ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sneet...@apache.org
Subject [2/2] git commit: ARGUS-69:Support Oracle database for storing policy and audit information
Date Fri, 19 Sep 2014 03:54:07 GMT
ARGUS-69:Support Oracle database for storing policy and audit information

Signed-off-by: sneethiraj <sneethir@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/incubator-argus/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-argus/commit/a0a18007
Tree: http://git-wip-us.apache.org/repos/asf/incubator-argus/tree/a0a18007
Diff: http://git-wip-us.apache.org/repos/asf/incubator-argus/diff/a0a18007

Branch: refs/heads/master
Commit: a0a18007f123c156f4e973eee0dd6543c13f52e0
Parents: 9660b4e
Author: vperiasamy <vperiasamy@hortonworks.com>
Authored: Thu Sep 18 23:34:01 2014 -0400
Committer: sneethiraj <sneethir@apache.org>
Committed: Thu Sep 18 23:53:28 2014 -0400

----------------------------------------------------------------------
 .../xasecure/audit/entity/XXBaseAuditEvent.java |   4 +-
 hbase-agent/conf/xasecure-audit-changes.cfg     |   7 +-
 hbase-agent/scripts/install.properties          |  24 +-
 hbase-agent/scripts/install.sh                  |  61 +-
 hdfs-agent/conf/xasecure-audit-changes.cfg      |   3 +-
 hdfs-agent/scripts/install.properties           |  24 +-
 hdfs-agent/scripts/install.sh                   |  60 +-
 hive-agent/conf/xasecure-audit-changes.cfg      |   5 +-
 hive-agent/scripts/install.properties           |  25 +
 hive-agent/scripts/install.sh                   |  54 ++
 knox-agent/conf/xasecure-audit-changes.cfg      |   5 +-
 knox-agent/scripts/install.properties           |  24 +-
 knox-agent/scripts/install.sh                   |  64 +-
 .../db/oracle/create_dbversion_catalog.sql      |  10 +
 .../db/oracle/patches/001-groupsource.sql       |  14 +
 .../db/oracle/patches/002-policyname.sql        |  14 +
 .../db/oracle/patches/003-knoxrepo.sql          |  34 +
 .../patches/006-createdefaultpublicgroup.sql    |  14 +
 security-admin/db/oracle/xa_audit_db_oracle.sql |  88 ++
 security-admin/db/oracle/xa_core_db_oracle.sql  | 563 +++++++++++++
 security-admin/pom.xml                          |   6 +-
 security-admin/scripts/install.properties       |  41 +-
 security-admin/scripts/install.sh               | 820 ++++++++++++++-----
 .../java/com/xasecure/common/SearchUtil.java    |   4 +-
 .../main/java/com/xasecure/db/XXGroupDao.java   |   2 +-
 .../java/com/xasecure/db/XXPortalUserDao.java   |   4 +-
 .../main/java/com/xasecure/db/XXUserDao.java    |   2 +-
 .../java/com/xasecure/entity/XXAccessAudit.java |  14 +-
 .../main/java/com/xasecure/entity/XXAsset.java  |  14 +-
 .../java/com/xasecure/entity/XXAuditMap.java    |  14 +
 .../java/com/xasecure/entity/XXAuthSession.java |  14 +
 .../com/xasecure/entity/XXCredentialStore.java  |  14 +-
 .../main/java/com/xasecure/entity/XXDBBase.java |  22 +-
 .../main/java/com/xasecure/entity/XXGroup.java  |  15 +-
 .../java/com/xasecure/entity/XXGroupGroup.java  |  15 +-
 .../java/com/xasecure/entity/XXGroupUser.java   |  14 +
 .../java/com/xasecure/entity/XXPermMap.java     |  14 +
 .../xasecure/entity/XXPolicyExportAudit.java    |  14 +
 .../java/com/xasecure/entity/XXPortalUser.java  |  17 +-
 .../com/xasecure/entity/XXPortalUserRole.java   |  14 +-
 .../java/com/xasecure/entity/XXResource.java    |  14 +-
 .../main/java/com/xasecure/entity/XXTrxLog.java |  15 +-
 .../main/java/com/xasecure/entity/XXUser.java   |  14 +-
 .../com/xasecure/entity/view/VXXTrxLog.java     |   3 +-
 .../main/java/com/xasecure/rest/AssetREST.java  |   2 +-
 .../service/AbstractBaseResourceService.java    |   3 +-
 storm-agent/conf/xasecure-audit-changes.cfg     |   3 +-
 storm-agent/scripts/install.properties          |  23 +-
 storm-agent/scripts/install.sh                  |  63 +-
 49 files changed, 2006 insertions(+), 305 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/agents-audit/src/main/java/com/xasecure/audit/entity/XXBaseAuditEvent.java
----------------------------------------------------------------------
diff --git a/agents-audit/src/main/java/com/xasecure/audit/entity/XXBaseAuditEvent.java b/agents-audit/src/main/java/com/xasecure/audit/entity/XXBaseAuditEvent.java
index a0691bb..aca6963 100644
--- a/agents-audit/src/main/java/com/xasecure/audit/entity/XXBaseAuditEvent.java
+++ b/agents-audit/src/main/java/com/xasecure/audit/entity/XXBaseAuditEvent.java
@@ -30,6 +30,7 @@ import javax.persistence.GeneratedValue;
 import javax.persistence.GenerationType;
 import javax.persistence.Id;
 import javax.persistence.Inheritance;
+import javax.persistence.SequenceGenerator;
 import javax.persistence.Table;
 import javax.persistence.Temporal;
 import javax.persistence.TemporalType;
@@ -86,7 +87,8 @@ public class XXBaseAuditEvent implements Serializable {
 	}
 
 	@Id
-	@GeneratedValue(strategy = GenerationType.IDENTITY)
+	@SequenceGenerator(name="XA_ACCESS_AUDIT_SEQ",sequenceName="XA_ACCESS_AUDIT_SEQ",allocationSize=1)
+	@GeneratedValue(strategy=GenerationType.AUTO,generator="XA_ACCESS_AUDIT_SEQ")
 	@Column(name = "id", unique = true, nullable = false)
 	public long getAuditId() {
 		return this.auditId;

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/hbase-agent/conf/xasecure-audit-changes.cfg
----------------------------------------------------------------------
diff --git a/hbase-agent/conf/xasecure-audit-changes.cfg b/hbase-agent/conf/xasecure-audit-changes.cfg
index e3d05f0..dd4b70b 100644
--- a/hbase-agent/conf/xasecure-audit-changes.cfg
+++ b/hbase-agent/conf/xasecure-audit-changes.cfg
@@ -1,5 +1,6 @@
-xasecure.audit.jpa.javax.persistence.jdbc.url		jdbc:mysql://%XAAUDIT.DB.HOSTNAME%/%XAAUDIT.DB.DATABASE_NAME%	mod create-if-not-exists
+xasecure.audit.jpa.javax.persistence.jdbc.url		%XAAUDIT.DB.JDBC_URL%											mod create-if-not-exists
 xasecure.audit.jpa.javax.persistence.jdbc.user		%XAAUDIT.DB.USER_NAME% 											mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.password	crypted 														mod create-if-not-exists
-xasecure.audit.repository.name						%REPOSITORY_NAME%  												mod create-if-not-exists
+xasecure.audit.jpa.javax.persistence.jdbc.password	crypted 											mod create-if-not-exists
+xasecure.audit.repository.name						%REPOSITORY_NAME% 												mod create-if-not-exists
 xasecure.audit.credential.provider.file     		jceks://file%CREDENTIAL_PROVIDER_FILE% 							mod create-if-not-exists
+xasecure.audit.jpa.javax.persistence.jdbc.driver	%XAAUDIT.DB.JDBC_DRIVER% 										mod create-if-not-exists

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/hbase-agent/scripts/install.properties
----------------------------------------------------------------------
diff --git a/hbase-agent/scripts/install.properties b/hbase-agent/scripts/install.properties
index 2aaf56a..fa963ec 100644
--- a/hbase-agent/scripts/install.properties
+++ b/hbase-agent/scripts/install.properties
@@ -8,10 +8,17 @@
 
 POLICY_MGR_URL=
 
+# Example:
+# XAAUDIT.DB.FLAVOUR=MYSQL
+# XAAUDIT.DB.FLAVOUR=ORACLE
+XAAUDIT.DB.FLAVOUR=MYSQL
+
 #
-# Location of mysql client library (please check the location of the jar file)
+# Location of db client library (please check the location of the jar file)
 #
-MYSQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
+#SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
+#SQL_CONNECTOR_JAR=/usr/share/java/ojdbc6.jar
+SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
 
