user_id_seq', 2
+  UNION ALL
+  SELECT 'group_id_seq', 1
+  UNION ALL
+  SELECT 'member_id_seq', 1
+  UNION ALL
+  SELECT 'host_role_command_id_seq', 1
+  union all
+  select 'configgroup_id_seq', 1
+  union all
+  select 'requestschedule_id_seq', 1
+  union all
+  select 'resourcefilter_id_seq', 1
+  union all
+  select 'viewentity_id_seq', 0
+  union all
+  select 'operation_level_id_seq', 1
+  union all
+  select 'view_instance_id_seq', 1
+  union all
+  select 'resource_type_id_seq', 4
+  union all
+  select 'resource_id_seq', 2
+  union all
+  select 'principal_type_id_seq', 8
+  union all
+  select 'principal_id_seq', 7
+  union all
+  select 'permission_id_seq', 5
+  union all
+  select 'privilege_id_seq', 1
+  union all
+  select 'alert_definition_id_seq', 0
+  union all
+  select 'alert_group_id_seq', 0
+  union all
+  select 'alert_target_id_seq', 0
+  union all
+  select 'alert_history_id_seq', 0
+  union all
+  select 'alert_notice_id_seq', 0
+  union all
+  select 'alert_current_id_seq', 0
+  union all
+  select 'config_id_seq', 1
+  union all
+  select 'repo_version_id_seq', 0
+  union all
+  select 'cluster_version_id_seq', 0
+  union all
+  select 'host_version_id_seq', 0
+  union all
+  select 'service_config_id_seq', 1
+  union all
+  select 'upgrade_id_seq', 0
+  union all
+  select 'upgrade_group_id_seq', 0
+  union all
+  select 'widget_id_seq', 0
+  union all
+  select 'widget_layout_id_seq', 0
+  union all
+  select 'upgrade_item_id_seq', 0
+  union all
+  select 'stack_id_seq', 0
+  union all
+  select 'topology_host_info_id_seq', 0
+  union all
+  select 'topology_host_request_id_seq', 0
+  union all
+  select 'topology_host_task_id_seq', 0
+  union all
+  select 'topology_logical_request_id_seq', 0
+  union all
+  select 'topology_logical_task_id_seq', 0
+  union all
+  select 'topology_request_id_seq', 0
+  union all
+  select 'topology_host_group_id_seq', 0
+  union all
+  select 'setting_id_seq', 0
+  union all
+  select 'hostcomponentstate_id_seq', 0
+  union all
+  select 'servicecomponentdesiredstate_id_seq', 0
+  union all
+  select 'servicecomponent_history_id_seq', 0
+  union all
+  select 'blueprint_setting_id_seq', 0
+  union all
+  select 'ambari_operation_history_id_seq', 0;
+
+
+INSERT INTO adminresourcetype (resource_type_id, resource_type_name)
+  SELECT 1, 'AMBARI'
+  UNION ALL
+  SELECT 2, 'CLUSTER'
+  UNION ALL
+  SELECT 3, 'VIEW';
+
+INSERT INTO adminresource (resource_id, resource_type_id)
+  SELECT 1, 1;
+
+INSERT INTO adminprincipaltype (principal_type_id, principal_type_name)
+  SELECT 1, 'USER'
+  UNION ALL
+  SELECT 2, 'GROUP'
+  UNION ALL
+  SELECT 3, 'ALL.CLUSTER.ADMINISTRATOR'
+  UNION ALL
+  SELECT 4, 'ALL.CLUSTER.OPERATOR'
+  UNION ALL
+  SELECT 5, 'ALL.CLUSTER.USER'
+  UNION ALL
+  SELECT 6, 'ALL.SERVICE.ADMINISTRATOR'
+  UNION ALL
+  SELECT 7, 'ALL.SERVICE.OPERATOR';
+
+INSERT INTO adminprincipal (principal_id, principal_type_id)
+  SELECT 1, 1
+  UNION ALL
+  SELECT 2, 3
+  UNION ALL
+  SELECT 3, 4
+  UNION ALL
+  SELECT 4, 5
+  UNION ALL
+  SELECT 5, 6
+  UNION ALL
+  SELECT 6, 7;
 
 INSERT INTO Users (user_id, principal_id, user_name, user_password)
   SELECT 1, 1, 'admin', '538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00';
 
