ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mad...@apache.org
Subject [1/2] git commit: ARGUS-17: - grant/revoke authorization calls now update Argus policies - updates for changes in Hive Authz API (introduction of HiveAuthzSessionContext)
Date Thu, 21 Aug 2014 06:21:07 GMT
Repository: incubator-argus
Updated Branches:
  refs/heads/master 6b5bf61cf -> 704f62614


ARGUS-17:
 - grant/revoke authorization calls now update Argus policies
 - updates for changes in Hive Authz API (introduction of
HiveAuthzSessionContext)

Project: http://git-wip-us.apache.org/repos/asf/incubator-argus/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-argus/commit/05e62b8e
Tree: http://git-wip-us.apache.org/repos/asf/incubator-argus/tree/05e62b8e
Diff: http://git-wip-us.apache.org/repos/asf/incubator-argus/diff/05e62b8e

Branch: refs/heads/master
Commit: 05e62b8e1f449d4bd7548ae3610a3348c006fe37
Parents: e5656c1
Author: mneethiraj <mneethiraj@hortonworks.com>
Authored: Wed Aug 20 17:51:12 2014 -0700
Committer: mneethiraj <mneethiraj@hortonworks.com>
Committed: Wed Aug 20 17:51:12 2014 -0700

----------------------------------------------------------------------
 agents-common/pom.xml                           |   5 +
 .../xasecure/admin/client/XaAdminClient.java    |  13 +
 .../admin/client/XaAdminRESTClient.java         | 375 +++++++++++++++++++
 .../admin/client/datatype/GrantRevokeData.java  | 304 +++++++++++++++
 .../com/xasecure/pdp/hive/HiveAuthRule.java     |  10 +-
 .../conf/xasecure-hive-security-changes.cfg     |   4 +-
 .../authorization/hive/XaHiveAccessContext.java |  10 +-
 .../hive/XaHiveObjectAccessInfo.java            |   2 +-
 .../hive/authorizer/XaSecureHiveAuthorizer.java | 229 +++++++++--
 .../authorizer/XaSecureHiveAuthorizerBase.java  | 107 ++++--
 .../XaSecureHiveAuthorizerFactory.java          |   8 +-
 .../hive-common-0.14.0-SNAPSHOT.jar             | Bin 218957 -> 219782 bytes
 .../hive-exec-0.14.0-SNAPSHOT.jar               | Bin 16275998 -> 16302377 bytes
 .../hive-metastore-0.14.0-SNAPSHOT.jar          | Bin 4838451 -> 4887086 bytes
 .../hive-service-0.14.0-SNAPSHOT.jar            | Bin 1841677 -> 1841820 bytes
 .../.settings/org.eclipse.wst.common.component  |   7 +-
 .../main/java/com/xasecure/rest/AssetREST.java  |  21 +-
 .../main/java/com/xasecure/view/VXPolicy.java   |  10 +
 18 files changed, 1034 insertions(+), 71 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/05e62b8e/agents-common/pom.xml
----------------------------------------------------------------------
diff --git a/agents-common/pom.xml b/agents-common/pom.xml
index 3ca6724..3d9b62c 100644
--- a/agents-common/pom.xml
+++ b/agents-common/pom.xml
@@ -15,6 +15,11 @@
      <relativePath>..</relativePath>
   </parent>
   <dependencies>
+   <dependency>
+      <groupId>com.sun.jersey</groupId>
+      <artifactId>jersey-bundle</artifactId>
+      <version>${jersey-bundle.version}</version>
+    </dependency>
     <dependency>
         <groupId>commons-logging</groupId>
         <artifactId>commons-logging</artifactId>