 #
 # This is the repository name created within policy manager
@@ -85,3 +92,16 @@ SSL_TRUSTSTORE_PASSWORD=changeit
 #     UPDATE_XAPOLICIES_ON_GRANT_REVOKE=false
 #
 UPDATE_XAPOLICIES_ON_GRANT_REVOKE=true
+
+#
+# do not change value of below given properties as value will be assigned by system based on above settings.
+# Example:
+# MySQL:
+# XAAUDIT.DB.JDBC_URL=jdbc:mysql://localhost:3306/xasecure
+# XAAUDIT.DB.JDBC_DRIVER=com.mysql.jdbc.Driver
+# Oracle:
+# XAAUDIT.DB.JDBC_URL=jdbc:oracle:thin:@//127.0.0.1:1521/XE
+# XAAUDIT.DB.JDBC_DRIVER=oracle.jdbc.OracleDriver
+
+XAAUDIT.DB.JDBC_URL=jdbc:mysql://localhost:3306/xasecure
+XAAUDIT.DB.JDBC_DRIVER=com.mysql.jdbc.Driver

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/hbase-agent/scripts/install.sh
----------------------------------------------------------------------
diff --git a/hbase-agent/scripts/install.sh b/hbase-agent/scripts/install.sh
index cc34922..d0d7f1d 100644
--- a/hbase-agent/scripts/install.sh
+++ b/hbase-agent/scripts/install.sh
@@ -19,6 +19,17 @@ then
 fi
 }
 
+#Update Properties to File
+#$1 -> propertyName $2 -> newPropertyValue $3 -> fileName
+updatePropertyToFile(){
+	sed -i 's@^'$1'=[^ ]*$@'$1'='$2'@g' $3
+	#validate=`sed -i 's/^'$1'=[^ ]*$/'$1'='$2'/g' $3`	#for validation
+	validate=$(sed '/^\#/d' $3 | grep "^$1"  | tail -n 1 | cut -d "=" -f2-) # for validation
+	#echo 'V1:'$validate
+	if test -z "$validate" ; then echo "[E] '$1' not found in $3 file while Updating....!!"; exit 1; fi
+	echo "[I] File $3 Updated successfully : {'$1'}"
+}
+
 hbase_dir=/usr/lib/hbase
 hbase_lib_dir=${hbase_dir}/lib
 hbase_conf_dir=/etc/hbase/conf
@@ -51,16 +62,16 @@ install_dir=`dirname $0`
 
 #echo "Current Install Directory: [${install_dir}]"
 
-#verify mysql-connector path is valid
-MYSQL_CONNECTOR_JAR=`grep '^MYSQL_CONNECTOR_JAR'  ${install_dir}/install.properties | awk -F= '{ print $2 }'`
-echo "[I] Checking MYSQL CONNECTOR FILE : $MYSQL_CONNECTOR_JAR" 
-if test -f "$MYSQL_CONNECTOR_JAR"; then
-	echo "[I] MYSQL CONNECTOR FILE : $MYSQL_CONNECTOR_JAR file found" 
+#verify sql-connector path is valid
+SQL_CONNECTOR_JAR=`grep '^SQL_CONNECTOR_JAR'  ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+echo "[I] Checking SQL CONNECTOR FILE : $SQL_CONNECTOR_JAR"
+if test -f "$SQL_CONNECTOR_JAR"; then
+	echo "[I] SQL CONNECTOR FILE : $SQL_CONNECTOR_JAR file found"
 else
-	echo "[E] MYSQL CONNECTOR FILE : $MYSQL_CONNECTOR_JAR does not exists" ; exit 1;
+	echo "[E] SQL CONNECTOR FILE : $SQL_CONNECTOR_JAR does not exists" ; exit 1;
 fi
-#copying mysql connector jar file to lib directory
-cp $MYSQL_CONNECTOR_JAR ${install_dir}/lib
+#copying sql connector jar file to lib directory
+cp $SQL_CONNECTOR_JAR ${install_dir}/lib
 
 
 #
@@ -226,6 +237,40 @@ create_jceks ${ssltruststoreAlias} ${ssltruststoreCred} ${CredFile}
 chown ${CONFIG_FILE_OWNER} ${CredFile} 
 
 PROP_ARGS="-p  ${install_dir}/install.properties"
+to_file="${install_dir}/install.properties"
+DB_FLAVOR=`grep '^XAAUDIT.DB.FLAVOUR'  ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+DB_FLAVOR=`echo $DB_FLAVOR | tr '[:lower:]' '[:upper:]'`
+if [ "${DB_FLAVOR}" == "" ]
+then
+	$DB_FLAVOR="MYSQL"
+fi
+echo "[I] Updating install.properites setting for : $DB_FLAVOR"
+
+if [ "${DB_FLAVOR}" == "MYSQL" ]
+then
+	audit_db_hostname=`grep '^XAAUDIT.DB.HOSTNAME'  ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+	audit_db_name=`grep '^XAAUDIT.DB.DATABASE_NAME'  ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+	propertyName=XAAUDIT.DB.JDBC_URL
+	newPropertyValue="jdbc:mysql://${audit_db_hostname}/${audit_db_name}"
+	updatePropertyToFile $propertyName $newPropertyValue $to_file
+
+	propertyName=XAAUDIT.DB.JDBC_DRIVER
+	newPropertyValue="com.mysql.jdbc.Driver"
+	updatePropertyToFile $propertyName $newPropertyValue $to_file
+fi
+
+if [ "${DB_FLAVOR}" == "ORACLE" ]
+then
+	audit_db_hostname=`grep '^XAAUDIT.DB.HOSTNAME'  ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+	propertyName=XAAUDIT.DB.JDBC_URL
+	newPropertyValue="jdbc:oracle:thin:\@//${audit_db_hostname}"
+	updatePropertyToFile $propertyName $newPropertyValue $to_file
+
+	propertyName=XAAUDIT.DB.JDBC_DRIVER
+	newPropertyValue="oracle.jdbc.OracleDriver"
+	updatePropertyToFile $propertyName $newPropertyValue $to_file
+fi
+
 
 for f in ${install_dir}/installer/conf/*-changes.cfg
 do

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/hdfs-agent/conf/xasecure-audit-changes.cfg
----------------------------------------------------------------------
diff --git a/hdfs-agent/conf/xasecure-audit-changes.cfg b/hdfs-agent/conf/xasecure-audit-changes.cfg
index dc873d5..dd4b70b 100644
--- a/hdfs-agent/conf/xasecure-audit-changes.cfg
+++ b/hdfs-agent/conf/xasecure-audit-changes.cfg
@@ -1,5 +1,6 @@
-xasecure.audit.jpa.javax.persistence.jdbc.url		jdbc:mysql://%XAAUDIT.DB.HOSTNAME%/%XAAUDIT.DB.DATABASE_NAME%	mod create-if-not-exists
+xasecure.audit.jpa.javax.persistence.jdbc.url		%XAAUDIT.DB.JDBC_URL%											mod create-if-not-exists
 xasecure.audit.jpa.javax.persistence.jdbc.user		%XAAUDIT.DB.USER_NAME% 											mod create-if-not-exists
 xasecure.audit.jpa.javax.persistence.jdbc.password	crypted 											mod create-if-not-exists
 xasecure.audit.repository.name						%REPOSITORY_NAME% 												mod create-if-not-exists
 xasecure.audit.credential.provider.file     		jceks://file%CREDENTIAL_PROVIDER_FILE% 							mod create-if-not-exists
+xasecure.audit.jpa.javax.persistence.jdbc.driver	%XAAUDIT.DB.JDBC_DRIVER% 										mod create-if-not-exists

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/hdfs-agent/scripts/install.properties
----------------------------------------------------------------------
diff --git a/hdfs-agent/scripts/install.properties b/hdfs-agent/scripts/install.properties
index b622abe..07f181a 100644
--- a/hdfs-agent/scripts/install.properties
+++ b/hdfs-agent/scripts/install.properties
@@ -8,10 +8,17 @@
 
 POLICY_MGR_URL=
 
+# Example:
+# XAAUDIT.DB.FLAVOUR=MYSQL
+# XAAUDIT.DB.FLAVOUR=ORACLE
+XAAUDIT.DB.FLAVOUR=MYSQL
+
 #
-# Location of mysql client library (please check the location of the jar file)
+# Location of db client library (please check the location of the jar file)
 #
-MYSQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
+#SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
+#SQL_CONNECTOR_JAR=/usr/share/java/ojdbc6.jar
+SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
 