-INSERT INTO adminpermission(permission_id, permission_name, resource_type_id, permission_label, principal_id, sort_order)
-  SELECT 1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator', 7, 1 UNION ALL
-  SELECT 2, 'CLUSTER.USER', 2, 'Cluster User', 8, 6 UNION ALL
-  SELECT 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator', 9, 2 UNION ALL
-  SELECT 4, 'VIEW.USER', 3, 'View User', 10, 7 UNION ALL
-  SELECT 5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator', 11, 3 UNION ALL
-  SELECT 6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator', 12, 4 UNION ALL
-  SELECT 7, 'SERVICE.OPERATOR', 2, 'Service Operator', 13, 5;
+insert into adminpermission(permission_id, permission_name, resource_type_id, permission_label, sort_order)
+  SELECT 1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator', 1
+  UNION ALL
+  SELECT 2, 'CLUSTER.USER', 2, 'Cluster User', 6
+  UNION ALL
+  SELECT 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator', 2
+  UNION ALL
+  SELECT 4, 'VIEW.USER', 3, 'View User', 7
+  UNION ALL
+  SELECT 5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator', 3
+  UNION ALL
+  SELECT 6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator', 4
+  UNION ALL
+  SELECT 7, 'SERVICE.OPERATOR', 2, 'Service Operator', 5;
 
 INSERT INTO roleauthorization(authorization_id, authorization_name)
   SELECT 'VIEW.USE', 'Use View' UNION ALL
@@ -1321,7 +1378,7 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id)
   SELECT permission_id, 'CLUSTER.TOGGLE_ALERTS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'CLUSTER.TOGGLE_KERBEROS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'CLUSTER.UPGRADE_DOWNGRADE_STACK' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
-  SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
+   SELECT permission_id, 'CLUSTER.MANAGE_USER_PERSISTED_DATA' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'AMBARI.ADD_DELETE_CLUSTERS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'AMBARI.SET_SERVICE_USERS_GROUPS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'AMBARI.RENAME_CLUSTER' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
@@ -1333,11 +1390,11 @@ INSERT INTO permission_roleauthorization(permission_id, authorization_id)
   SELECT permission_id, 'AMBARI.MANAGE_STACK_VERSIONS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR' UNION ALL
   SELECT permission_id, 'AMBARI.EDIT_STACK_REPOS' FROM adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR';
 
-INSERT INTO adminprivilege (privilege_id, permission_id, resource_id, principal_id) VALUES
-  (1, 1, 1, 1);
+INSERT INTO adminprivilege (privilege_id, permission_id, resource_id, principal_id)
+  SELECT 1, 1, 1, 1;
 
-INSERT INTO metainfo(`metainfo_key`, `metainfo_value`) VALUES
-('version','${ambariSchemaVersion}');
+INSERT INTO metainfo (metainfo_key, metainfo_value)
+  SELECT 'version', '${ambariSchemaVersion}';
 COMMIT;
 
 -- Quartz tables

http://git-wip-us.apache.org/repos/asf/ambari/blob/b788f4ab/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql
index 566da84..5146bf3 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql
@@ -742,11 +742,9 @@ CREATE TABLE ambari.adminpermission (
   permission_name VARCHAR(255) NOT NULL,
   resource_type_id INTEGER NOT NULL,
   permission_label VARCHAR(255),
-  principal_id BIGINT NOT NULL,
   sort_order SMALLINT NOT NULL DEFAULT 1,
   CONSTRAINT PK_adminpermission PRIMARY KEY (permission_id),
   CONSTRAINT FK_permission_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES ambari.adminresourcetype(resource_type_id),
-  CONSTRAINT FK_permission_principal_id FOREIGN KEY (principal_id) REFERENCES ambari.adminprincipal(principal_id),
   CONSTRAINT UQ_perm_name_resource_type_id UNIQUE (permission_name, resource_type_id));
 