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/05e62b8e/agents-common/src/main/java/com/xasecure/admin/client/XaAdminClient.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/com/xasecure/admin/client/XaAdminClient.java b/agents-common/src/main/java/com/xasecure/admin/client/XaAdminClient.java
new file mode 100644
index 0000000..eb2dfab
--- /dev/null
+++ b/agents-common/src/main/java/com/xasecure/admin/client/XaAdminClient.java
@@ -0,0 +1,13 @@
+package com.xasecure.admin.client;
+
+
+import com.xasecure.admin.client.datatype.GrantRevokeData;
+
+
+public interface XaAdminClient {
+	String getPolicies(String repositoryName, long lastModifiedTime, int policyCount, String agentName);
+
+	void grantPrivilege(GrantRevokeData grData) throws Exception;
+
+	void revokePrivilege(GrantRevokeData grData) throws Exception;
+}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/05e62b8e/agents-common/src/main/java/com/xasecure/admin/client/XaAdminRESTClient.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/com/xasecure/admin/client/XaAdminRESTClient.java b/agents-common/src/main/java/com/xasecure/admin/client/XaAdminRESTClient.java
new file mode 100644
index 0000000..32fcd63
--- /dev/null
+++ b/agents-common/src/main/java/com/xasecure/admin/client/XaAdminRESTClient.java
@@ -0,0 +1,375 @@
+package com.xasecure.admin.client;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.List;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+
+import com.sun.jersey.api.client.Client;
+import com.sun.jersey.api.client.ClientResponse;
+import com.sun.jersey.api.client.WebResource;
+import com.sun.jersey.api.client.config.ClientConfig;
+import com.sun.jersey.api.client.config.DefaultClientConfig;
+import com.sun.jersey.client.urlconnection.HTTPSProperties;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.hadoop.conf.Configuration;
+
+import com.xasecure.admin.client.datatype.GrantRevokeData;
+import com.xasecure.authorization.utils.StringUtil;
+import com.xasecure.authorization.hadoop.config.XaSecureConfiguration;
+import com.xasecure.authorization.hadoop.utils.XaSecureCredentialProvider;
+
+
+public class XaAdminRESTClient implements XaAdminClient {
+	private static final Log LOG = LogFactory.getLog(XaAdminRESTClient.class);
+
+	public static final String XASECURE_PROP_POLICYMGR_URL                         = "xasecure.policymgr.url";
+	public static final String XASECURE_PROP_POLICYMGR_SSLCONFIG_FILENAME          = "xasecure.policymgr.sslconfig.filename";
+
+	public static final String XASECURE_POLICYMGR_CLIENT_KEY_FILE                  = "xasecure.policymgr.clientssl.keystore";	
+	public static final String XASECURE_POLICYMGR_CLIENT_KEY_FILE_PASSWORD         = "xasecure.policymgr.clientssl.keystore.password";	
+	public static final String XASECURE_POLICYMGR_CLIENT_KEY_FILE_TYPE             = "xasecure.policymgr.clientssl.keystore.type";
+	public static final String XASECURE_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL       = "xasecure.policymgr.clientssl.keystore.credential.file";
+	public static final String XASECURE_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL_ALIAS = "sslKeyStore";
+	public static final String XASECURE_POLICYMGR_CLIENT_KEY_FILE_TYPE_DEFAULT     = "jks";	
+
+	public static final String XASECURE_POLICYMGR_TRUSTSTORE_FILE                  = "xasecure.policymgr.clientssl.truststore";	
+	public static final String XASECURE_POLICYMGR_TRUSTSTORE_FILE_PASSWORD         = "xasecure.policymgr.clientssl.truststore.password";	
+	public static final String XASECURE_POLICYMGR_TRUSTSTORE_FILE_TYPE             = "xasecure.policymgr.clientssl.truststore.type";	
+	public static final String XASECURE_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL       = "xasecure.policymgr.clientssl.truststore.credential.file";
+	public static final String XASECURE_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL_ALIAS = "sslTrustStore";
+	public static final String XASECURE_POLICYMGR_TRUSTSTORE_FILE_TYPE_DEFAULT     = "jks";	
+
+	public static final String XASECURE_SSL_KEYMANAGER_ALGO_TYPE						  = "SunX509" ;
+	public static final String XASECURE_SSL_TRUSTMANAGER_ALGO_TYPE						  = "SunX509" ;
+	public static final String XASECURE_SSL_CONTEXT_ALGO_TYPE						      = "SSL" ;
+	
+	public static final String REST_EXPECTED_MIME_TYPE = "application/json" ;
+
+	private static final String REST_URL_PATH_POLICYLIST        = "/service/assets/policyList/";
+	private static final String REST_URL_PATH_GRANT             = "/service/assets/resources/grant";
+	private static final String REST_URL_PATH_REVOKE            = "/service/assets/resources/revoke";
+	private static final String REST_URL_PARAM_LASTUPDATED_TIME = "epoch";
+	private static final String REST_URL_PARAM_POLICY_COUNT     = "policyCount";
+	private static final String REST_URL_PARAM_AGENT_NAME       = "agentId";
+
+	private String  mUrl               = null;
+	private String  mSslConfigFileName = null;
+	private boolean mIsSSL             = false;
+
+	private String mKeyStoreURL     = null;
+	private String mKeyStoreAlias   = null;
+	private String mKeyStoreFile    = null;
+	private String mKeyStoreType    = null;
+	private String mTrustStoreURL   = null;
+	private String mTrustStoreAlias = null;
+	private String mTrustStoreFile  = null;
+	private String mTrustStoreType  = null;
+
+
+	public XaAdminRESTClient() {
+		mUrl               = XaSecureConfiguration.getInstance().get(XASECURE_PROP_POLICYMGR_URL);
+		mSslConfigFileName = XaSecureConfiguration.getInstance().get(XASECURE_PROP_POLICYMGR_SSLCONFIG_FILENAME);
+
+		init();
+	}
+
+	public XaAdminRESTClient(String url, String sslConfigFileName) {
+		mUrl               = url;
+		mSslConfigFileName = sslConfigFileName;
+
+		init();
+	}
+
+	@Override
+	public String getPolicies(String repositoryName, long lastModifiedTime, int policyCount, String agentName) {
+		String ret    = null;
+		Client client = null;
+
+		try {
+			client = buildClient();
+
+			WebResource webResource = client.resource(mUrl + REST_URL_PATH_POLICYLIST + repositoryName)
+						.queryParam(REST_URL_PARAM_LASTUPDATED_TIME, String.valueOf(lastModifiedTime))
+						.queryParam(REST_URL_PARAM_POLICY_COUNT, String.valueOf(policyCount))
+						.queryParam(REST_URL_PARAM_AGENT_NAME, agentName);
+
+			ClientResponse response = webResource.accept(REST_EXPECTED_MIME_TYPE).get(ClientResponse.class);
+
+			if(response != null && response.getStatus() == 200) {
+				ret = response.getEntity(String.class);
+			}
+		} finally {
+			destroy(client);
+		}
+
+		return ret;
+	}
+
+	@Override
+	public void grantPrivilege(GrantRevokeData grData) throws Exception {
+		Client client = null;
+
+		try {
+			client = buildClient();
+
+			WebResource webResource = client.resource(mUrl + REST_URL_PATH_GRANT);
+
+			ClientResponse response = webResource.accept(REST_EXPECTED_MIME_TYPE).post(ClientResponse.class, grData.toString());
+
+			if(response == null) {
+				throw new Exception("grantPrivilege(): unknown failure");
+			} else if(response.getStatus() != 200) {
+				String ret = response.getEntity(String.class);
+
+				throw new Exception("grantPrivilege(): HTTPResponse status=" + response.getStatus() + "; HTTPResponse text=" + ret);
+			}
+		} finally {
+			destroy(client);
+		}
+	}
+
+	@Override
+	public void revokePrivilege(GrantRevokeData grData) throws Exception {
+		Client client = null;
+		
+		try {
+			client = buildClient();
+
+			WebResource webResource = client.resource(mUrl + REST_URL_PATH_REVOKE);
+
+			ClientResponse response = webResource.accept(REST_EXPECTED_MIME_TYPE).post(ClientResponse.class, grData.toString());
+
+			if(response == null) {
+				throw new Exception("revokePrivilege(): unknown failure");
+			} else if(response.getStatus() != 200) {
+				String ret = response.getEntity(String.class);
+
+				throw new Exception("revokePrivilege(): HTTPResponse status=" + response.getStatus() + "; HTTPResponse text=" + ret);
+			}
+		} finally {
+			destroy(client);
+		}
+	}
+
+	private void init() {
+		mIsSSL = mUrl.toLowerCase().contains("https");
+
+		InputStream in =  null ;
+
+		try {
+			Configuration conf = new Configuration() ;
+
+			in = getFileInputStream(mSslConfigFileName) ;
+
+			if (in != null) {
+				conf.addResource(in);
+			}
+
+			mKeyStoreURL   = conf.get(XASECURE_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL);
+			mKeyStoreAlias = XASECURE_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL_ALIAS;
+			mKeyStoreType  = conf.get(XASECURE_POLICYMGR_CLIENT_KEY_FILE_TYPE, XASECURE_POLICYMGR_CLIENT_KEY_FILE_TYPE_DEFAULT);
+			mKeyStoreFile  = conf.get(XASECURE_POLICYMGR_CLIENT_KEY_FILE);
+
+			mTrustStoreURL   = conf.get(XASECURE_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL);
+			mTrustStoreAlias = XASECURE_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL_ALIAS;
+			mTrustStoreType  = conf.get(XASECURE_POLICYMGR_TRUSTSTORE_FILE_TYPE, XASECURE_POLICYMGR_TRUSTSTORE_FILE_TYPE_DEFAULT);
+			mTrustStoreFile  = conf.get(XASECURE_POLICYMGR_TRUSTSTORE_FILE);
+		}
+		catch(IOException ioe) {
+			LOG.error("Unable to load SSL Config FileName: [" + mSslConfigFileName + "]", ioe);
+		}
+		finally {
+			close(in, mSslConfigFileName);
+		}
+	}
+
+	private synchronized Client buildClient() {
+		Client client = null;
+
+		if (mIsSSL) {
+			KeyManager[]   kmList     = getKeyManagers();
+			TrustManager[] tmList     = getTrustManagers();
+			SSLContext     sslContext = getSSLContext(kmList, tmList);
+			ClientConfig   config     = new DefaultClientConfig();
+
+			HostnameVerifier hv = new HostnameVerifier() {
+				public boolean verify(String urlHostName, SSLSession session) {
+					return session.getPeerHost().equals(urlHostName);
+				}
+			};
+
+			config.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, new HTTPSProperties(hv, sslContext));
+
+			client = Client.create(config);
+		}
+
+		if(client == null) {
+			client = Client.create();
+		}
+
+		return client;
+	}
+
+	private KeyManager[] getKeyManagers() {
+		KeyManager[] kmList = null;
+
+		String keyStoreFilepwd = getCredential(mKeyStoreURL, mKeyStoreAlias);
+
+		if (!StringUtil.isEmpty(mKeyStoreFile) && !StringUtil.isEmpty(keyStoreFilepwd)) {
+			InputStream in =  null ;
+
+			try {
+				in = getFileInputStream(mKeyStoreFile) ;
+
+				if (in != null) {
+					KeyStore keyStore = KeyStore.getInstance(mKeyStoreType);
+
+					keyStore.load(in, keyStoreFilepwd.toCharArray());
+
+					KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(XASECURE_SSL_KEYMANAGER_ALGO_TYPE);
+
+					keyManagerFactory.init(keyStore, keyStoreFilepwd.toCharArray());
+
+					kmList = keyManagerFactory.getKeyManagers();
+				} else {
+					LOG.error("Unable to obtain keystore from file [" + mKeyStoreFile + "]");
+				}
+			} catch (KeyStoreException e) {
+				LOG.error("Unable to obtain from KeyStore", e);
+			} catch (NoSuchAlgorithmException e) {
+				LOG.error("SSL algorithm is available in the environment", e);
+			} catch (CertificateException e) {
+				LOG.error("Unable to obtain the requested certification ", e);
+			} catch (FileNotFoundException e) {
+				LOG.error("Unable to find the necessary SSL Keystore and TrustStore Files", e);
+			} catch (IOException e) {
+				LOG.error("Unable to read the necessary SSL Keystore and TrustStore Files", e);
+			} catch (UnrecoverableKeyException e) {
+				LOG.error("Unable to recover the key from keystore", e);
+			} finally {
+				close(in, mKeyStoreFile);
+			}
+		}
+
+		return kmList;
+	}
+
+	private TrustManager[] getTrustManagers() {