 #
 # This is the repository name created within policy manager
@@ -78,3 +85,16 @@ SSL_KEYSTORE_FILE_PATH=agentKey.jks
 SSL_KEYSTORE_PASSWORD=myKeyFilePassword
 SSL_TRUSTSTORE_FILE_PATH=cacert
 SSL_TRUSTSTORE_PASSWORD=changeit
+
+#
+# do not change value of below given properties as value will be assigned by system based on above settings.
+# Example:
+# MySQL:
+# XAAUDIT.DB.JDBC_URL=jdbc:mysql://localhost:3306/xasecure
+# XAAUDIT.DB.JDBC_DRIVER=com.mysql.jdbc.Driver
+# Oracle:
+# XAAUDIT.DB.JDBC_URL=jdbc:oracle:thin:@//127.0.0.1:1521/XE
+# XAAUDIT.DB.JDBC_DRIVER=oracle.jdbc.OracleDriver
+
+XAAUDIT.DB.JDBC_URL=jdbc:mysql://localhost:3306/xasecure
+XAAUDIT.DB.JDBC_DRIVER=com.mysql.jdbc.Driver

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/hdfs-agent/scripts/install.sh
----------------------------------------------------------------------
diff --git a/hdfs-agent/scripts/install.sh b/hdfs-agent/scripts/install.sh
index e8649c5..6d60a4f 100644
--- a/hdfs-agent/scripts/install.sh
+++ b/hdfs-agent/scripts/install.sh
@@ -18,6 +18,17 @@ then
 fi
 }
 
+#Update Properties to File
+#$1 -> propertyName $2 -> newPropertyValue $3 -> fileName
+updatePropertyToFile(){
+	sed -i 's@^'$1'=[^ ]*$@'$1'='$2'@g' $3
+	#validate=`sed -i 's/^'$1'=[^ ]*$/'$1'='$2'/g' $3`	#for validation
+	validate=$(sed '/^\#/d' $3 | grep "^$1"  | tail -n 1 | cut -d "=" -f2-) # for validation
+	#echo 'V1:'$validate
+	if test -z "$validate" ; then echo "[E] '$1' not found in $3 file while Updating....!!"; exit 1; fi
+	echo "[I] File $3 Updated successfully : {'$1'}"
+}
+
 hdp_dir=/usr/lib/hadoop
 hdp_lib_dir=/usr/lib/hadoop/lib
 hdp_conf_dir=/etc/hadoop/conf
@@ -50,16 +61,16 @@ install_dir=`dirname $0`
 [ "${install_dir}" = "." ] && install_dir=`pwd`
 
 
-#verify mysql-connector path is valid
-MYSQL_CONNECTOR_JAR=`grep '^MYSQL_CONNECTOR_JAR'  ${install_dir}/install.properties | awk -F= '{ print $2 }'`
-echo "[I] Checking MYSQL CONNECTOR FILE : $MYSQL_CONNECTOR_JAR" 
-if test -f "$MYSQL_CONNECTOR_JAR"; then
-	echo "[I] MYSQL CONNECTOR FILE : $MYSQL_CONNECTOR_JAR file found" 
+#verify sql-connector path is valid
+SQL_CONNECTOR_JAR=`grep '^SQL_CONNECTOR_JAR'  ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+echo "[I] Checking SQL CONNECTOR FILE : $SQL_CONNECTOR_JAR"
+if test -f "$SQL_CONNECTOR_JAR"; then
+	echo "[I] SQL CONNECTOR FILE : $SQL_CONNECTOR_JAR file found"
 else
-	echo "[E] MYSQL CONNECTOR FILE : $MYSQL_CONNECTOR_JAR does not exists" ; exit 1;
+	echo "[E] SQL CONNECTOR FILE : $SQL_CONNECTOR_JAR does not exists" ; exit 1;
 fi
-#copying mysql connector jar file to lib directory
-cp $MYSQL_CONNECTOR_JAR ${install_dir}/lib
+#copying sql connector jar file to lib directory
+cp $SQL_CONNECTOR_JAR ${install_dir}/lib
 
 #echo "Current Install Directory: [${install_dir}]"
 
@@ -236,6 +247,39 @@ chown ${CONFIG_FILE_OWNER} ${CredFile}
 # Modify the XML files needed to support the 
 #
 PROP_ARGS="-p  ${install_dir}/install.properties"
+to_file="${install_dir}/install.properties"
+DB_FLAVOR=`grep '^XAAUDIT.DB.FLAVOUR'  ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+DB_FLAVOR=`echo $DB_FLAVOR | tr '[:lower:]' '[:upper:]'`
+if [ "${DB_FLAVOR}" == "" ]
+then
+	$DB_FLAVOR="MYSQL"
+fi
+echo "[I] Updating install.properites setting for : $DB_FLAVOR"
+
+if [ "${DB_FLAVOR}" == "MYSQL" ]
+then
+	audit_db_hostname=`grep '^XAAUDIT.DB.HOSTNAME'  ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+	audit_db_name=`grep '^XAAUDIT.DB.DATABASE_NAME'  ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+	propertyName=XAAUDIT.DB.JDBC_URL
+	newPropertyValue="jdbc:mysql://${audit_db_hostname}/${audit_db_name}"
+	updatePropertyToFile $propertyName $newPropertyValue $to_file
+
+	propertyName=XAAUDIT.DB.JDBC_DRIVER
+	newPropertyValue="com.mysql.jdbc.Driver"
+	updatePropertyToFile $propertyName $newPropertyValue $to_file
+fi
+
+if [ "${DB_FLAVOR}" == "ORACLE" ]
+then
+	audit_db_hostname=`grep '^XAAUDIT.DB.HOSTNAME'  ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+	propertyName=XAAUDIT.DB.JDBC_URL
+	newPropertyValue="jdbc:oracle:thin:\@//${audit_db_hostname}"
+	updatePropertyToFile $propertyName $newPropertyValue $to_file
+
+	propertyName=XAAUDIT.DB.JDBC_DRIVER
+	newPropertyValue="oracle.jdbc.OracleDriver"
+	updatePropertyToFile $propertyName $newPropertyValue $to_file
+fi
 
 for f in ${install_dir}/installer/conf/*-changes.cfg
 do

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/hive-agent/conf/xasecure-audit-changes.cfg
----------------------------------------------------------------------
diff --git a/hive-agent/conf/xasecure-audit-changes.cfg b/hive-agent/conf/xasecure-audit-changes.cfg
index a8d053e..42ed849 100644
--- a/hive-agent/conf/xasecure-audit-changes.cfg
+++ b/hive-agent/conf/xasecure-audit-changes.cfg
@@ -1,5 +1,6 @@
-xasecure.audit.jpa.javax.persistence.jdbc.url		jdbc:mysql://%XAAUDIT.DB.HOSTNAME%/%XAAUDIT.DB.DATABASE_NAME%	mod create-if-not-exists
+xasecure.audit.jpa.javax.persistence.jdbc.url		%XAAUDIT.DB.JDBC_URL%											mod create-if-not-exists
 xasecure.audit.jpa.javax.persistence.jdbc.user		%XAAUDIT.DB.USER_NAME% 											mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.password	crypted	 														mod create-if-not-exists
+xasecure.audit.jpa.javax.persistence.jdbc.password	crypted 														mod create-if-not-exists
 xasecure.audit.repository.name						%REPOSITORY_NAME% 												mod create-if-not-exists
 xasecure.audit.credential.provider.file     		jceks://file%CREDENTIAL_PROVIDER_FILE% 							mod create-if-not-exists
+xasecure.audit.jpa.javax.persistence.jdbc.driver	%XAAUDIT.DB.JDBC_DRIVER% 										mod create-if-not-exists

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/hive-agent/scripts/install.properties
----------------------------------------------------------------------
diff --git a/hive-agent/scripts/install.properties b/hive-agent/scripts/install.properties
index a9f8a50..1ef9c22 100644
--- a/hive-agent/scripts/install.properties
+++ b/hive-agent/scripts/install.properties
@@ -8,6 +8,18 @@
 
 POLICY_MGR_URL=
 
+# Example:
+# XAAUDIT.DB.FLAVOUR=MYSQL
+# XAAUDIT.DB.FLAVOUR=ORACLE
+XAAUDIT.DB.FLAVOUR=MYSQL
+
+#
+# Location of db client library (please check the location of the jar file)
+#
+#SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
+#SQL_CONNECTOR_JAR=/usr/share/java/ojdbc6.jar
+SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
+
 #
 # This is the repository name created within policy manager
 #
@@ -80,3 +92,16 @@ SSL_TRUSTSTORE_PASSWORD=changeit
 #     UPDATE_XAPOLICIES_ON_GRANT_REVOKE=false
 #
 UPDATE_XAPOLICIES_ON_GRANT_REVOKE=true
+
+#
+# do not change value of below given properties as value will be assigned by system based on above settings.
+# Example:
+# MySQL:
+# XAAUDIT.DB.JDBC_URL=jdbc:mysql://localhost:3306/xasecure
+# XAAUDIT.DB.JDBC_DRIVER=com.mysql.jdbc.Driver
+# Oracle:
+# XAAUDIT.DB.JDBC_URL=jdbc:oracle:thin:@//127.0.0.1:1521/XE
+# XAAUDIT.DB.JDBC_DRIVER=oracle.jdbc.OracleDriver
+
+XAAUDIT.DB.JDBC_URL=jdbc:mysql://localhost:3306/xasecure
+XAAUDIT.DB.JDBC_DRIVER=com.mysql.jdbc.Driver