 CREATE TABLE ambari.roleauthorization (
@@ -1154,100 +1152,158 @@ CREATE INDEX idx_alert_notice_state on ambari.alert_notice(notify_state);
 ---------inserting some data-----------
 -- In order for the first ID to be 1, must initialize the ambari_sequences table with a sequence_value of 0.
 BEGIN;
-INSERT INTO ambari.ambari_sequences (sequence_name, sequence_value) VALUES
-  ('cluster_id_seq', 1),
-  ('host_id_seq', 0),
-  ('user_id_seq', 2),
-  ('group_id_seq', 1),
-  ('member_id_seq', 1),
-  ('host_role_command_id_seq', 1),
-  ('configgroup_id_seq', 1),
-  ('requestschedule_id_seq', 1),
-  ('resourcefilter_id_seq', 1),
-  ('viewentity_id_seq', 0),
-  ('operation_level_id_seq', 1),
-  ('view_instance_id_seq', 1),
-  ('resource_type_id_seq', 4),
-  ('resource_id_seq', 2),
-  ('principal_type_id_seq', 8),
-  ('principal_id_seq', 13),
-  ('permission_id_seq', 7),
-  ('privilege_id_seq', 1),
-  ('alert_definition_id_seq', 0),
-  ('alert_group_id_seq', 0),
-  ('alert_target_id_seq', 0),
-  ('alert_history_id_seq', 0),
-  ('alert_notice_id_seq', 0),
-  ('alert_current_id_seq', 0),
-  ('config_id_seq', 1),
-  ('repo_version_id_seq', 0),
-  ('cluster_version_id_seq', 0),
-  ('host_version_id_seq', 0),
-  ('service_config_id_seq', 1),
-  ('upgrade_id_seq', 0),
-  ('upgrade_group_id_seq', 0),
-  ('widget_id_seq', 0),
-  ('widget_layout_id_seq', 0),
-  ('upgrade_item_id_seq', 0),
-  ('stack_id_seq', 0),
-  ('topology_host_info_id_seq', 0),
-  ('topology_host_request_id_seq', 0),
-  ('topology_host_task_id_seq', 0),
-  ('topology_logical_request_id_seq', 0),
-  ('topology_logical_task_id_seq', 0),
-  ('topology_request_id_seq', 0),
-  ('topology_host_group_id_seq', 0),
-  ('setting_id_seq', 0),
-  ('hostcomponentstate_id_seq', 0),
-  ('servicecomponentdesiredstate_id_seq', 0),
-  ('servicecomponent_history_id_seq', 0),
-  ('blueprint_setting_id_seq', 0),
-  ('ambari_operation_history_id_seq', 0);
-
-INSERT INTO ambari.adminresourcetype (resource_type_id, resource_type_name) VALUES
-  (1, 'AMBARI'),
-  (2, 'CLUSTER'),
-  (3, 'VIEW');
-
-INSERT INTO ambari.adminresource (resource_id, resource_type_id) VALUES
-  (1, 1);
-
-INSERT INTO ambari.adminprincipaltype (principal_type_id, principal_type_name) VALUES
-  (1, 'USER'),
-  (2, 'GROUP'),
-  (3, 'ALL.CLUSTER.ADMINISTRATOR'),
-  (4, 'ALL.CLUSTER.OPERATOR'),
-  (5, 'ALL.CLUSTER.USER'),
-  (6, 'ALL.SERVICE.ADMINISTRATOR'),
-  (7, 'ALL.SERVICE.OPERATOR'),
-  (8, 'ROLE');
-
-INSERT INTO ambari.adminprincipal (principal_id, principal_type_id) VALUES
-  (1, 1),
-  (2, 3),
-  (3, 4),
-  (4, 5),
-  (5, 6),
-  (6, 7),
-  (7, 8),
-  (8, 8),
-  (9, 8),
-  (10, 8),
-  (11, 8),
-  (12, 8),
-  (13, 8);
+INSERT INTO ambari.ambari_sequences (sequence_name, sequence_value)
+  SELECT 'cluster_id_seq', 1
+  UNION ALL
+  SELECT 'host_id_seq', 0
+  UNION ALL
+  SELECT 'user_id_seq', 2
+  UNION ALL
+  SELECT 'group_id_seq', 1
+  UNION ALL
+  SELECT 'member_id_seq', 1
+  UNION ALL
+  SELECT 'host_role_command_id_seq', 1
+  union all
+  select 'configgroup_id_seq', 1
+  union all
+  select 'requestschedule_id_seq', 1
+  union all
+  select 'resourcefilter_id_seq', 1
+  union all
+  select 'viewentity_id_seq', 0
+  union all
+  select 'operation_level_id_seq', 1
+  union all
+  select 'view_instance_id_seq', 1
+  union all
+  select 'resource_type_id_seq', 4
+  union all
+  select 'resource_id_seq', 2
+  union all
+  select 'principal_type_id_seq', 8
+  union all
+  select 'principal_id_seq', 7
+  union all
+  select 'permission_id_seq', 5
+  union all
+  select 'privilege_id_seq', 1
+  union all
+  select 'alert_definition_id_seq', 0
+  union all
+  select 'alert_group_id_seq', 0
+  union all
+  select 'alert_target_id_seq', 0
+  union all
+  select 'alert_history_id_seq', 0
+  union all
+  select 'alert_notice_id_seq', 0
+  union all
+  select 'alert_current_id_seq', 0
+  union all
+  select 'config_id_seq', 1
+  union all
+  select 'repo_version_id_seq', 0
+  union all
+  select 'cluster_version_id_seq', 0
+  union all
+  select 'host_version_id_seq', 0
+  union all
+  select 'service_config_id_seq', 1
+  union all
+  select 'upgrade_id_seq', 0
+  union all
+  select 'upgrade_group_id_seq', 0
+  union all
+  select 'widget_id_seq', 0
+  union all
+  select 'widget_layout_id_seq', 0
+  union all
+  select 'upgrade_item_id_seq', 0
+  union all
+  select 'stack_id_seq', 0
+  union all
+  select 'topology_host_info_id_seq', 0
+  union all
+  select 'topology_host_request_id_seq', 0
+  union all
+  select 'topology_host_task_id_seq', 0
+  union all
+  select 'topology_logical_request_id_seq', 0
+  union all
+  select 'topology_logical_task_id_seq', 0
+  union all
+  select 'topology_request_id_seq', 0
+  union all
+  select 'topology_host_group_id_seq', 0
+  union all
+  select 'setting_id_seq', 0
+  union all
+  select 'hostcomponentstate_id_seq', 0
+  union all
+  select 'servicecomponentdesiredstate_id_seq', 0
+  union all
+  select 'servicecomponent_history_id_seq', 0
+  union all
+  select 'blueprint_setting_id_seq', 0
+  union all
+  select 'ambari_operation_history_id_seq', 0;
+
+INSERT INTO ambari.adminresourcetype (resource_type_id, resource_type_name)
+  SELECT 1, 'AMBARI'
+  UNION ALL
+  SELECT 2, 'CLUSTER'
+  UNION ALL
+  SELECT 3, 'VIEW';
+
+INSERT INTO ambari.adminresource (resource_id, resource_type_id)
+  SELECT 1, 1;
+
+INSERT INTO ambari.adminprincipaltype (principal_type_id, principal_type_name)
+  SELECT 1, 'USER'
+  UNION ALL
+  SELECT 2, 'GROUP'
+  UNION ALL
+  SELECT 3, 'ALL.CLUSTER.ADMINISTRATOR'
+  UNION ALL
+  SELECT 4, 'ALL.CLUSTER.OPERATOR'
+  UNION ALL
+  SELECT 5, 'ALL.CLUSTER.USER'
+  UNION ALL
+  SELECT 6, 'ALL.SERVICE.ADMINISTRATOR'
+  UNION ALL
+  SELECT 7, 'ALL.SERVICE.OPERATOR';
+
+INSERT INTO ambari.adminprincipal (principal_id, principal_type_id)
+  SELECT 1, 1
+  UNION ALL
+  SELECT 2, 3
+  UNION ALL
+  SELECT 3, 4
+  UNION ALL
+  SELECT 4, 5
+  UNION ALL
+  SELECT 5, 6
+  UNION ALL
+  SELECT 6, 7;
 