+		TrustManager[] tmList = null;
+
+		String trustStoreFilepwd = getCredential(mTrustStoreURL, mTrustStoreAlias);
+
+		if (!StringUtil.isEmpty(mTrustStoreFile) && !StringUtil.isEmpty(trustStoreFilepwd)) {
+			InputStream in =  null ;
+
+			try {
+				in = getFileInputStream(mTrustStoreFile) ;
+
+				if (in != null) {
+					KeyStore trustStore = KeyStore.getInstance(mTrustStoreType);
+
+					trustStore.load(in, trustStoreFilepwd.toCharArray());
+
+					TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(XASECURE_SSL_TRUSTMANAGER_ALGO_TYPE);
+
+					trustManagerFactory.init(trustStore);
+
+					tmList = trustManagerFactory.getTrustManagers();
+				} else {
+					LOG.error("Unable to obtain keystore from file [" + mTrustStoreFile + "]");
+				}
+			} catch (KeyStoreException e) {
+				LOG.error("Unable to obtain from KeyStore", e);
+			} catch (NoSuchAlgorithmException e) {
+				LOG.error("SSL algorithm is available in the environment", e);
+			} catch (CertificateException e) {
+				LOG.error("Unable to obtain the requested certification ", e);
+			} catch (FileNotFoundException e) {
+				LOG.error("Unable to find the necessary SSL Keystore and TrustStore Files", e);
+			} catch (IOException e) {
+				LOG.error("Unable to read the necessary SSL Keystore and TrustStore Files", e);
+			} finally {
+				close(in, mTrustStoreFile);
+			}
+		}
+		
+		return tmList;
+	}
+	
+	private SSLContext getSSLContext(KeyManager[] kmList, TrustManager[] tmList) {
+		try {
+			if(kmList != null && tmList != null) {
+				SSLContext sslContext = SSLContext.getInstance(XASECURE_SSL_CONTEXT_ALGO_TYPE);
+	
+				sslContext.init(kmList, tmList, new SecureRandom());
+				
+				return sslContext;
+			}
+		} catch (NoSuchAlgorithmException e) {
+			LOG.error("SSL algorithm is available in the environment", e);
+		} catch (KeyManagementException e) {
+			LOG.error("Unable to initials the SSLContext", e);
+		}
+		
+		return null;
+	}
+
+	private String getCredential(String url, String alias) {
+		char[] credStr = XaSecureCredentialProvider.getInstance().getCredentialString(url, alias);
+
+		return credStr == null ? null : new String(credStr);
+	}
+
+	private InputStream getFileInputStream(String fileName)  throws IOException {
+		InputStream in = null ;
+
+		if(! StringUtil.isEmpty(fileName)) {
+			File f = new File(fileName) ;
+
+			if (f.exists()) {
+				in = new FileInputStream(f) ;
+			}
+			else {
+				in = ClassLoader.getSystemResourceAsStream(fileName) ;
+			}
+		}
+
+		return in ;
+	}
+
+	private void close(InputStream str, String filename) {
+		if (str != null) {
+			try {
+				str.close() ;
+			} catch (IOException excp) {
+				LOG.error("Error while closing file: [" + filename + "]", excp) ;
+			}
+		}
+	}
+
+	private void destroy(Client client) {
+		if(client != null) {
+			client.destroy();
+		}
+	}
+}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/05e62b8e/agents-common/src/main/java/com/xasecure/admin/client/datatype/GrantRevokeData.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/com/xasecure/admin/client/datatype/GrantRevokeData.java b/agents-common/src/main/java/com/xasecure/admin/client/datatype/GrantRevokeData.java
new file mode 100644
index 0000000..45cfd35
--- /dev/null
+++ b/agents-common/src/main/java/com/xasecure/admin/client/datatype/GrantRevokeData.java
@@ -0,0 +1,304 @@
+package com.xasecure.admin.client.datatype;
+
+
+import java.io.IOException;
+import java.util.List;
+import java.util.ArrayList;
+
+import org.codehaus.jackson.JsonGenerationException;
+import org.codehaus.jackson.annotate.JsonAutoDetect;
+import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility;
+import org.codehaus.jackson.annotate.JsonIgnoreProperties;
+import org.codehaus.jackson.map.annotate.JsonSerialize;
+import org.codehaus.jackson.map.JsonMappingException;
+import org.codehaus.jackson.map.ObjectMapper;
+
+
+@JsonAutoDetect(getterVisibility = Visibility.NONE, setterVisibility = Visibility.NONE, fieldVisibility = Visibility.ANY)
+@JsonSerialize(include = JsonSerialize.Inclusion.NON_NULL)
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class GrantRevokeData implements java.io.Serializable {
+	private static final long serialVersionUID = 1L;
+
+	private String              grantor;
+	private String              repositoryName;
+	private String              repositoryType;
+	private String              databases;
+	private String              tables;
+	private String              columns;
+	private String              columnFamilies;
+	private List<UserPermList>  userPermList  = new ArrayList<UserPermList>();
+	private List<GroupPermList> groupPermList = new ArrayList<GroupPermList>();
+
+
+	public GrantRevokeData() {
+	}
+	
+
+	public String getGrantor() {
+		return grantor;
+	}
+
+	public void setGrantor(String grantor) {
+		this.grantor = grantor;
+	}
+
+	public String getRepositoryName() {
+		return repositoryName;
+	}
+
+	public void setRepositoryName(String repositoryName) {
+		this.repositoryName = repositoryName;
+	}
+
+	public String getRepositoryType() {
+		return repositoryType;
+	}
+
+	public void setRepositoryType(String repositoryType) {
+		this.repositoryType = repositoryType;
+	}
+
+	public String getDatabases() {
+		return databases;
+	}
+
+	public void setDatabases(String databases) {
+		this.databases = databases;
+	}
+
+	public String getTables() {
+		return tables;
+	}
+
+	public void setTables(String tables) {
+		this.tables = tables;
+	}
+
+	public String getColumns() {
+		return columns;
+	}
+
+	public void setColumns(String columns) {
+		this.columns = columns;
+	}
+
+	public String getColumnFamilies() {
+		return columnFamilies;
+	}
+
+	public void setColumnFamilies(String columnFamilies) {
+		this.columnFamilies = columnFamilies;
+	}
+
+	public List<UserPermList> getUserPermList() {
+		return userPermList;
+	}
+
+	public void setUserPermList(List<UserPermList> userPermList) {
+		this.userPermList = userPermList;
+	}
+
+	public List<GroupPermList> getGroupPermList() {
+		return groupPermList;
+	}
+
+	public void setGroupPermList(List<GroupPermList> groupPermList) {
+		this.groupPermList = groupPermList;
+	}
+
+
+	public void setHiveData(String              grantor,
+							String              repositoryName,
+							String              databases,
+							String              tables,
+							String              columns,
+							List<UserPermList>  userPermList,
+							List<GroupPermList> groupPermList) {
+		this.grantor         = grantor;
+		this.repositoryName = repositoryName;
+		this.repositoryType = "hive";
+		this.databases      = databases;
+		this.tables         = tables;
+		this.columns        = columns;
+
+		for(UserPermList userPerm : userPermList) {
+			this.userPermList.add(userPerm);
+		}
+
+		for(GroupPermList groupPerm : groupPermList) {
+			this.groupPermList.add(groupPerm);
+		}
+	}
+
+	public void setHBaseData(String              grantor,
+							 String              repositoryName,
+							 String              tables,
+							 String              columns,
+							 String              columnFamilies,
+							 List<UserPermList>  userPermList,
+							 List<GroupPermList> groupPermList) {
+		this.grantor         = grantor;
+		this.repositoryName = repositoryName;
+		this.repositoryType = "hbase";
+		this.tables         = tables;
+		this.columns        = columns;
+		this.columnFamilies = columnFamilies;
+
+		for(UserPermList userPerm : userPermList) {
+			this.userPermList.add(userPerm);
+		}
+
+		for(GroupPermList groupPerm : groupPermList) {
+			this.groupPermList.add(groupPerm);
+		}
+	}
+	
+	public String toJson() {
+		try {
+			ObjectMapper om = new ObjectMapper();
+
+			return om.writeValueAsString(this);
+		} catch (JsonGenerationException e) {
+			e.printStackTrace();
+		} catch (JsonMappingException e) {
+			e.printStackTrace();
+		} catch (IOException e) {
+			e.printStackTrace();
+		}
+		
+		return "";
+	}
+
+	@Override
+	public String toString() {
+		return toJson();
+	}
+
+
+	@JsonAutoDetect(getterVisibility = Visibility.NONE, setterVisibility = Visibility.NONE, fieldVisibility = Visibility.ANY)
+	@JsonSerialize(include = JsonSerialize.Inclusion.NON_NULL)
+	@JsonIgnoreProperties(ignoreUnknown = true)
+	public static class UserPermList {
+		private List<String> userList = new ArrayList<String>();
+		private List<String> permList = new ArrayList<String>();
+
+		public UserPermList(String user, String perm) {
+			addUser(user);
+			addPerm(perm);
+		}
+
+		public UserPermList(List<String> userList, List<String> permList) {
+			for(String user : userList) {
+				addUser(user);
+			}
+
+			for(String perm : permList) {
+				addPerm(perm);
+			}
+		}
+
+		public List<String> getUserList() {
+			return userList;
+		}
+
+		public List<String> getPermList() {
+			return permList;
+		}
+
+		public void addUser(String user) {
+			userList.add(user);
+		}
+
+		public void addPerm(String perm) {
+			permList.add(perm);
+		}
+
+		public String toJson() {
+			try {
+				ObjectMapper om = new ObjectMapper();
+
+				return om.writeValueAsString(this);
+			} catch (JsonGenerationException e) {
+				e.printStackTrace();
+			} catch (JsonMappingException e) {
+				e.printStackTrace();
+			} catch (IOException e) {
+				e.printStackTrace();
+			}
+			
+			return "";
+		}
+
+		@Override
+		public String toString() {
+			return toJson();
+		}
+	}
+	
+	@JsonAutoDetect(getterVisibility = Visibility.NONE, setterVisibility = Visibility.NONE, fieldVisibility = Visibility.ANY)
+	@JsonSerialize(include = JsonSerialize.Inclusion.NON_NULL)
+	@JsonIgnoreProperties(ignoreUnknown = true)
+	public static class GroupPermList {
+		List<String> groupList = new ArrayList<String>();
+		List<String> permList  = new ArrayList<String>();
+
+		public GroupPermList(String group, String perm) {
+			addGroup(group);
+			addPerm(perm);
+		}
+
+		public GroupPermList(List<String> groupList, List<String> permList) {
+			for(String group : groupList) {
+				addGroup(group);
+			}
+
+			for(String perm : permList) {
+				addPerm(perm);
+			}
+		}
+
+		public List<String> getGroupList() {
+			return groupList;
+		}
+
+		public List<String> getPermList() {
+			return permList;
+		}
+
+		public void addGroup(String group) {
+			groupList.add(group);
+		}
+
+		public void addPerm(String perm) {
+			permList.add(perm);
+		}
+
+		public String toJson() {
+			try {
+				ObjectMapper om = new ObjectMapper();
+
+				return om.writeValueAsString(this);
+			} catch (JsonGenerationException e) {
+				e.printStackTrace();
+			} catch (JsonMappingException e) {
+				e.printStackTrace();
+			} catch (IOException e) {
+				e.printStackTrace();
+			}
+			
+			return "";
+		}
+
+		@Override
+		public String toString() {
+			return toJson();
+		}
+	}
+	
+	public static void main(String[] args) {
+		GrantRevokeData grData = new GrantRevokeData();
+		
+		System.out.println(grData.toString());
+	}
+}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/05e62b8e/agents-impl/src/main/java/com/xasecure/pdp/hive/HiveAuthRule.java
----------------------------------------------------------------------
diff --git a/agents-impl/src/main/java/com/xasecure/pdp/hive/HiveAuthRule.java b/agents-impl/src/main/java/com/xasecure/pdp/hive/HiveAuthRule.java
index 272bcb6..e9d0132 100644
--- a/agents-impl/src/main/java/com/xasecure/pdp/hive/HiveAuthRule.java
+++ b/agents-impl/src/main/java/com/xasecure/pdp/hive/HiveAuthRule.java
@@ -20,8 +20,8 @@ package com.xasecure.pdp.hive;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.apache.hadoop.hive.ql.security.authorization.Privilege;
 