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/hive-agent/scripts/install.sh
----------------------------------------------------------------------
diff --git a/hive-agent/scripts/install.sh b/hive-agent/scripts/install.sh
index da16618..755e2c2 100644
--- a/hive-agent/scripts/install.sh
+++ b/hive-agent/scripts/install.sh
@@ -18,6 +18,17 @@ then
 fi
 }
 
+#Update Properties to File
+#$1 -> propertyName $2 -> newPropertyValue $3 -> fileName
+updatePropertyToFile(){
+	sed -i 's@^'$1'=[^ ]*$@'$1'='$2'@g' $3
+	#validate=`sed -i 's/^'$1'=[^ ]*$/'$1'='$2'/g' $3`	#for validation
+	validate=$(sed '/^\#/d' $3 | grep "^$1"  | tail -n 1 | cut -d "=" -f2-) # for validation
+	#echo 'V1:'$validate
+	if test -z "$validate" ; then echo "[E] '$1' not found in $3 file while Updating....!!"; exit 1; fi
+	echo "[I] File $3 Updated successfully : {'$1'}"
+}
+
 hive_dir=/usr/lib/hive
 hive_lib_dir=${hive_dir}/lib
 hive_conf_dir=/etc/hive/conf
@@ -62,6 +73,16 @@ install_dir=`dirname $0`
 
 #echo "Current Install Directory: [${install_dir}]"
 
+#verify sql-connector path is valid
+SQL_CONNECTOR_JAR=`grep '^SQL_CONNECTOR_JAR'  ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+echo "[I] Checking SQL CONNECTOR FILE : $SQL_CONNECTOR_JAR"
+if test -f "$SQL_CONNECTOR_JAR"; then
+	echo "[I] SQL CONNECTOR FILE : $SQL_CONNECTOR_JAR file found"
+else
+	echo "[E] SQL CONNECTOR FILE : $SQL_CONNECTOR_JAR does not exists" ; exit 1;
+fi
+#copying sql connector jar file to lib directory
+cp $SQL_CONNECTOR_JAR ${install_dir}/lib
 
 #
 # --- Backup current configuration for backup - START
@@ -201,6 +222,39 @@ chown ${CONFIG_FILE_OWNER} ${CredFile}
 
 PROP_ARGS="-p  ${install_dir}/install.properties"
 
+to_file="${install_dir}/install.properties"
+DB_FLAVOR=`grep '^XAAUDIT.DB.FLAVOUR'  ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+DB_FLAVOR=`echo $DB_FLAVOR | tr '[:lower:]' '[:upper:]'`
+if [ "${DB_FLAVOR}" == "" ]
+then
+	$DB_FLAVOR="MYSQL"
+fi
+echo "[I] Updating install.properites setting for : $DB_FLAVOR"
+
+if [ "${DB_FLAVOR}" == "MYSQL" ]
+then
+	audit_db_hostname=`grep '^XAAUDIT.DB.HOSTNAME'  ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+	audit_db_name=`grep '^XAAUDIT.DB.DATABASE_NAME'  ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+	propertyName=XAAUDIT.DB.JDBC_URL
+	newPropertyValue="jdbc:mysql://${audit_db_hostname}/${audit_db_name}"
+	updatePropertyToFile $propertyName $newPropertyValue $to_file
+
+	propertyName=XAAUDIT.DB.JDBC_DRIVER
+	newPropertyValue="com.mysql.jdbc.Driver"
+	updatePropertyToFile $propertyName $newPropertyValue $to_file
+fi
+
+if [ "${DB_FLAVOR}" == "ORACLE" ]
+then
+	audit_db_hostname=`grep '^XAAUDIT.DB.HOSTNAME'  ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+	propertyName=XAAUDIT.DB.JDBC_URL
+	newPropertyValue="jdbc:oracle:thin:\@//${audit_db_hostname}"
+	updatePropertyToFile $propertyName $newPropertyValue $to_file
+
+	propertyName=XAAUDIT.DB.JDBC_DRIVER
+	newPropertyValue="oracle.jdbc.OracleDriver"
+	updatePropertyToFile $propertyName $newPropertyValue $to_file
+fi
 for f in ${install_dir}/installer/conf/*-changes.cfg
 do
         if [ -f ${f} ]

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/knox-agent/conf/xasecure-audit-changes.cfg
----------------------------------------------------------------------
diff --git a/knox-agent/conf/xasecure-audit-changes.cfg b/knox-agent/conf/xasecure-audit-changes.cfg
index d788796..22a4da7 100644
--- a/knox-agent/conf/xasecure-audit-changes.cfg
+++ b/knox-agent/conf/xasecure-audit-changes.cfg
@@ -1,4 +1,5 @@
-xasecure.audit.jpa.javax.persistence.jdbc.url	jdbc:mysql://%XAAUDIT.DB.HOSTNAME%/%XAAUDIT.DB.DATABASE_NAME%	mod create-if-not-exists
-xasecure.audit.jpa.javax.persistence.jdbc.user	%XAAUDIT.DB.USER_NAME% mod create-if-not-exists
+xasecure.audit.jpa.javax.persistence.jdbc.url		%XAAUDIT.DB.JDBC_URL%											mod create-if-not-exists
+xasecure.audit.jpa.javax.persistence.jdbc.user		%XAAUDIT.DB.USER_NAME% 											mod create-if-not-exists
 xasecure.audit.credential.provider.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists
 xasecure.audit.repository.name	%REPOSITORY_NAME% mod create-if-not-exists
+xasecure.audit.jpa.javax.persistence.jdbc.driver	%XAAUDIT.DB.JDBC_DRIVER% 										mod create-if-not-exists
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/knox-agent/scripts/install.properties
----------------------------------------------------------------------
diff --git a/knox-agent/scripts/install.properties b/knox-agent/scripts/install.properties
index b7db025..f84168d 100644
--- a/knox-agent/scripts/install.properties
+++ b/knox-agent/scripts/install.properties
@@ -8,10 +8,17 @@
 
 POLICY_MGR_URL=http://localhost:6080
 
+# Example:
+# XAAUDIT.DB.FLAVOUR=MYSQL
+# XAAUDIT.DB.FLAVOUR=ORACLE
+XAAUDIT.DB.FLAVOUR=MYSQL
+
 #
-# Location of mysql client library (please check the location of the jar file)
+# Location of db client library (please check the location of the jar file)
 #
-MYSQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
+#SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
+#SQL_CONNECTOR_JAR=/usr/share/java/ojdbc6.jar
+SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
 
 #
 # This is the repository name created within policy manager
@@ -71,3 +78,16 @@ SSL_KEYSTORE_FILE_PATH=agentKey.jks
 SSL_KEYSTORE_PASSWORD=myKeyFilePassword
 SSL_TRUSTSTORE_FILE_PATH=cacert
 SSL_TRUSTSTORE_PASSWORD=changeit
+
+#
+# do not change value of below given properties as value will be assigned by system based on above settings.
+# Example:
+# MySQL:
+# XAAUDIT.DB.JDBC_URL=jdbc:mysql://localhost:3306/xasecure
+# XAAUDIT.DB.JDBC_DRIVER=com.mysql.jdbc.Driver
+# Oracle:
+# XAAUDIT.DB.JDBC_URL=jdbc:oracle:thin:@//127.0.0.1:1521/XE
+# XAAUDIT.DB.JDBC_DRIVER=oracle.jdbc.OracleDriver
+
+XAAUDIT.DB.JDBC_URL=jdbc:mysql://localhost:3306/xasecure
+XAAUDIT.DB.JDBC_DRIVER=com.mysql.jdbc.Driver

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/knox-agent/scripts/install.sh
----------------------------------------------------------------------
diff --git a/knox-agent/scripts/install.sh b/knox-agent/scripts/install.sh
index 9ae9213..db67ba3 100644
--- a/knox-agent/scripts/install.sh
+++ b/knox-agent/scripts/install.sh
@@ -8,6 +8,16 @@ function create_jceks()
        java -cp "${install_dir}/cred/lib/*" com.hortonworks.credentialapi.buildks create ${alias} -value ${pass} -provider jceks://file${jceksFile}
 }
 