 INSERT INTO ambari.Users (user_id, principal_id, user_name, user_password)
   SELECT 1, 1, 'admin', '538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00';
 
-INSERT INTO ambari.adminpermission(permission_id, permission_name, resource_type_id, permission_label, principal_id, sort_order)
-  SELECT 1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator', 7, 1 UNION ALL
-  SELECT 2, 'CLUSTER.USER', 2, 'Cluster User', 8, 6 UNION ALL
-  SELECT 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator', 9, 2 UNION ALL
-  SELECT 4, 'VIEW.USER', 3, 'View User', 10, 7 UNION ALL
-  SELECT 5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator', 11, 3 UNION ALL
-  SELECT 6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator', 12, 4 UNION ALL
-  SELECT 7, 'SERVICE.OPERATOR', 2, 'Service Operator', 13, 5;
+insert into ambari.adminpermission(permission_id, permission_name, resource_type_id, permission_label, sort_order)
+  SELECT 1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator', 1
+  UNION ALL
+  SELECT 2, 'CLUSTER.USER', 2, 'Cluster User', 6
+  UNION ALL
+  SELECT 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator', 2
+  UNION ALL
+  SELECT 4, 'VIEW.USER', 3, 'View User', 7
+  UNION ALL
+  SELECT 5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator', 3
+  UNION ALL
+  SELECT 6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator', 4
+  UNION ALL
+  SELECT 7, 'SERVICE.OPERATOR', 2, 'Service Operator', 5;
 
 INSERT INTO ambari.roleauthorization(authorization_id, authorization_name)
   SELECT 'VIEW.USE', 'Use View' UNION ALL
@@ -1492,11 +1548,11 @@ INSERT INTO ambari.permission_roleauthorization(permission_id, authorization_id)
   SELECT permission_id, 'AMBARI.EDIT_STACK_REPOS' FROM ambari.adminpermission WHERE permission_name='AMBARI.ADMINISTRATOR';
 
 
-INSERT INTO ambari.adminprivilege (privilege_id, permission_id, resource_id, principal_id) VALUES
-  (1, 1, 1, 1);
+INSERT INTO ambari.adminprivilege (privilege_id, permission_id, resource_id, principal_id)
+  SELECT 1, 1, 1, 1;
 
-INSERT INTO ambari.metainfo (metainfo_key, metainfo_value) VALUES
-  ('version', '${ambariSchemaVersion}');
+INSERT INTO ambari.metainfo (metainfo_key, metainfo_value)
+  SELECT 'version', '${ambariSchemaVersion}';
 COMMIT;
 