+import com.xasecure.authorization.hive.XaHiveObjectAccessInfo.HiveAccessType;
 import com.xasecure.authorization.hive.constants.XaSecureHiveConstants;
 import com.xasecure.authorization.utils.StringUtil;
 
@@ -61,7 +61,7 @@ public class HiveAuthRule {
 		this.tableExcluded  = tableExclusionFlag ;
 		this.columnExcluded = columnExclusionFlag ;
 
-		this.allGranted = StringUtil.equalsIgnoreCase(Privilege.ALL.toString(), accessType);
+		this.allGranted = StringUtil.equalsIgnoreCase(HiveAccessType.ALL.name(), accessType);
 
 		tableRule = StringUtil.isEmpty(columnName) || WILDCARD_OBJECT.matches(columnName) ;
 	}
@@ -97,7 +97,11 @@ public class HiveAuthRule {
 
 		if(ret) {
 			// does accessType match?
-			ret = this.isAllGranted() || StringUtil.equals(accessType, this.accessType) || StringUtil.equalsIgnoreCase(accessType, "USE");
+			ret = StringUtil.equalsIgnoreCase(accessType,  this.accessType);
+
+			if(! ret && !StringUtil.equalsIgnoreCase(accessType, HiveAccessType.ADMIN.name())) {
+				ret = this.isAllGranted() || StringUtil.equalsIgnoreCase(accessType, "USE");
+			}
 
 			if(ret) {
 				// does user/group match?

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/05e62b8e/hive-agent/conf/xasecure-hive-security-changes.cfg
----------------------------------------------------------------------
diff --git a/hive-agent/conf/xasecure-hive-security-changes.cfg b/hive-agent/conf/xasecure-hive-security-changes.cfg
index a57e0e9..7883913 100644
--- a/hive-agent/conf/xasecure-hive-security-changes.cfg
+++ b/hive-agent/conf/xasecure-hive-security-changes.cfg
@@ -7,4 +7,6 @@ xasecure.hive.policymgr.url							%POLICY_MGR_URL%/service/assets/policyList/%RE
 xasecure.hive.policymgr.url.saveAsFile				/tmp/hive_%REPOSITORY_NAME%_json  									    mod create-if-not-exists
 xasecure.hive.policymgr.url.laststoredfile			%POLICY_CACHE_FILE_PATH%/hive_%REPOSITORY_NAME%_json 					mod create-if-not-exists
 xasecure.hive.policymgr.url.reloadIntervalInMillis 	30000 																	mod create-if-not-exists
-xasecure.hive.policymgr.ssl.config					/etc/hive/conf/xasecure-policymgr-ssl.xml								mod create-if-not-exists
\ No newline at end of file
+xasecure.hive.policymgr.ssl.config					/etc/hive/conf/xasecure-policymgr-ssl.xml								mod create-if-not-exists
+xasecure.policymgr.url							    %POLICY_MGR_URL% 														mod create-if-not-exists
+xasecure.policymgr.sslconfig.filename				/etc/hive/conf/xasecure-policymgr-ssl.xml								mod create-if-not-exists

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/05e62b8e/hive-agent/src/main/java/com/xasecure/authorization/hive/XaHiveAccessContext.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/com/xasecure/authorization/hive/XaHiveAccessContext.java b/hive-agent/src/main/java/com/xasecure/authorization/hive/XaHiveAccessContext.java
index 59ed2d1..304d51f 100644
--- a/hive-agent/src/main/java/com/xasecure/authorization/hive/XaHiveAccessContext.java
+++ b/hive-agent/src/main/java/com/xasecure/authorization/hive/XaHiveAccessContext.java
@@ -1,6 +1,7 @@
 package com.xasecure.authorization.hive;
 
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzContext;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext;
 
 
 public class XaHiveAccessContext {
@@ -9,12 +10,15 @@ public class XaHiveAccessContext {
 	private String mCommandString;
 	private String mSessionString;
 	
-	public XaHiveAccessContext(HiveAuthzContext context) {
+	public XaHiveAccessContext(HiveAuthzContext context, HiveAuthzSessionContext sessionContext) {
 		if(context != null) {
 			mClientIpAddress = context.getIpAddress();
-			mClientType      = context.getClientType().name();
 			mCommandString   = context.getCommandString();
-			mSessionString   = context.getSessionString();
+		}
+		
+		if(sessionContext != null) {
+			mClientType      = sessionContext.getClientType().name();
+			mSessionString   = sessionContext.getSessionString();
 		}
 	}
 

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/05e62b8e/hive-agent/src/main/java/com/xasecure/authorization/hive/XaHiveObjectAccessInfo.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/com/xasecure/authorization/hive/XaHiveObjectAccessInfo.java b/hive-agent/src/main/java/com/xasecure/authorization/hive/XaHiveObjectAccessInfo.java
index 942a86a..f14cd03 100644
--- a/hive-agent/src/main/java/com/xasecure/authorization/hive/XaHiveObjectAccessInfo.java
+++ b/hive-agent/src/main/java/com/xasecure/authorization/hive/XaHiveObjectAccessInfo.java
@@ -7,7 +7,7 @@ import com.xasecure.authorization.utils.StringUtil;
 
 public class XaHiveObjectAccessInfo {
 	public enum HiveObjectType { NONE, DATABASE, TABLE, VIEW, PARTITION, INDEX, COLUMN, FUNCTION, URI };
-	public enum HiveAccessType { NONE, CREATE, ALTER, DROP, INDEX, LOCK, INSERT, SELECT, UPDATE, USE };
+	public enum HiveAccessType { NONE, CREATE, ALTER, DROP, INDEX, LOCK, INSERT, SELECT, UPDATE, USE, ALL, ADMIN };
 
 	private String              mOperType         = null;
 	private XaHiveAccessContext mContext          = null;