+#Update Properties to File
+#$1 -> propertyName $2 -> newPropertyValue $3 -> fileName
+updatePropertyToFile(){
+	sed -i 's@^'$1'=[^ ]*$@'$1'='$2'@g' $3
+	#validate=`sed -i 's/^'$1'=[^ ]*$/'$1'='$2'/g' $3`	#for validation
+	validate=$(sed '/^\#/d' $3 | grep "^$1"  | tail -n 1 | cut -d "=" -f2-) # for validation
+	#echo 'V1:'$validate
+	if test -z "$validate" ; then echo "[E] '$1' not found in $3 file while Updating....!!"; exit 1; fi
+	echo "[I] File $3 Updated successfully : {'$1'}"
+}
 
 
 MY_ID=`id -u`
@@ -24,15 +34,17 @@ install_dir=`dirname $0`
 
 #echo "Current Install Directory: [${install_dir}]"
 
-#verify mysql-connector path is valid
-MYSQL_CONNECTOR_JAR=`grep '^MYSQL_CONNECTOR_JAR'  ${install_dir}/install.properties | awk -F= '{ print $2 }'`
-echo "[I] Checking MYSQL CONNECTOR FILE : $MYSQL_CONNECTOR_JAR" 
-if test -f "$MYSQL_CONNECTOR_JAR"; then
-	echo "[I] MYSQL CONNECTOR FILE : $MYSQL_CONNECTOR_JAR file found" 
+#verify sql-connector path is valid
+SQL_CONNECTOR_JAR=`grep '^SQL_CONNECTOR_JAR'  ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+echo "[I] Checking SQL CONNECTOR FILE : $SQL_CONNECTOR_JAR"
+if test -f "$SQL_CONNECTOR_JAR"; then
+	echo "[I] SQL CONNECTOR FILE : $SQL_CONNECTOR_JAR file found"
 else
-	echo "[E] MYSQL CONNECTOR FILE : $MYSQL_CONNECTOR_JAR not found, aborting installation"
+	echo "[E] SQL CONNECTOR FILE : $SQL_CONNECTOR_JAR not found, aborting installation"
   exit 1
 fi
+#copying sql connector jar file to lib directory
+cp $SQL_CONNECTOR_JAR ${install_dir}/lib
 
 KNOX_HOME=`grep 'KNOX_HOME'  ${install_dir}/install.properties | awk -F= '{ print $2 }'`
 if [ "${KNOX_HOME}" == "" ]
@@ -66,9 +78,9 @@ echo "Copying knox agent lib, dist jars to ${KNOX_EXT}"
 cp lib/*.jar ${KNOX_EXT}
 cp dist/*.jar ${KNOX_EXT}
 
-# copy mysql connector jar  in to KNOX_EXT
-echo "Copying mysql connector jar to ${KNOX_EXT}"
-cp ${MYSQL_CONNECTOR_JAR} ${KNOX_EXT}
+# copy sql connector jar  in to KNOX_EXT
+echo "Copying db connector jar to ${KNOX_EXT}"
+cp ${SQL_CONNECTOR_JAR} ${KNOX_EXT}
 
 CONFIG_FILE_OWNER="knox:hadoop"
 
@@ -131,6 +143,40 @@ done
 
 PROP_ARGS="-p  ${install_dir}/install.properties"
 
+to_file="${install_dir}/install.properties"
+DB_FLAVOR=`grep '^XAAUDIT.DB.FLAVOUR'  ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+DB_FLAVOR=`echo $DB_FLAVOR | tr '[:lower:]' '[:upper:]'`
+if [ "${DB_FLAVOR}" == "" ]
+then
+	$DB_FLAVOR="MYSQL"
+fi
+echo "[I] Updating install.properites setting for : $DB_FLAVOR"
+
+if [ "${DB_FLAVOR}" == "MYSQL" ]
+then
+	audit_db_hostname=`grep '^XAAUDIT.DB.HOSTNAME'  ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+	audit_db_name=`grep '^XAAUDIT.DB.DATABASE_NAME'  ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+	propertyName=XAAUDIT.DB.JDBC_URL
+	newPropertyValue="jdbc:mysql://${audit_db_hostname}/${audit_db_name}"
+	updatePropertyToFile $propertyName $newPropertyValue $to_file
+
+	propertyName=XAAUDIT.DB.JDBC_DRIVER
+	newPropertyValue="com.mysql.jdbc.Driver"
+	updatePropertyToFile $propertyName $newPropertyValue $to_file
+fi
+
+if [ "${DB_FLAVOR}" == "ORACLE" ]
+then
+	audit_db_hostname=`grep '^XAAUDIT.DB.HOSTNAME'  ${install_dir}/install.properties | awk -F= '{ print $2 }'`
+	propertyName=XAAUDIT.DB.JDBC_URL
+	newPropertyValue="jdbc:oracle:thin:\@//${audit_db_hostname}"
+	updatePropertyToFile $propertyName $newPropertyValue $to_file
+
+	propertyName=XAAUDIT.DB.JDBC_DRIVER
+	newPropertyValue="oracle.jdbc.OracleDriver"
+	updatePropertyToFile $propertyName $newPropertyValue $to_file
+fi
+
 for f in ${install_dir}/installer/conf/*-changes.cfg
 do
 	if [ -f ${f} ]

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/security-admin/db/oracle/create_dbversion_catalog.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/oracle/create_dbversion_catalog.sql b/security-admin/db/oracle/create_dbversion_catalog.sql
new file mode 100644
index 0000000..d1ab275
--- /dev/null
+++ b/security-admin/db/oracle/create_dbversion_catalog.sql
@@ -0,0 +1,10 @@
+create table X_DB_VERSION_H  (
+	id NUMBER(20) NOT NULL,
+	version VARCHAR(64) NOT NULL,
+	inst_at DATE DEFAULT SYSDATE NOT NULL,
+	inst_by VARCHAR(256) NOT NULL,
+	updated_at DATE DEFAULT SYSDATE NOT NULL,
+    updated_by VARCHAR(256) NOT NULL,
+	active VARCHAR(1) DEFAULT 'Y'
+);
+commit;

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/security-admin/db/oracle/patches/001-groupsource.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/oracle/patches/001-groupsource.sql b/security-admin/db/oracle/patches/001-groupsource.sql
new file mode 100644
index 0000000..6b3e2d0
--- /dev/null
+++ b/security-admin/db/oracle/patches/001-groupsource.sql
@@ -0,0 +1,14 @@
+DECLARE
+	v_column_exists number := 0;
+BEGIN
+  Select count(*) into v_column_exists
+    from user_tab_cols
+    where column_name = upper('group_src')
+      and table_name = upper('x_group');
+
+  if (v_column_exists = 0) then
+      execute immediate 'ALTER TABLE x_group ADD group_src NUMBER(10) DEFAULT 0 NOT NULL';
+      commit;
+  end if;
+end;
+/

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/security-admin/db/oracle/patches/002-policyname.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/oracle/patches/002-policyname.sql b/security-admin/db/oracle/patches/002-policyname.sql
new file mode 100644
index 0000000..d55a9a6
--- /dev/null
+++ b/security-admin/db/oracle/patches/002-policyname.sql
@@ -0,0 +1,14 @@
+DECLARE
+	v_column_exists number := 0;
+BEGIN
+  Select count(*) into v_column_exists
+    from user_tab_cols
+    where column_name = upper('policy_name')
+      and table_name = upper('x_resource');
+  if (v_column_exists = 0) then
+      execute immediate 'ALTER TABLE  x_resource ADD  policy_name VARCHAR(500)  DEFAULT NULL NULL';
+      execute immediate 'ALTER TABLE  x_resource ADD CONSTRAINT x_resource_UK_policy_name UNIQUE(policy_name)';
+      commit;
+  end if;
+end;
+/

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/security-admin/db/oracle/patches/003-knoxrepo.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/oracle/patches/003-knoxrepo.sql b/security-admin/db/oracle/patches/003-knoxrepo.sql
new file mode 100644
index 0000000..aaf06fb
--- /dev/null
+++ b/security-admin/db/oracle/patches/003-knoxrepo.sql
@@ -0,0 +1,34 @@
+DECLARE
+	v_column_exists number := 0;
+BEGIN
+  Select count(*) into v_column_exists
+    from user_tab_cols
+    where column_name = upper('res_topologies')
+      and table_name = upper('x_resource');
+
+  if (v_column_exists = 0) then
+      execute immediate 'ALTER TABLE  x_resource ADD  res_topologies CLOB DEFAULT NULL NULL';
+      commit;
+  end if;
+  v_column_exists:=0;
+  Select count(*) into v_column_exists
+    from user_tab_cols
+    where column_name = upper('res_services')
+      and table_name = upper('x_resource');
+
+  if (v_column_exists = 0) then
+      execute immediate 'ALTER TABLE  x_resource ADD  res_services CLOB DEFAULT NULL NULL';
+      commit;
+  end if;
+  v_column_exists:=0;
+Select count(*) into v_column_exists
+    from user_tab_cols
+    where column_name = upper('ip_address')
+      and table_name = upper('x_perm_map');
+
+  if (v_column_exists = 0) then
+      execute immediate 'ALTER TABLE  x_perm_map ADD  ip_address CLOB DEFAULT NULL NULL';
+      commit;
+  end if;
+end;
+/