 -- Quartz tables

http://git-wip-us.apache.org/repos/asf/ambari/blob/b788f4ab/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql
index bd5d1ae..4225e07 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql
@@ -629,11 +629,9 @@ CREATE TABLE adminpermission (
   permission_name VARCHAR(255) NOT NULL,
   resource_type_id INTEGER NOT NULL,
   permission_label VARCHAR(255),
-  principal_id NUMERIC(19) NOT NULL,
   sort_order SMALLINT NOT NULL DEFAULT 1,
   CONSTRAINT PK_adminpermission PRIMARY KEY (permission_id),
   CONSTRAINT FK_permission_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id),
-  CONSTRAINT FK_permission_principal_id FOREIGN KEY (principal_id) REFERENCES adminprincipal(principal_id),
   CONSTRAINT UQ_perm_name_resource_type_id UNIQUE (permission_name, resource_type_id));
 
 CREATE TABLE roleauthorization (
@@ -1010,8 +1008,8 @@ INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('view_instan
 INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('resource_type_id_seq', 4);
 INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('resource_id_seq', 2);
 INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('principal_type_id_seq', 8);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('principal_id_seq', 13);
-INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('permission_id_seq', 7);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('principal_id_seq', 7);
+INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('permission_id_seq', 5);
 INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('privilege_id_seq', 1);
 INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('config_id_seq', 1);
 INSERT INTO ambari_sequences(sequence_name, sequence_value) values ('cluster_version_id_seq', 0);
@@ -1067,9 +1065,7 @@ insert into adminprincipaltype (principal_type_id, principal_type_name)
   union all
   select 6, 'ALL.SERVICE.ADMINISTRATOR'
   union all
-  select 7, 'ALL.SERVICE.OPERATOR'
-  union all
-  select 8, 'ROLE';
+  select 7, 'ALL.SERVICE.OPERATOR';
 
 insert into adminprincipal (principal_id, principal_type_id)
   select 1, 1
@@ -1082,39 +1078,25 @@ insert into adminprincipal (principal_id, principal_type_id)
   union all
   select 5, 6
   union all
-  select 6, 7
-  union all
-  select 7, 8
-  union all
-  select 8, 8
-  union all
-  select 9, 8
-  union all
-  select 10, 8
-  union all
-  select 11, 8
-  union all
-  select 12, 8
-  union all
-  select 13, 8;
+  select 6, 7;
 
 insert into users(user_id, principal_id, user_name, user_password)
   select 1, 1, 'admin','538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00';
 
-insert into adminpermission(permission_id, permission_name, resource_type_id, permission_label, principal_id, sort_order)
-  select 1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator', 7, 1
+insert into adminpermission(permission_id, permission_name, resource_type_id, permission_label, sort_order)
+  select 1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator', 1
   union all
-  select 2, 'CLUSTER.USER', 2, 'Cluster User', 8, 6
+  select 2, 'CLUSTER.USER', 2, 'Cluster User', 6
   union all
-  select 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator', 9, 2
+  select 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator', 2
   union all
-  select 4, 'VIEW.USER', 3, 'View User', 10, 7
+  select 4, 'VIEW.USER', 3, 'View User', 7
   union all
-  select 5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator', 11, 3
+  select 5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator', 3
   union all
-  select 6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator', 12, 4
+  select 6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator', 4
   union all
-  select 7, 'SERVICE.OPERATOR', 2, 'Service Operator', 13, 5;
+  select 7, 'SERVICE.OPERATOR', 2, 'Service Operator', 5;
 
   INSERT INTO roleauthorization(authorization_id, authorization_name)
     SELECT 'VIEW.USE', 'Use View' UNION ALL

http://git-wip-us.apache.org/repos/asf/ambari/blob/b788f4ab/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql
index 20c706a..46446d8 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql
@@ -640,11 +640,9 @@ CREATE TABLE adminpermission (
   permission_name VARCHAR(255) NOT NULL,
   resource_type_id INTEGER NOT NULL,
   permission_label VARCHAR(255),
-  principal_id BIGINT NOT NULL,
   sort_order SMALLINT NOT NULL DEFAULT 1,
   CONSTRAINT PK_adminpermission PRIMARY KEY CLUSTERED (permission_id),
   CONSTRAINT FK_permission_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id),
-  CONSTRAINT FK_permission_principal_id FOREIGN KEY (principal_id) REFERENCES adminprincipal(principal_id),
   CONSTRAINT UQ_perm_name_resource_type_id UNIQUE (permission_name, resource_type_id));
 