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/05e62b8e/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizer.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizer.java b/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizer.java
index 2e9c6c4..410b0b9 100644
--- a/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizer.java
+++ b/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizer.java
@@ -15,13 +15,18 @@ import org.apache.hadoop.hive.ql.security.HiveAuthenticationProvider;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzContext;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactory;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilege;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivObjectActionType;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject.HivePrivilegeObjectType;
 import org.apache.hadoop.security.UserGroupInformation;
 
+import com.xasecure.admin.client.XaAdminRESTClient;
+import com.xasecure.admin.client.datatype.GrantRevokeData;
 import com.xasecure.audit.model.EnumRepositoryType;
 import com.xasecure.audit.model.HiveAuditEvent;
 import com.xasecure.audit.provider.AuditProviderFactory;
@@ -46,14 +51,89 @@ public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase {
 
 	public XaSecureHiveAuthorizer(HiveMetastoreClientFactory metastoreClientFactory,
 								  HiveConf                   hiveConf,
-								  HiveAuthenticationProvider hiveAuthenticator) {
-		super(metastoreClientFactory, hiveConf, hiveAuthenticator);
+								  HiveAuthenticationProvider hiveAuthenticator,
+								  HiveAuthzSessionContext    sessionContext) {
+		super(metastoreClientFactory, hiveConf, hiveAuthenticator, sessionContext);
 
 		LOG.debug("XaSecureHiveAuthorizer.XaSecureHiveAuthorizer()");
 
 		mHiveAccessVerifier = XaHiveAccessVerifierFactory.getInstance() ;
 	}
 
+
+	/**
+	 * Grant privileges for principals on the object
+	 * @param hivePrincipals
+	 * @param hivePrivileges
+	 * @param hivePrivObject
+	 * @param grantorPrincipal
+	 * @param grantOption
+	 * @throws HiveAuthzPluginException
+	 * @throws HiveAccessControlException
+	 */
+	@Override
+	public void grantPrivileges(List<HivePrincipal> hivePrincipals,
+								List<HivePrivilege> hivePrivileges,
+								HivePrivilegeObject hivePrivObject,
+								HivePrincipal grantorPrincipal,
+								boolean       grantOption)
+										throws HiveAuthzPluginException, HiveAccessControlException {
+		XaHiveObjectAccessInfo objAccessInfo = getObjectAccessInfo(HiveOperationType.GRANT_PRIVILEGE, hivePrivObject, new XaHiveAccessContext(null, getHiveAuthzSessionContext()), true);
+
+		try {
+			GrantRevokeData grData = createGrantRevokeData(objAccessInfo, hivePrincipals, hivePrivileges, grantorPrincipal, grantOption);
+
+			LOG.warn("grantPrivileges(): " + grData.toJson());
+
+			XaAdminRESTClient xaAdmin = new XaAdminRESTClient();
+
+		    xaAdmin.grantPrivilege(grData);
+		} catch(Exception excp) {
+			throw new HiveAccessControlException(excp);
+		}
+	}
+
+	/**
+	 * Revoke privileges for principals on the object
+	 * @param hivePrincipals
+	 * @param hivePrivileges
+	 * @param hivePrivObject
+	 * @param grantorPrincipal
+	 * @param grantOption
+	 * @throws HiveAuthzPluginException
+	 * @throws HiveAccessControlException
+	 */
+	@Override
+	public void revokePrivileges(List<HivePrincipal> hivePrincipals,
+								 List<HivePrivilege> hivePrivileges,
+								 HivePrivilegeObject hivePrivObject,
+								 HivePrincipal grantorPrincipal,
+								 boolean       grantOption)
+										 throws HiveAuthzPluginException, HiveAccessControlException {
+		XaHiveObjectAccessInfo objAccessInfo = getObjectAccessInfo(HiveOperationType.REVOKE_PRIVILEGE, hivePrivObject, new XaHiveAccessContext(null, getHiveAuthzSessionContext()), true);
+
+		try {
+			GrantRevokeData grData = createGrantRevokeData(objAccessInfo, hivePrincipals, hivePrivileges, grantorPrincipal, grantOption);
+
+			LOG.warn("revokePrivileges(): " + grData.toJson());
+
+			XaAdminRESTClient xaAdmin = new XaAdminRESTClient();
+
+		    xaAdmin.revokePrivilege(grData);
+		} catch(Exception excp) {
+			throw new HiveAccessControlException(excp);
+		}
+	}
+
+	/**
+	 * Check if user has privileges to do this action on these objects
+	 * @param hiveOpType
+	 * @param inputsHObjs
+	 * @param outputHObjs
+	 * @param context
+	 * @throws HiveAuthzPluginException
+	 * @throws HiveAccessControlException
+	 */
 	@Override
 	public void checkPrivileges(HiveOperationType         hiveOpType,
 								List<HivePrivilegeObject> inputHObjs,
@@ -61,19 +141,20 @@ public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase {
 							    HiveAuthzContext          context)
 		      throws HiveAuthzPluginException, HiveAccessControlException {
 
+		UserGroupInformation ugi        =  this.getCurrentUserGroupInfo();
+		XaHiveAccessContext hiveContext = this.getAccessContext(context);
+
 		if(LOG.isDebugEnabled()) {
-			LOG.debug(toString(hiveOpType, inputHObjs, outputHObjs, context));
+			LOG.debug(toString(hiveOpType, inputHObjs, outputHObjs, hiveContext));
 		}
 		
 		if(hiveOpType == HiveOperationType.DFS) {
-			handleDfsCommand(hiveOpType, inputHObjs, outputHObjs, context);
+			handleDfsCommand(hiveOpType, inputHObjs, outputHObjs, hiveContext);
 			
 			return;
 		}
 
-		UserGroupInformation ugi =  this.getCurrentUserGroupInfo();
-
-		List<XaHiveObjectAccessInfo> objAccessList = getObjectAccessInfo(hiveOpType, inputHObjs, outputHObjs, context);
+		List<XaHiveObjectAccessInfo> objAccessList = getObjectAccessInfo(hiveOpType, inputHObjs, outputHObjs, hiveContext);
 
 		for(XaHiveObjectAccessInfo objAccessInfo : objAccessList) {
             boolean ret = false;
@@ -108,17 +189,18 @@ public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase {
 		}
 	}
 	
-	private List<XaHiveObjectAccessInfo> getObjectAccessInfo(HiveOperationType         hiveOpType,
+	private List<XaHiveObjectAccessInfo> getObjectAccessInfo(HiveOperationType       hiveOpType,
 														   List<HivePrivilegeObject> inputsHObjs,
 														   List<HivePrivilegeObject> outputHObjs,
-														   HiveAuthzContext          context) {
+														   XaHiveAccessContext       context) {
 		List<XaHiveObjectAccessInfo> ret = new ArrayList<XaHiveObjectAccessInfo>();
 
 		if(inputsHObjs != null) {
 			for(HivePrivilegeObject hiveObj : inputsHObjs) {
 				XaHiveObjectAccessInfo hiveAccessObj = getObjectAccessInfo(hiveOpType, hiveObj, context, true);
 				
-				if(hiveAccessObj != null && !ret.contains(hiveAccessObj)) {
+				if(   hiveAccessObj != null
+				   && !ret.contains(hiveAccessObj)) {
 					ret.add(hiveAccessObj);
 				}
 			}
@@ -128,7 +210,8 @@ public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase {
 			for(HivePrivilegeObject hiveObj : outputHObjs) {
 				XaHiveObjectAccessInfo hiveAccessObj = getObjectAccessInfo(hiveOpType, hiveObj, context, false);
 				
-				if(hiveAccessObj != null && !ret.contains(hiveAccessObj)) {
+				if(   hiveAccessObj != null
+				   && !ret.contains(hiveAccessObj)) {
 					ret.add(hiveAccessObj);
 				}
 			}
@@ -141,47 +224,45 @@ public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase {
 		return ret;
 	}
 