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/security-admin/db/oracle/patches/006-createdefaultpublicgroup.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/oracle/patches/006-createdefaultpublicgroup.sql b/security-admin/db/oracle/patches/006-createdefaultpublicgroup.sql
new file mode 100644
index 0000000..bf2b8f4
--- /dev/null
+++ b/security-admin/db/oracle/patches/006-createdefaultpublicgroup.sql
@@ -0,0 +1,14 @@
+DECLARE
+	v_column_exists number := 0;
+BEGIN
+  Select count(*) into v_column_exists from user_tab_cols
+	where column_name = upper('GROUP_NAME') and table_name = upper('x_group');
+  if (v_column_exists = 0) then
+	Select count(*) into v_column_exists from x_group where GROUP_NAME ='public';
+	if (v_column_exists = 0) then
+		execute immediate 'INSERT INTO x_group (ID,ADDED_BY_ID, CREATE_TIME, DESCR, GROUP_SRC, GROUP_TYPE, GROUP_NAME, STATUS, UPDATE_TIME, UPD_BY_ID) VALUES (X_GROUP_SEQ.nextval,1, sys_extract_utc(systimestamp), "public group", 0, 0, "public", 0, sys_extract_utc(systimestamp),1)';
+		commit;
+	end if;
+  end if;
+end;
+/

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/security-admin/db/oracle/xa_audit_db_oracle.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/oracle/xa_audit_db_oracle.sql b/security-admin/db/oracle/xa_audit_db_oracle.sql
new file mode 100644
index 0000000..6cc3127
--- /dev/null
+++ b/security-admin/db/oracle/xa_audit_db_oracle.sql
@@ -0,0 +1,88 @@
+CREATE OR REPLACE PROCEDURE sp_dropobject(ObjName IN varchar2,ObjType IN varchar2)
+IS
+v_counter integer;
+BEGIN
+if (ObjType = 'TABLE') then
+    select count(*) into v_counter from user_tables where table_name = upper(ObjName);
+    if (v_counter > 0) then
+      execute immediate 'drop table ' || ObjName || ' cascade constraints';
+    end if;
+end if;
+  if (ObjType = 'PROCEDURE') then
+    select count(*) into v_counter from User_Objects where object_type = 'PROCEDURE' and OBJECT_NAME = upper(ObjName);
+      if (v_counter > 0) then
+        execute immediate 'DROP PROCEDURE ' || ObjName;
+      end if;
+  end if;
+  if (ObjType = 'FUNCTION') then
+    select count(*) into v_counter from User_Objects where object_type = 'FUNCTION' and OBJECT_NAME = upper(ObjName);
+      if (v_counter > 0) then
+        execute immediate 'DROP FUNCTION ' || ObjName;
+      end if;
+  end if;
+  if (ObjType = 'TRIGGER') then
+    select count(*) into v_counter from User_Triggers where TRIGGER_NAME = upper(ObjName);
+      if (v_counter > 0) then
+        execute immediate 'DROP TRIGGER ' || ObjName;
+      end if;
+  end if;
+  if (ObjType = 'VIEW') then
+    select count(*) into v_counter from User_Views where VIEW_NAME = upper(ObjName);
+      if (v_counter > 0) then
+        execute immediate 'DROP VIEW ' || ObjName;
+      end if;
+  end if;
+  if (ObjType = 'SEQUENCE') then
+    select count(*) into v_counter from user_sequences where sequence_name = upper(ObjName);
+      if (v_counter > 0) then
+        execute immediate 'DROP SEQUENCE ' || ObjName;
+      end if;
+  end if;
+  if (ObjType = 'INDEX') then
+    select count(*) into v_counter from user_indexes where index_name = upper(ObjName);
+      if (v_counter > 0) then
+        execute immediate 'DROP INDEX ' || ObjName;
+      end if;
+  end if;
+END;
+/
+call sp_dropobject('XA_ACCESS_AUDIT','TABLE');
+call sp_dropobject('XA_ACCESS_AUDIT_SEQ','SEQUENCE');
+call sp_dropobject('xa_access_audit_FK_added_by_id','INDEX');
+call sp_dropobject('xa_access_audit_FK_upd_by_id','INDEX');
+call sp_dropobject('xa_access_audit_cr_time','INDEX');
+call sp_dropobject('xa_access_audit_up_time','INDEX');
+call sp_dropobject('xa_access_audit_event_time','INDEX');
+CREATE SEQUENCE XA_ACCESS_AUDIT_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+CREATE TABLE xa_access_audit (
+	id NUMBER(20) NOT NULL,
+	create_time DATE DEFAULT NULL NULL ,
+	update_time DATE DEFAULT NULL NULL ,
+	added_by_id NUMBER(20) DEFAULT NULL NULL ,
+	upd_by_id NUMBER(20) DEFAULT NULL NULL ,
+	audit_type NUMBER(11) DEFAULT '0' NOT NULL ,
+	access_result NUMBER(11) DEFAULT '0' NULL ,
+	access_type VARCHAR(255) DEFAULT NULL NULL ,
+	acl_enforcer VARCHAR(255) DEFAULT NULL NULL ,
+	agent_id VARCHAR(255) DEFAULT NULL NULL ,
+	client_ip VARCHAR(255) DEFAULT NULL NULL ,
+	client_type VARCHAR(255) DEFAULT NULL NULL ,
+	policy_id NUMBER(20) DEFAULT '0' NULL ,
+	repo_name VARCHAR(255) DEFAULT NULL NULL ,
+	repo_type NUMBER(11) DEFAULT '0' NULL,
+	result_reason VARCHAR(255) DEFAULT NULL NULL ,
+	session_id VARCHAR(255) DEFAULT NULL NULL ,
+	event_time DATE DEFAULT NULL NULL ,
+	request_user VARCHAR(255) DEFAULT NULL NULL ,
+	action VARCHAR(2000) DEFAULT NULL NULL ,
+	request_data VARCHAR(2000) DEFAULT NULL NULL ,
+	resource_path VARCHAR(2000) DEFAULT NULL NULL ,
+	resource_type VARCHAR(255) DEFAULT NULL NULL ,
+	PRIMARY KEY (id)
+);
+CREATE INDEX xa_access_audit_FK_added_by_id ON  xa_access_audit(added_by_id);
+CREATE INDEX xa_access_audit_FK_upd_by_id ON  xa_access_audit(upd_by_id);
+CREATE INDEX xa_access_audit_cr_time ON  xa_access_audit(create_time);
+CREATE INDEX xa_access_audit_up_time ON  xa_access_audit(update_time);
+CREATE INDEX xa_access_audit_event_time ON  xa_access_audit(event_time);
+commit;