 CREATE TABLE roleauthorization (
@@ -1036,8 +1034,8 @@ BEGIN TRANSACTION
     ('resource_type_id_seq', 4),
     ('resource_id_seq', 2),
     ('principal_type_id_seq', 8),
-    ('principal_id_seq', 13),
-    ('permission_id_seq', 7),
+    ('principal_id_seq', 7),
+    ('permission_id_seq', 5),
     ('privilege_id_seq', 1),
     ('alert_definition_id_seq', 0),
     ('alert_group_id_seq', 0),
@@ -1087,8 +1085,7 @@ BEGIN TRANSACTION
     (4, 'ALL.CLUSTER.OPERATOR'),
     (5, 'ALL.CLUSTER.USER'),
     (6, 'ALL.SERVICE.ADMINISTRATOR'),
-    (7, 'ALL.SERVICE.OPERATOR'),
-    (8, 'ROLE');
+    (7, 'ALL.SERVICE.OPERATOR');
 
   insert into adminprincipal (principal_id, principal_type_id)
   values
@@ -1097,27 +1094,20 @@ BEGIN TRANSACTION
     (3, 4),
     (4, 5),
     (5, 6),
-    (6, 7),
-    (7, 8),
-    (8, 8),
-    (9, 8),
-    (10, 8),
-    (11, 8),
-    (12, 8),
-    (13, 8);
+    (6, 7);
 
   insert into users(user_id, principal_id, user_name, user_password)
     select 1, 1, 'admin','538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00';
 
-  insert into adminpermission(permission_id, permission_name, resource_type_id, permission_label, principal_id, sort_order)
+  insert into adminpermission(permission_id, permission_name, resource_type_id, permission_label, sort_order)
   values
-    (1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator', 7, 1),
-    (2, 'CLUSTER.USER', 2, 'Cluster User', 8, 6),
-    (3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator', 9, 2),
-    (4, 'VIEW.USER', 3, 'View User', 10, 7),
-    (5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator', 11, 3),
-    (6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator', 12, 4),
-    (7, 'SERVICE.OPERATOR', 2, 'Service Operator', 13, 5);
+    (1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator', 1),
+    (2, 'CLUSTER.USER', 2, 'Cluster User', 6),
+    (3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator', 2),
+    (4, 'VIEW.USER', 3, 'View User', 7),
+    (5, 'CLUSTER.OPERATOR', 2, 'Cluster Operator', 3),
+    (6, 'SERVICE.ADMINISTRATOR', 2, 'Service Administrator', 4),
+    (7, 'SERVICE.OPERATOR', 2, 'Service Operator', 5);
 
   INSERT INTO roleauthorization(authorization_id, authorization_name)
     SELECT 'VIEW.USE', 'Use View' UNION ALL

http://git-wip-us.apache.org/repos/asf/ambari/blob/b788f4ab/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java
index dee4490..ad8cce1 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java
@@ -41,8 +41,6 @@ import org.apache.ambari.server.orm.dao.ResourceDAO;
 import org.apache.ambari.server.orm.dao.ResourceTypeDAO;
 import org.apache.ambari.server.orm.dao.UserDAO;
 import org.apache.ambari.server.orm.entities.PermissionEntity;
-import org.apache.ambari.server.orm.entities.PrincipalEntity;
-import org.apache.ambari.server.orm.entities.PrincipalTypeEntity;
 import org.apache.ambari.server.orm.entities.ResourceEntity;
 import org.apache.ambari.server.orm.entities.ResourceTypeEntity;
 import org.apache.ambari.server.orm.entities.UserEntity;
@@ -110,18 +108,9 @@ public class TestUsers {
     resourceEntity.setResourceType(resourceTypeEntity);
     resourceDAO.create(resourceEntity);
 
-    PrincipalTypeEntity principalTypeEntity = new PrincipalTypeEntity();
-    principalTypeEntity.setName("ROLE");
-    principalTypeEntity = principalTypeDAO.merge(principalTypeEntity);
-
-    PrincipalEntity principalEntity = new PrincipalEntity();
-    principalEntity.setPrincipalType(principalTypeEntity);
-    principalEntity = principalDAO.merge(principalEntity);
-
     PermissionEntity adminPermissionEntity = new PermissionEntity();
     adminPermissionEntity.setId(PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION);
     adminPermissionEntity.setPermissionName(PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION_NAME);
-    adminPermissionEntity.setPrincipal(principalEntity);
     adminPermissionEntity.setResourceType(resourceTypeEntity);
     permissionDAO.create(adminPermissionEntity);
   }

http://git-wip-us.apache.org/repos/asf/ambari/blob/b788f4ab/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java
index 11f3865..7413938 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog240Test.java
@@ -42,6 +42,8 @@ import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 
+import javax.persistence.EntityManager;
+
 import com.google.common.collect.Maps;
 import com.google.gson.Gson;
 import com.google.inject.AbstractModule;
@@ -126,8 +128,7 @@ public class UpgradeCatalog240Test {
 
   @Test
   public void testExecuteDDLUpdates() throws SQLException, AmbariException {
-    Capture<DBAccessor.DBColumnInfo> capturedSortOrderColumnInfo = newCapture();
-    Capture<DBAccessor.DBColumnInfo> capturedPermissionIDColumnInfo = newCapture();
+    Capture<DBAccessor.DBColumnInfo> capturedColumnInfo = newCapture();
     Capture<DBAccessor.DBColumnInfo> capturedScColumnInfo = newCapture();
     Capture<DBAccessor.DBColumnInfo> capturedScDesiredVersionColumnInfo = newCapture();
 