-	private XaHiveObjectAccessInfo getObjectAccessInfo(HiveOperationType hiveOpType, HivePrivilegeObject hiveObj, HiveAuthzContext context, boolean isInput) {
+	private XaHiveObjectAccessInfo getObjectAccessInfo(HiveOperationType hiveOpType, HivePrivilegeObject hiveObj, XaHiveAccessContext context, boolean isInput) {
 		XaHiveObjectAccessInfo ret = null;
 
 		HiveObjectType objectType = getObjectType(hiveObj, hiveOpType);
 		HiveAccessType accessType = getAccessType(hiveObj, hiveOpType, isInput);
 		String         operType   = hiveOpType.name();
 
-		XaHiveAccessContext hiveContext = new XaHiveAccessContext(context);
-
 		switch(objectType) {
 			case DATABASE:
-				ret = new XaHiveObjectAccessInfo(operType, hiveContext, accessType, hiveObj.getDbname());
+				ret = new XaHiveObjectAccessInfo(operType, context, accessType, hiveObj.getDbname());
 			break;
 	
 			case TABLE:
-				ret = new XaHiveObjectAccessInfo(operType, hiveContext, accessType, hiveObj.getDbname(), HiveObjectType.TABLE, hiveObj.getObjectName());
+				ret = new XaHiveObjectAccessInfo(operType, context, accessType, hiveObj.getDbname(), HiveObjectType.TABLE, hiveObj.getObjectName());
 			break;
 	
 			case VIEW:
-				ret = new XaHiveObjectAccessInfo(operType, hiveContext, accessType, hiveObj.getDbname(), HiveObjectType.VIEW, hiveObj.getObjectName());
+				ret = new XaHiveObjectAccessInfo(operType, context, accessType, hiveObj.getDbname(), HiveObjectType.VIEW, hiveObj.getObjectName());
 			break;
 	
 			case PARTITION:
-				ret = new XaHiveObjectAccessInfo(operType, hiveContext, accessType, hiveObj.getDbname(), HiveObjectType.PARTITION, hiveObj.getObjectName());
+				ret = new XaHiveObjectAccessInfo(operType, context, accessType, hiveObj.getDbname(), HiveObjectType.PARTITION, hiveObj.getObjectName());
 			break;
 	
 			case INDEX:
 				String indexName = "?"; // TODO:
-				ret = new XaHiveObjectAccessInfo(operType, hiveContext, accessType, hiveObj.getDbname(), hiveObj.getObjectName(), HiveObjectType.INDEX, indexName);
+				ret = new XaHiveObjectAccessInfo(operType, context, accessType, hiveObj.getDbname(), hiveObj.getObjectName(), HiveObjectType.INDEX, indexName);
 			break;
 	
 			case COLUMN:
-				ret = new XaHiveObjectAccessInfo(operType, hiveContext, accessType, hiveObj.getDbname(), hiveObj.getObjectName(), hiveObj.getColumns());
+				ret = new XaHiveObjectAccessInfo(operType, context, accessType, hiveObj.getDbname(), hiveObj.getObjectName(), hiveObj.getColumns());
 			break;
 
 			case FUNCTION:
-				ret = new XaHiveObjectAccessInfo(operType, hiveContext, accessType, hiveObj.getDbname(), HiveObjectType.FUNCTION, hiveObj.getObjectName());
+				ret = new XaHiveObjectAccessInfo(operType, context, accessType, hiveObj.getDbname(), HiveObjectType.FUNCTION, hiveObj.getObjectName());
 			break;
 
             case URI:
-                ret = new XaHiveObjectAccessInfo(operType, hiveContext, accessType, HiveObjectType.URI, hiveObj.getObjectName());
+                ret = new XaHiveObjectAccessInfo(operType, context, accessType, HiveObjectType.URI, hiveObj.getObjectName());
             break;
 
 			case NONE:
@@ -299,6 +380,8 @@ public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase {
 				case ALTERTABLE_SKEWED:
 				case ALTERTABLE_TOUCH:
 				case ALTERTABLE_UNARCHIVE:
+				case ALTERTABLE_UPDATEPARTSTATS:
+				case ALTERTABLE_UPDATETABLESTATS:
 				case ALTERTBLPART_SKEWED_LOCATION:
 				case ALTERVIEW_PROPERTIES:
 				case ALTERVIEW_RENAME:
@@ -344,6 +427,11 @@ public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase {
 					accessType = HiveAccessType.UPDATE;
 				break;
 
+				case GRANT_PRIVILEGE:
+				case REVOKE_PRIVILEGE:
+					accessType = HiveAccessType.ADMIN;
+				break;
+
 				case ADD:
 				case ANALYZE_TABLE:
 				case COMPILE:
@@ -356,10 +444,8 @@ public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase {
 				case DROPMACRO:
 				case DROPROLE:
 				case EXPLAIN:
-				case GRANT_PRIVILEGE:
 				case GRANT_ROLE:
 				case MSCK:
-				case REVOKE_PRIVILEGE:
 				case REVOKE_ROLE:
 				case RESET:
 				case SET:
@@ -400,6 +486,7 @@ public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase {
             case INDEX:
             case INSERT:
             case LOCK:
+            case ADMIN:
                 action = FsAction.WRITE;
             break;
 
@@ -438,7 +525,7 @@ public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase {
 	private void handleDfsCommand(HiveOperationType         hiveOpType,
 								  List<HivePrivilegeObject> inputHObjs,
 							      List<HivePrivilegeObject> outputHObjs,
-							      HiveAuthzContext          context)
+							      XaHiveAccessContext       context)
 	      throws HiveAuthzPluginException, HiveAccessControlException {
 
 		String dfsCommandParams = null;
@@ -463,7 +550,93 @@ public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase {
 											 ugi.getShortUserName(), hiveOpType.name()));
 		
 	}
-   
+	
+	private GrantRevokeData createGrantRevokeData(XaHiveObjectAccessInfo objAccessInfo,
+												  List<HivePrincipal>    hivePrincipals,
+												  List<HivePrivilege>    hivePrivileges,
+												  HivePrincipal          grantorPrincipal,
+												  boolean                grantOption)
+														  throws HiveAccessControlException {
+		if(objAccessInfo == null ||
+		  ! (   objAccessInfo.getObjectType() == HiveObjectType.DATABASE
+		     || objAccessInfo.getObjectType() == HiveObjectType.TABLE
+		     || objAccessInfo.getObjectType() == HiveObjectType.VIEW
+		     || objAccessInfo.getObjectType() == HiveObjectType.COLUMN
+		   )
+		  ) {
+			throw new HiveAccessControlException("grantPrivileges(): unexpected object type '" + objAccessInfo.getObjectType().name());
+		}
+		
+		String database = objAccessInfo.getDatabase();
+		String table    = objAccessInfo.getObjectType() == HiveObjectType.VIEW ? objAccessInfo.getView() : objAccessInfo.getTable();
+		String columns  = StringUtil.toString(objAccessInfo.getColumns());
+		
+		GrantRevokeData grData = new GrantRevokeData();
+		
+		List<String> permList  = new ArrayList<String>();
+		List<String> userList  = new ArrayList<String>();
+		List<String> groupList = new ArrayList<String>();
+		
+		for(HivePrivilege privilege : hivePrivileges) {
+			String privName = privilege.getName();
+			
+			if(StringUtil.equalsIgnoreCase(privName, HiveAccessType.ALL.name())) {
+				permList.add(HiveAccessType.ALL.name());
+			} else if(StringUtil.equalsIgnoreCase(privName, HiveAccessType.ALTER.name())) {
+				permList.add(HiveAccessType.ALTER.name());
+			} else if(StringUtil.equalsIgnoreCase(privName, HiveAccessType.CREATE.name())) {
+				permList.add(HiveAccessType.CREATE.name());
+			} else if(StringUtil.equalsIgnoreCase(privName, HiveAccessType.DROP.name())) {
+				permList.add(HiveAccessType.DROP.name());
+			} else if(StringUtil.equalsIgnoreCase(privName, HiveAccessType.INDEX.name())) {
+				permList.add(HiveAccessType.INDEX.name());
+			} else if(StringUtil.equalsIgnoreCase(privName, HiveAccessType.INSERT.name())) {
+				permList.add(HiveAccessType.INSERT.name());
+			} else if(StringUtil.equalsIgnoreCase(privName, HiveAccessType.LOCK.name())) {
+				permList.add(HiveAccessType.LOCK.name());
+			} else if(StringUtil.equalsIgnoreCase(privName, HiveAccessType.SELECT.name())) {
+				permList.add(HiveAccessType.SELECT.name());
+			} else if(StringUtil.equalsIgnoreCase(privName, HiveAccessType.UPDATE.name())) {
+				permList.add(HiveAccessType.UPDATE.name());
+			}
+		}
+		
+		if(grantOption) {
+			permList.add(HiveAccessType.ADMIN.name());
+		}
+		
+		for(HivePrincipal principal : hivePrincipals) {
+			switch(principal.getType()) {
+				case USER:
+					userList.add(principal.getName());
+				break;
+
+				case GROUP:
+				case ROLE:
+					groupList.add(principal.getName());
+				break;
+
+				default:
+				break;
+			}
+		}
+
+		List<GrantRevokeData.UserPermList>  userPermList = new ArrayList<GrantRevokeData.UserPermList>();
+		List<GrantRevokeData.GroupPermList> groupPermList = new ArrayList<GrantRevokeData.GroupPermList>();
+		
+		if(! userList.isEmpty()) {
+			userPermList.add(new GrantRevokeData.UserPermList(userList, permList));
+		}
+
+		if(! groupPermList.isEmpty()) {
+			groupPermList.add(new GrantRevokeData.GroupPermList(groupList, permList));
+		}
+		
+		grData.setHiveData(grantorPrincipal.getName(), repositoryName, database, table, columns, userPermList, groupPermList);
+		
+		return grData;
+	}
+
     private void logAuditEventForDfs(UserGroupInformation ugi, String dfsCommand, boolean accessGranted) {
 		HiveAuditEvent auditEvent = new HiveAuditEvent();
 