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/security-admin/db/oracle/xa_core_db_oracle.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/oracle/xa_core_db_oracle.sql b/security-admin/db/oracle/xa_core_db_oracle.sql
new file mode 100644
index 0000000..db0ef07
--- /dev/null
+++ b/security-admin/db/oracle/xa_core_db_oracle.sql
@@ -0,0 +1,563 @@
+/* create or replace procedure */
+commit;
+CREATE OR REPLACE PROCEDURE sp_dropobject(ObjName IN varchar2,ObjType IN varchar2)
+IS
+v_counter integer;
+BEGIN
+if (ObjType = 'TABLE') then
+    select count(*) into v_counter from user_tables where table_name = upper(ObjName);
+    if (v_counter > 0) then
+      execute immediate 'drop table ' || ObjName || ' cascade constraints';
+    end if;
+end if;
+  if (ObjType = 'PROCEDURE') then
+    select count(*) into v_counter from User_Objects where object_type = 'PROCEDURE' and OBJECT_NAME = upper(ObjName);
+      if (v_counter > 0) then
+        execute immediate 'DROP PROCEDURE ' || ObjName;
+      end if;
+  end if;
+  if (ObjType = 'FUNCTION') then
+    select count(*) into v_counter from User_Objects where object_type = 'FUNCTION' and OBJECT_NAME = upper(ObjName);
+      if (v_counter > 0) then
+        execute immediate 'DROP FUNCTION ' || ObjName;
+      end if;
+  end if;
+  if (ObjType = 'TRIGGER') then
+    select count(*) into v_counter from User_Triggers where TRIGGER_NAME = upper(ObjName);
+      if (v_counter > 0) then
+        execute immediate 'DROP TRIGGER ' || ObjName;
+      end if;
+  end if;
+  if (ObjType = 'VIEW') then
+    select count(*) into v_counter from User_Views where VIEW_NAME = upper(ObjName);
+      if (v_counter > 0) then
+        execute immediate 'DROP VIEW ' || ObjName;
+      end if;
+  end if;
+  if (ObjType = 'SEQUENCE') then
+    select count(*) into v_counter from user_sequences where sequence_name = upper(ObjName);
+      if (v_counter > 0) then
+        execute immediate 'DROP SEQUENCE ' || ObjName;
+      end if;
+  end if;
+  if (ObjType = 'INDEX') then
+    select count(*) into v_counter from user_indexes where index_name = upper(ObjName);
+      if (v_counter > 0) then
+        execute immediate 'DROP INDEX ' || ObjName;
+      end if;
+  end if;
+  if (ObjType = 'CONSTRAINT') then
+    select count(*) into v_counter from user_constraints where constraint_name = upper(ObjName);
+      if (v_counter > 0) then
+        execute immediate 'DROP CONSTRAINT ' || ObjName;
+      end if;
+  end if;
+END;
+/
+/* sequence */
+call sp_dropobject('SEQ_GEN_IDENTITY','SEQUENCE');
+call sp_dropobject('X_ACCESS_AUDIT_SEQ','SEQUENCE');
+call sp_dropobject('X_ASSET_SEQ','SEQUENCE');
+call sp_dropobject('X_AUDIT_MAP_SEQ','SEQUENCE');
+call sp_dropobject('X_AUTH_SESS_SEQ','SEQUENCE');
+call sp_dropobject('X_CRED_STORE_SEQ','SEQUENCE');
+call sp_dropobject('X_DB_BASE_SEQ','SEQUENCE');
+call sp_dropobject('X_GROUP_SEQ','SEQUENCE');
+call sp_dropobject('X_GROUP_GROUPS_SEQ','SEQUENCE');
+call sp_dropobject('X_GROUP_USERS_SEQ','SEQUENCE');
+call sp_dropobject('X_PERM_MAP_SEQ','SEQUENCE');
+call sp_dropobject('X_POLICY_EXPORT_SEQ','SEQUENCE');
+call sp_dropobject('X_PORTAL_USER_SEQ','SEQUENCE');
+call sp_dropobject('X_PORTAL_USER_ROLE_SEQ','SEQUENCE');
+call sp_dropobject('X_RESOURCE_SEQ','SEQUENCE');
+call sp_dropobject('X_TRX_LOG_SEQ','SEQUENCE');
+call sp_dropobject('X_USER_SEQ','SEQUENCE');
+call sp_dropobject('X_DB_VERSION_H_SEQ','SEQUENCE');
+call sp_dropobject('V_TRX_LOG_SEQ','SEQUENCE');
+
+commit;
+
+/* drop table */
+call sp_dropobject('vx_trx_log','VIEW');
+call sp_dropobject('x_perm_map','TABLE');
+call sp_dropobject('x_audit_map','TABLE');
+call sp_dropobject('x_trx_log','TABLE');
+call sp_dropobject('x_resource','TABLE');
+call sp_dropobject('x_policy_export_audit','TABLE');
+call sp_dropobject('x_group_users','TABLE');
+call sp_dropobject('x_user','TABLE');
+call sp_dropobject('x_group_groups','TABLE');
+call sp_dropobject('X_GROUP','TABLE');
+call sp_dropobject('x_db_base','TABLE');
+call sp_dropobject('x_cred_store','TABLE');
+call sp_dropobject('x_auth_sess','TABLE');
+call sp_dropobject('x_asset','TABLE');
+call sp_dropobject('xa_access_audit','TABLE');
+call sp_dropobject('x_portal_user_role','TABLE');
+call sp_dropobject('x_portal_user','TABLE');
+
+commit;
+/* create sequences */
+CREATE SEQUENCE SEQ_GEN_IDENTITY START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+CREATE SEQUENCE X_ACCESS_AUDIT_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+CREATE SEQUENCE X_ASSET_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+CREATE SEQUENCE X_AUDIT_MAP_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+CREATE SEQUENCE X_AUTH_SESS_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+CREATE SEQUENCE X_CRED_STORE_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+CREATE SEQUENCE X_DB_BASE_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+CREATE SEQUENCE X_GROUP_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+CREATE SEQUENCE X_GROUP_GROUPS_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+CREATE SEQUENCE X_GROUP_USERS_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+CREATE SEQUENCE X_PERM_MAP_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+CREATE SEQUENCE X_POLICY_EXPORT_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+CREATE SEQUENCE X_PORTAL_USER_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+CREATE SEQUENCE X_PORTAL_USER_ROLE_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+CREATE SEQUENCE X_RESOURCE_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+CREATE SEQUENCE X_TRX_LOG_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+CREATE SEQUENCE X_USER_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+CREATE SEQUENCE X_DB_VERSION_H_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+CREATE SEQUENCE V_TRX_LOG_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+commit;
+
+
+/* create tables */
+CREATE TABLE x_portal_user (
+	id NUMBER(20) NOT NULL,
+	create_time DATE DEFAULT NULL NULL ,
+	update_time DATE DEFAULT NULL NULL ,
+	added_by_id NUMBER(20) DEFAULT NULL NULL ,
+	upd_by_id NUMBER(20) DEFAULT NULL NULL ,
+	first_name VARCHAR(256) DEFAULT NULL NULL ,
+	last_name VARCHAR(256) DEFAULT NULL NULL ,
+	pub_scr_name VARCHAR(2048) DEFAULT NULL NULL ,
+	login_id VARCHAR(767) DEFAULT NULL NULL ,
+	password VARCHAR(512) NOT NULL,
+	email VARCHAR(512) DEFAULT NULL NULL ,
+	status NUMBER(11) DEFAULT '0' NOT NULL ,
+	user_src NUMBER(11) DEFAULT '0' NOT NULL ,
+	notes VARCHAR(4000) DEFAULT NULL NULL ,
+	PRIMARY KEY (id),
+	CONSTRAINT x_portal_user_UK_login_id UNIQUE (login_id) ,
+	CONSTRAINT x_portal_user_UK_email UNIQUE (email),
+	CONSTRAINT x_portal_user_FK_added_by_id FOREIGN KEY (added_by_id) REFERENCES x_portal_user (id),