@@ -138,8 +139,7 @@ public class UpgradeCatalog240Test {
     ResultSet resultSet = createNiceMock(ResultSet.class);
     Capture<List<DBAccessor.DBColumnInfo>> capturedSettingColumns = EasyMock.newCapture();
 
-    dbAccessor.addColumn(eq("adminpermission"), capture(capturedSortOrderColumnInfo));
-    dbAccessor.addColumn(eq("adminpermission"), capture(capturedPermissionIDColumnInfo));
+    dbAccessor.addColumn(eq("adminpermission"), capture(capturedColumnInfo));
     dbAccessor.addColumn(eq(UpgradeCatalog240.SERVICE_COMPONENT_DESIRED_STATE_TABLE), capture(capturedScColumnInfo));
     dbAccessor.addColumn(eq(UpgradeCatalog240.SERVICE_COMPONENT_DESIRED_STATE_TABLE),
         capture(capturedScDesiredVersionColumnInfo));
@@ -250,21 +250,13 @@ public class UpgradeCatalog240Test {
     UpgradeCatalog240 upgradeCatalog240 = injector.getInstance(UpgradeCatalog240.class);
     upgradeCatalog240.executeDDLUpdates();
 
-    DBAccessor.DBColumnInfo columnSortOrderInfo = capturedSortOrderColumnInfo.getValue();
-    Assert.assertNotNull(columnSortOrderInfo);
-    Assert.assertEquals(UpgradeCatalog240.SORT_ORDER_COL, columnSortOrderInfo.getName());
-    Assert.assertEquals(null, columnSortOrderInfo.getLength());
-    Assert.assertEquals(Short.class, columnSortOrderInfo.getType());
-    Assert.assertEquals(1, columnSortOrderInfo.getDefaultValue());
-    Assert.assertEquals(false, columnSortOrderInfo.isNullable());
-
-    DBAccessor.DBColumnInfo columnPrincipalIDInfo = capturedPermissionIDColumnInfo.getValue();
-    Assert.assertNotNull(columnPrincipalIDInfo);
-    Assert.assertEquals(UpgradeCatalog240.PRINCIPAL_ID_COL, columnPrincipalIDInfo.getName());
-    Assert.assertEquals(null, columnPrincipalIDInfo.getLength());
-    Assert.assertEquals(Long.class, columnPrincipalIDInfo.getType());
-    Assert.assertEquals(null, columnPrincipalIDInfo.getDefaultValue());
-    Assert.assertEquals(true, columnPrincipalIDInfo.isNullable());
+    DBAccessor.DBColumnInfo columnInfo = capturedColumnInfo.getValue();
+    Assert.assertNotNull(columnInfo);
+    Assert.assertEquals(UpgradeCatalog240.SORT_ORDER_COL, columnInfo.getName());
+    Assert.assertEquals(null, columnInfo.getLength());
+    Assert.assertEquals(Short.class, columnInfo.getType());
+    Assert.assertEquals(1, columnInfo.getDefaultValue());
+    Assert.assertEquals(false, columnInfo.isNullable());
 
     // Verify if recovery_enabled column was added to servicecomponentdesiredstate table
     DBAccessor.DBColumnInfo columnScInfo = capturedScColumnInfo.getValue();
@@ -413,15 +405,18 @@ public class UpgradeCatalog240Test {
     Method removeHiveOozieDBConnectionConfigs = UpgradeCatalog240.class.getDeclaredMethod("removeHiveOozieDBConnectionConfigs");
     Method updateClustersAndHostsVersionStateTableDML = UpgradeCatalog240.class.getDeclaredMethod("updateClustersAndHostsVersionStateTableDML");
     Method removeStandardDeviationAlerts = UpgradeCatalog240.class.getDeclaredMethod("removeStandardDeviationAlerts");
+    Method getAndIncrementSequence = AbstractUpgradeCatalog.class.getDeclaredMethod("getAndIncrementSequence", String.class);
     Method consolidateUserRoles = UpgradeCatalog240.class.getDeclaredMethod("consolidateUserRoles");
-    Method updateClusterInheritedPermissionsConfig = UpgradeCatalog240.class.getDeclaredMethod("updateClusterInheritedPermissionsConfig");
-    Method createRolePrincipals = UpgradeCatalog240.class.getDeclaredMethod("createRolePrincipals");
-
 
     Capture<String> capturedStatements = newCapture(CaptureType.ALL);
+    Capture<String> capturedTablesNames = newCapture(CaptureType.ALL);
+    Capture<String[]> captureColumnNames = newCapture(CaptureType.ALL);
+    Capture<String[]> captureColumnValues = newCapture(CaptureType.ALL);
+
 