@@ -538,7 +711,7 @@ public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase {
 	private String toString(HiveOperationType         hiveOpType,
 							List<HivePrivilegeObject> inputHObjs,
 							List<HivePrivilegeObject> outputHObjs,
-							HiveAuthzContext          context) {
+							XaHiveAccessContext       context) {
 		StringBuilder sb = new StringBuilder();
 		
 		sb.append("'checkPrivileges':{");
@@ -556,7 +729,7 @@ public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase {
 		if(context != null) {
 			sb.append("'clientType':").append(context.getClientType());
 			sb.append(", 'commandString':").append(context.getCommandString());
-			sb.append(", 'ipAddress':").append(context.getIpAddress());
+			sb.append(", 'ipAddress':").append(context.getClientIpAddress());
 			sb.append(", 'sessionString':").append(context.getSessionString());
 		}
 		sb.append("}");

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/05e62b8e/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizerBase.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizerBase.java b/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizerBase.java
index 92a3bb8..4f2c61d 100644
--- a/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizerBase.java
+++ b/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizerBase.java
@@ -8,6 +8,7 @@ import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControl
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzContext;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactory;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveOperationType;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal;
@@ -17,19 +18,24 @@ import org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObje
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant;
 import org.apache.hadoop.security.UserGroupInformation;
 
+import com.xasecure.authorization.hive.XaHiveAccessContext;
+
 public class XaSecureHiveAuthorizerBase implements HiveAuthorizer {
 
 	private HiveMetastoreClientFactory mMetastoreClientFactory;
 	private HiveConf                   mHiveConf;
 	private HiveAuthenticationProvider mHiveAuthenticator;
+	private HiveAuthzSessionContext    mSessionContext;
 	private UserGroupInformation       mUgi;
 	  
 	public XaSecureHiveAuthorizerBase(HiveMetastoreClientFactory metastoreClientFactory,
 									  HiveConf                   hiveConf,
-									  HiveAuthenticationProvider hiveAuthenticator) {
+									  HiveAuthenticationProvider hiveAuthenticator,
+									  HiveAuthzSessionContext    context) {
 		mMetastoreClientFactory = metastoreClientFactory;
 		mHiveConf               = hiveConf;
 		mHiveAuthenticator      = hiveAuthenticator;
+		mSessionContext         = context;
 
 		String userName = mHiveAuthenticator == null ? null : mHiveAuthenticator.getUserName();
 
@@ -48,15 +54,87 @@ public class XaSecureHiveAuthorizerBase implements HiveAuthorizer {
 		return mHiveAuthenticator;
 	}
 
+	public HiveAuthzSessionContext getHiveAuthzSessionContext() {
+		return mSessionContext;
+	}
+
 	public UserGroupInformation getCurrentUserGroupInfo() {
 		return mUgi;
 	}
+	
+	public XaHiveAccessContext getAccessContext(HiveAuthzContext context) {
+		return new XaHiveAccessContext(context, mSessionContext);
+	}
 
 	@Override
 	public void applyAuthorizationConfigPolicy(HiveConf arg0) {
 		// TODO Auto-generated method stub
 	}
 
+	/**
+	 * Grant privileges for principals on the object
+	 * @param hivePrincipals
+	 * @param hivePrivileges
+	 * @param hivePrivObject
+	 * @param grantorPrincipal
+	 * @param grantOption
+	 * @throws HiveAuthzPluginException
+	 * @throws HiveAccessControlException
+	 */
+	@Override
+	public void grantPrivileges(List<HivePrincipal> hivePrincipals,
+								List<HivePrivilege> hivePrivileges,
+								HivePrivilegeObject hivePrivObject,
+								HivePrincipal grantorPrincipal,
+								boolean       grantOption)
+	    throws HiveAuthzPluginException, HiveAccessControlException {
+		// TODO Auto-generated method stub
+	}
+
+	/**
+	 * Revoke privileges for principals on the object
+	 * @param hivePrincipals
+	 * @param hivePrivileges
+	 * @param hivePrivObject
+	 * @param grantorPrincipal
+	 * @param grantOption
+	 * @throws HiveAuthzPluginException
+	 * @throws HiveAccessControlException
+	 */
+	@Override
+	public void revokePrivileges(List<HivePrincipal> hivePrincipals,
+								 List<HivePrivilege> hivePrivileges,
+								 HivePrivilegeObject hivePrivObject,
+								 HivePrincipal grantorPrincipal,
+								 boolean       grantOption)
+	    throws HiveAuthzPluginException, HiveAccessControlException {
+		// TODO Auto-generated method stub
+	}
+
+	/**
+	 * Show privileges for given principal on given object
+	 * @param principal
+	 * @param privObj
+	 * @return
+	 * @throws HiveAuthzPluginException
+	 * @throws HiveAccessControlException
+	 */
+	@Override
+	public List<HivePrivilegeInfo> showPrivileges(HivePrincipal principal, HivePrivilegeObject privObj)
+	    throws HiveAuthzPluginException, HiveAccessControlException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/**
+	 * Check if user has privileges to do this action on these objects
+	 * @param hiveOpType
+	 * @param inputsHObjs
+	 * @param outputHObjs
+	 * @param context
+	 * @throws HiveAuthzPluginException
+	 * @throws HiveAccessControlException
+	 */
 	@Override
 	public void checkPrivileges(HiveOperationType         hiveOpType,
 								List<HivePrivilegeObject> inputsHObjs,
@@ -114,15 +192,6 @@ public class XaSecureHiveAuthorizerBase implements HiveAuthorizer {
 	}
 
 	@Override
-	public void grantPrivileges(List<HivePrincipal> arg0,
-			List<HivePrivilege> arg1, HivePrivilegeObject arg2,
-			HivePrincipal arg3, boolean arg4) throws HiveAuthzPluginException,
-			HiveAccessControlException {
-		// TODO Auto-generated method stub
-		
-	}
-
-	@Override
 	public void grantRole(List<HivePrincipal> arg0, List<String> arg1,
 			boolean arg2, HivePrincipal arg3) throws HiveAuthzPluginException,
 			HiveAccessControlException {
@@ -131,15 +200,6 @@ public class XaSecureHiveAuthorizerBase implements HiveAuthorizer {
 	}
 
 	@Override
-	public void revokePrivileges(List<HivePrincipal> arg0,
-			List<HivePrivilege> arg1, HivePrivilegeObject arg2,
-			HivePrincipal arg3, boolean arg4) throws HiveAuthzPluginException,
-			HiveAccessControlException {
-		// TODO Auto-generated method stub
-		
-	}
-
-	@Override
 	public void revokeRole(List<HivePrincipal> arg0, List<String> arg1,
 			boolean arg2, HivePrincipal arg3) throws HiveAuthzPluginException,
 			HiveAccessControlException {
@@ -153,13 +213,4 @@ public class XaSecureHiveAuthorizerBase implements HiveAuthorizer {
 		// TODO Auto-generated method stub
 		
 	}
-
-	@Override
-	public List<HivePrivilegeInfo> showPrivileges(HivePrincipal arg0,
-			HivePrivilegeObject arg1) throws HiveAuthzPluginException,
-			HiveAccessControlException {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
 }