     DBAccessor dbAccessor = createStrictMock(DBAccessor.class);
     expect(dbAccessor.executeUpdate(capture(capturedStatements))).andReturn(1).times(7);
+    expect(dbAccessor.insertRow(capture(capturedTablesNames), capture(captureColumnNames), capture(captureColumnValues), anyBoolean())).andReturn(true).times(10);
 
     UpgradeCatalog240 upgradeCatalog240 = createMockBuilder(UpgradeCatalog240.class)
             .addMockedMethod(addNewConfigurationsFromXml)
@@ -438,11 +433,12 @@ public class UpgradeCatalog240Test {
             .addMockedMethod(removeHiveOozieDBConnectionConfigs)
             .addMockedMethod(updateClustersAndHostsVersionStateTableDML)
             .addMockedMethod(removeStandardDeviationAlerts)
+            .addMockedMethod(getAndIncrementSequence)
             .addMockedMethod(consolidateUserRoles)
-            .addMockedMethod(updateClusterInheritedPermissionsConfig)
-            .addMockedMethod(createRolePrincipals)
             .createMock();
 
+    expect(upgradeCatalog240.getAndIncrementSequence(anyString())).andReturn(1).anyTimes();
+
     Field field = AbstractUpgradeCatalog.class.getDeclaredField("dbAccessor");
     field.set(upgradeCatalog240, dbAccessor);
 
@@ -461,8 +457,6 @@ public class UpgradeCatalog240Test {
     upgradeCatalog240.updateClustersAndHostsVersionStateTableDML();
     upgradeCatalog240.removeStandardDeviationAlerts();
     upgradeCatalog240.consolidateUserRoles();
-    upgradeCatalog240.createRolePrincipals();
-    upgradeCatalog240.updateClusterInheritedPermissionsConfig();
 
     replay(upgradeCatalog240, dbAccessor);
 
@@ -480,6 +474,47 @@ public class UpgradeCatalog240Test {
     Assert.assertTrue(statements.contains("UPDATE adminpermission SET sort_order=5 WHERE permission_name='SERVICE.OPERATOR'"));
     Assert.assertTrue(statements.contains("UPDATE adminpermission SET sort_order=6 WHERE permission_name='CLUSTER.USER'"));
     Assert.assertTrue(statements.contains("UPDATE adminpermission SET sort_order=7 WHERE permission_name='VIEW.USER'"));
+
+
+    List<String> tableNames = capturedTablesNames.getValues();
+    Assert.assertNotNull(tableNames);
+    Assert.assertEquals(10, tableNames.size());
+    Assert.assertTrue(tableNames.contains("adminprincipaltype"));
+    Assert.assertTrue(tableNames.contains("adminprincipal"));
+
+    List<String[]> tableColumns = captureColumnNames.getValues();
+    Assert.assertNotNull(tableColumns);
+    Assert.assertEquals(10, tableColumns.size());
+    Assert.assertTrue(shouldOnlyHaveValidColumns(tableColumns));
+
+    List<String[]> tableColumnsValue = captureColumnValues.getValues();
+    Assert.assertNotNull(tableColumnsValue);
+    Assert.assertEquals(10, tableColumnsValue.size());
+    isValidValues(tableColumnsValue.get(0), "3", "'ALL.CLUSTER.ADMINISTRATOR'");
+    isValidValues(tableColumnsValue.get(1), "4", "'ALL.CLUSTER.OPERATOR'");
+    isValidValues(tableColumnsValue.get(2), "5", "'ALL.CLUSTER.USER'");
+    isValidValues(tableColumnsValue.get(3), "6", "'ALL.SERVICE.ADMINISTRATOR'");
+    isValidValues(tableColumnsValue.get(4), "7", "'ALL.SERVICE.OPERATOR'");
+    isValidValues(tableColumnsValue.get(5), "1", "3");
+    isValidValues(tableColumnsValue.get(6), "1", "4");
+    isValidValues(tableColumnsValue.get(7), "1", "5");
+    isValidValues(tableColumnsValue.get(8), "1", "6");
+    isValidValues(tableColumnsValue.get(9), "1", "7");
+  }
+
+  private void isValidValues(String[] actual, String expectedFirst, String expectedSecond) {
+    Assert.assertEquals(expectedFirst, actual[0]);
+    Assert.assertEquals(expectedSecond, actual[1]);
+  }
+
+  private boolean shouldOnlyHaveValidColumns(List<String[]> tableColumns) {
+    for(String[] columns: tableColumns) {
+      if (!(("principal_type_id".equalsIgnoreCase(columns[0]) && "principal_type_name".equalsIgnoreCase(columns[1]))
+        || ("principal_id".equalsIgnoreCase(columns[0]) && "principal_type_id".equalsIgnoreCase(columns[1])))) {
+        return false;
+      }
+    }
+    return true;
   }
 
   @Test


Mime
View raw message