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/05e62b8e/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizerFactory.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizerFactory.java b/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizerFactory.java
index 4a2fc40..c8974f4 100644
--- a/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizerFactory.java
+++ b/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizerFactory.java
@@ -6,13 +6,15 @@ import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizer;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException;
 import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveMetastoreClientFactory;
+import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzSessionContext;
 
 public class XaSecureHiveAuthorizerFactory implements HiveAuthorizerFactory {
 	@Override
 	public HiveAuthorizer createHiveAuthorizer(HiveMetastoreClientFactory metastoreClientFactory,
-											   HiveConf conf,
-											   HiveAuthenticationProvider hiveAuthenticator)
+											   HiveConf                   conf,
+											   HiveAuthenticationProvider hiveAuthenticator,
+											   HiveAuthzSessionContext    sessionContext)
 													   throws HiveAuthzPluginException {
-		return new XaSecureHiveAuthorizer(metastoreClientFactory, conf, hiveAuthenticator);
+		return new XaSecureHiveAuthorizer(metastoreClientFactory, conf, hiveAuthenticator, sessionContext);
 	}
 }

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/05e62b8e/lib/local/hive-0.14.0-SNAPSHOT/hive-common-0.14.0-SNAPSHOT.jar
----------------------------------------------------------------------
diff --git a/lib/local/hive-0.14.0-SNAPSHOT/hive-common-0.14.0-SNAPSHOT.jar b/lib/local/hive-0.14.0-SNAPSHOT/hive-common-0.14.0-SNAPSHOT.jar
index 51a23b6..7ec88ef 100644
Binary files a/lib/local/hive-0.14.0-SNAPSHOT/hive-common-0.14.0-SNAPSHOT.jar and b/lib/local/hive-0.14.0-SNAPSHOT/hive-common-0.14.0-SNAPSHOT.jar differ

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/05e62b8e/lib/local/hive-0.14.0-SNAPSHOT/hive-exec-0.14.0-SNAPSHOT.jar
----------------------------------------------------------------------
diff --git a/lib/local/hive-0.14.0-SNAPSHOT/hive-exec-0.14.0-SNAPSHOT.jar b/lib/local/hive-0.14.0-SNAPSHOT/hive-exec-0.14.0-SNAPSHOT.jar
index 4c76772..430435d 100644
Binary files a/lib/local/hive-0.14.0-SNAPSHOT/hive-exec-0.14.0-SNAPSHOT.jar and b/lib/local/hive-0.14.0-SNAPSHOT/hive-exec-0.14.0-SNAPSHOT.jar differ

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/05e62b8e/lib/local/hive-0.14.0-SNAPSHOT/hive-metastore-0.14.0-SNAPSHOT.jar
----------------------------------------------------------------------
diff --git a/lib/local/hive-0.14.0-SNAPSHOT/hive-metastore-0.14.0-SNAPSHOT.jar b/lib/local/hive-0.14.0-SNAPSHOT/hive-metastore-0.14.0-SNAPSHOT.jar
index 3f6b5b2..fbb30db 100644
Binary files a/lib/local/hive-0.14.0-SNAPSHOT/hive-metastore-0.14.0-SNAPSHOT.jar and b/lib/local/hive-0.14.0-SNAPSHOT/hive-metastore-0.14.0-SNAPSHOT.jar differ

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/05e62b8e/lib/local/hive-0.14.0-SNAPSHOT/hive-service-0.14.0-SNAPSHOT.jar
----------------------------------------------------------------------
diff --git a/lib/local/hive-0.14.0-SNAPSHOT/hive-service-0.14.0-SNAPSHOT.jar b/lib/local/hive-0.14.0-SNAPSHOT/hive-service-0.14.0-SNAPSHOT.jar
index 739056a..abc08d8 100644
Binary files a/lib/local/hive-0.14.0-SNAPSHOT/hive-service-0.14.0-SNAPSHOT.jar and b/lib/local/hive-0.14.0-SNAPSHOT/hive-service-0.14.0-SNAPSHOT.jar differ

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/05e62b8e/security-admin/.settings/org.eclipse.wst.common.component
----------------------------------------------------------------------
diff --git a/security-admin/.settings/org.eclipse.wst.common.component b/security-admin/.settings/org.eclipse.wst.common.component
index ba98c1a..9c26ea8 100644
--- a/security-admin/.settings/org.eclipse.wst.common.component
+++ b/security-admin/.settings/org.eclipse.wst.common.component
@@ -1,13 +1,14 @@
-<?xml version="1.0" encoding="UTF-8"?><project-modules id="moduleCoreId" project-version="1.5.0">
+<?xml version="1.0" encoding="UTF-8"?>
+<project-modules id="moduleCoreId" project-version="1.5.0">
     <wb-module deploy-name="security-admin-web">
         <wb-resource deploy-path="/" source-path="/target/m2e-wtp/web-resources"/>
         <wb-resource deploy-path="/" source-path="/src/main/webapp" tag="defaultRootSource"/>
         <wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/java"/>
         <wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/resources"/>
-        <dependent-module archiveName="lookup-client-3.6.000.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/lookup-client/lookup-client">
+        <dependent-module archiveName="lookup-client-0.1.0.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/lookup-client/lookup-client">
             <dependency-type>uses</dependency-type>
         </dependent-module>
-        <dependent-module archiveName="unixauthclient-3.6.000.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/unixauthclient/unixauthclient">
+        <dependent-module archiveName="unixauthclient-0.1.0.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/unixauthclient/unixauthclient">
             <dependency-type>uses</dependency-type>
         </dependent-module>
         <property name="context-root" value="security-admin-web"/>

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/05e62b8e/security-admin/src/main/java/com/xasecure/rest/AssetREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/rest/AssetREST.java b/security-admin/src/main/java/com/xasecure/rest/AssetREST.java
index cd8a45a..840c99a 100644
--- a/security-admin/src/main/java/com/xasecure/rest/AssetREST.java
+++ b/security-admin/src/main/java/com/xasecure/rest/AssetREST.java
@@ -50,6 +50,7 @@ import com.xasecure.view.VXAssetList;
 import com.xasecure.view.VXCredentialStore;
 import com.xasecure.view.VXCredentialStoreList;
 import com.xasecure.view.VXLong;
+import com.xasecure.view.VXPolicy;
 import com.xasecure.view.VXPolicyExportAuditList;
 import com.xasecure.view.VXResource;
 import com.xasecure.view.VXResourceList;
@@ -548,5 +549,23 @@ public class AssetREST {
 		searchUtil.extractDate(request, searchCriteria, "endDate", "endDate",
 				"MM/dd/yyyy");
 		return assetMgr.getAccessLogs(searchCriteria);
-	}		
+	}
+	
+	@POST
+	@Path("/resources/grant")
+	@Produces({ "application/xml", "application/json" })	
+	public VXPolicy grantPermission(@Context HttpServletRequest request,VXPolicy vXPolicy) {
+		//TODO:https and certificate check
+		//TODO:grant permissions
+		return vXPolicy;
+	}
+	
+	@POST
+	@Path("/resources/revoke")
+	@Produces({ "application/xml", "application/json" })	
+	public VXPolicy revokePermission(@Context HttpServletRequest request,VXPolicy vXPolicy) {
+		//TODO:https and certificate check
+		//TODO:revoke permissions
+		return vXPolicy;
+	}
 }

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/05e62b8e/security-admin/src/main/java/com/xasecure/view/VXPolicy.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/view/VXPolicy.java b/security-admin/src/main/java/com/xasecure/view/VXPolicy.java
index 52b96e6..791016e 100644
--- a/security-admin/src/main/java/com/xasecure/view/VXPolicy.java
+++ b/security-admin/src/main/java/com/xasecure/view/VXPolicy.java
@@ -125,6 +125,7 @@ public class VXPolicy extends VXDataObject implements java.io.Serializable {
 	 */
 	protected String version;
 
+	protected String grantor;
 	/**
 	 * Default constructor. This will set all the attributes to default value.
 	 */
@@ -570,6 +571,15 @@ public class VXPolicy extends VXDataObject implements java.io.Serializable {
 		this.version = version;
 	}
 
+	
+	public String getGrantor() {
+		return grantor;
+	}
+
+	public void setGrantor(String grantor) {
+		this.grantor = grantor;
+	}
+
 	@Override
 	public int getMyClassType() {
 		return AppConstants.CLASS_TYPE_XA_RESOURCE;


Mime
View raw message