+	CONSTRAINT x_portal_user_FK_upd_by_id FOREIGN KEY (upd_by_id) REFERENCES x_portal_user (id)
+);
+
+CREATE TABLE x_portal_user_role (
+	id NUMBER(20) NOT NULL,
+	create_time DATE DEFAULT NULL NULL ,
+	update_time DATE  DEFAULT NULL NULL ,
+	added_by_id NUMBER(20)  DEFAULT NULL NULL ,
+	upd_by_id NUMBER(20) DEFAULT NULL NULL ,
+	user_id NUMBER(20) NOT NULL ,
+	user_role VARCHAR(128)  DEFAULT NULL NULL ,
+	status NUMBER(11) DEFAULT 0 NOT NULL ,
+	PRIMARY KEY (id),
+	CONSTRAINT x_portal_user_role_FK_addedby FOREIGN KEY (added_by_id) REFERENCES x_portal_user (id),
+	CONSTRAINT x_portal_user_role_FK_updby FOREIGN KEY (upd_by_id) REFERENCES x_portal_user (id),
+	CONSTRAINT x_portal_user_role_FK_user_id FOREIGN KEY (user_id) REFERENCES x_portal_user (id)
+);
+
+CREATE TABLE xa_access_audit (
+	id NUMBER(20) NOT NULL,
+	create_time DATE DEFAULT NULL NULL ,
+	update_time DATE DEFAULT NULL NULL ,
+	added_by_id NUMBER(20) DEFAULT NULL NULL ,
+	upd_by_id NUMBER(20) DEFAULT NULL NULL ,
+	audit_type NUMBER(11) DEFAULT '0' NOT NULL ,
+	access_result NUMBER(11) DEFAULT '0' NULL ,
+	access_type VARCHAR(255) DEFAULT NULL NULL ,
+	acl_enforcer VARCHAR(255) DEFAULT NULL NULL ,
+	agent_id VARCHAR(255) DEFAULT NULL NULL ,
+	client_ip VARCHAR(255) DEFAULT NULL NULL ,
+	client_type VARCHAR(255) DEFAULT NULL NULL ,
+	policy_id NUMBER(20) DEFAULT '0' NULL ,
+	repo_name VARCHAR(255) DEFAULT NULL NULL ,
+	repo_type NUMBER(11) DEFAULT '0' NULL,
+	result_reason VARCHAR(255) DEFAULT NULL NULL ,
+	session_id VARCHAR(255) DEFAULT NULL NULL ,
+	event_time DATE DEFAULT NULL NULL ,
+	request_user VARCHAR(255) DEFAULT NULL NULL ,
+	action VARCHAR(2000) DEFAULT NULL NULL ,
+	request_data VARCHAR(2000) DEFAULT NULL NULL ,
+	resource_path VARCHAR(2000) DEFAULT NULL NULL ,
+	resource_type VARCHAR(255) DEFAULT NULL NULL ,
+	PRIMARY KEY (id),
+	CONSTRAINT xa_access_audit_FK_added_by_id FOREIGN KEY (added_by_id) REFERENCES x_portal_user (id),
+	CONSTRAINT xa_access_audit_FK_upd_by_id FOREIGN KEY (upd_by_id) REFERENCES x_portal_user (id)
+);
+
+CREATE TABLE x_asset (
+	id NUMBER(20) NOT NULL,
+	create_time DATE DEFAULT NULL NULL ,
+	update_time DATE DEFAULT NULL NULL ,
+	added_by_id NUMBER(20) DEFAULT NULL NULL ,
+	upd_by_id NUMBER(20) DEFAULT NULL NULL ,
+	asset_name VARCHAR(1024) NOT NULL,
+	descr VARCHAR(4000) DEFAULT NULL NULL,
+	act_status NUMBER(11) DEFAULT '0' NOT NULL ,
+	asset_type NUMBER(11)  DEFAULT '0' NOT NULL,
+	config CLOB NULL,
+	sup_native NUMBER(1) DEFAULT '0' NOT NULL,
+	PRIMARY KEY (id),
+	CONSTRAINT x_asset_FK_added_by_id FOREIGN KEY (added_by_id) REFERENCES x_portal_user (id),
+	CONSTRAINT x_asset_FK_upd_by_id FOREIGN KEY (upd_by_id) REFERENCES x_portal_user (id)
+);
+
+CREATE TABLE x_auth_sess (
+	id NUMBER(20) NOT NULL,
+	create_time DATE DEFAULT NULL NULL ,
+	update_time DATE DEFAULT NULL NULL ,
+	added_by_id NUMBER(20) DEFAULT NULL NULL ,
+	upd_by_id NUMBER(20) DEFAULT NULL NULL ,
+	login_id VARCHAR(767) NOT NULL,
+	user_id NUMBER(20) DEFAULT NULL NULL ,
+	ext_sess_id VARCHAR(512) DEFAULT NULL NULL ,
+	auth_time DATE NOT NULL,
+	auth_status NUMBER(11) DEFAULT '0' NOT NULL ,
+	auth_type NUMBER(11) DEFAULT '0' NOT NULL ,
+	auth_provider NUMBER(11) DEFAULT '0' NOT NULL ,
+	device_type NUMBER(11) DEFAULT '0' NOT NULL ,
+	req_ip VARCHAR(48) NOT NULL,
+	req_ua VARCHAR(1024) DEFAULT NULL NULL ,
+	PRIMARY KEY (id),
+	CONSTRAINT x_auth_sess_FK_added_by_id FOREIGN KEY (added_by_id) REFERENCES x_portal_user (id),
+	CONSTRAINT x_auth_sess_FK_upd_by_id FOREIGN KEY (upd_by_id) REFERENCES x_portal_user (id),
+	CONSTRAINT x_auth_sess_FK_user_id FOREIGN KEY (user_id) REFERENCES x_portal_user (id)
+);
+
+CREATE TABLE x_cred_store (
+	id NUMBER(20) NOT NULL,
+	create_time DATE DEFAULT NULL NULL ,
+	update_time DATE DEFAULT NULL NULL ,
+	added_by_id NUMBER(20) DEFAULT NULL NULL ,
+	upd_by_id NUMBER(20) DEFAULT NULL NULL ,
+	store_name VARCHAR(1024) NOT NULL,
+	descr VARCHAR(4000) NOT NULL,
+	PRIMARY KEY (id),
+	CONSTRAINT x_cred_store_FK_added_by_id FOREIGN KEY (added_by_id) REFERENCES x_portal_user (id),
+	CONSTRAINT x_cred_store_FK_upd_by_id FOREIGN KEY (upd_by_id) REFERENCES x_portal_user (id)
+);
+
+CREATE TABLE x_db_base (
+	id NUMBER(20) NOT NULL,
+	create_time DATE DEFAULT NULL NULL ,
+	update_time DATE DEFAULT NULL NULL ,
+	added_by_id NUMBER(20) DEFAULT NULL NULL ,
+	upd_by_id NUMBER(20) DEFAULT NULL NULL ,
+	PRIMARY KEY (id),
+	CONSTRAINT x_db_base_FK_added_by_id FOREIGN KEY (added_by_id) REFERENCES x_portal_user (id),
+	CONSTRAINT x_db_base_FK_upd_by_id FOREIGN KEY (upd_by_id) REFERENCES x_portal_user (id)
+);
+
+CREATE TABLE X_GROUP(
+	ID NUMBER(20,0) NOT NULL ENABLE,
+	CREATE_TIME DATE DEFAULT NULL,
+	UPDATE_TIME DATE DEFAULT NULL,
+	ADDED_BY_ID NUMBER(20,0) DEFAULT NULL,
+	UPD_BY_ID NUMBER(20,0) DEFAULT NULL,
+	GROUP_NAME VARCHAR2(1024) NOT NULL ENABLE,
+	DESCR VARCHAR2(4000) DEFAULT NULL NULL,
+	STATUS NUMBER(11,0) DEFAULT '0' NOT NULL ENABLE,
+	GROUP_TYPE NUMBER(11,0) DEFAULT '0' NOT NULL ENABLE,
+	CRED_STORE_ID NUMBER(20,0) DEFAULT NULL,
+	PRIMARY KEY (ID),
+	CONSTRAINT X_GROUP_FK_ADDED_BY_ID FOREIGN KEY (ADDED_BY_ID) REFERENCES X_PORTAL_USER (ID) ENABLE,
+	CONSTRAINT X_GROUP_FK_CRED_STORE_ID FOREIGN KEY (CRED_STORE_ID) REFERENCES X_CRED_STORE (ID) ENABLE,
+	CONSTRAINT X_GROUP_FK_UPD_BY_ID FOREIGN KEY (UPD_BY_ID) REFERENCES X_PORTAL_USER (ID) ENABLE
+) ;
+
+CREATE TABLE x_group_groups (
+	id NUMBER(20) NOT NULL,
+	create_time DATE DEFAULT NULL NULL ,
+	update_time DATE DEFAULT NULL NULL ,
+	added_by_id NUMBER(20) DEFAULT NULL NULL ,
+	upd_by_id NUMBER(20) DEFAULT NULL NULL ,
+	group_name VARCHAR(1024) NOT NULL,
+	p_group_id NUMBER(20) DEFAULT NULL NULL ,
+	group_id NUMBER(20) DEFAULT NULL NULL ,
+	PRIMARY KEY (id),
+	CONSTRAINT x_group_groups_FK_added_by_id FOREIGN KEY (added_by_id) REFERENCES x_portal_user (id),
+	CONSTRAINT x_group_groups_FK_group_id FOREIGN KEY (group_id) REFERENCES x_group (id),
+	CONSTRAINT x_group_groups_FK_p_group_id FOREIGN KEY (p_group_id) REFERENCES x_group (id),
+	CONSTRAINT x_group_groups_FK_upd_by_id FOREIGN KEY (upd_by_id) REFERENCES x_portal_user (id)
+);
+
+CREATE TABLE x_user (
+	id NUMBER(20) NOT NULL,
+	create_time DATE DEFAULT NULL NULL ,
+	update_time DATE DEFAULT NULL NULL ,
+	added_by_id NUMBER(20) DEFAULT NULL NULL ,
+	upd_by_id NUMBER(20) DEFAULT NULL NULL ,
+	user_name VARCHAR(1024) NOT NULL,
+	descr VARCHAR(4000) DEFAULT NULL  NULL,
+	status NUMBER(11) DEFAULT '0' NOT NULL,
+	cred_store_id NUMBER(20) DEFAULT NULL NULL ,
+	PRIMARY KEY (id),
+	CONSTRAINT x_user_FK_added_by_id FOREIGN KEY (added_by_id) REFERENCES x_portal_user (id),
+	CONSTRAINT x_user_FK_cred_store_id FOREIGN KEY (cred_store_id) REFERENCES x_cred_store (id),
+	CONSTRAINT x_user_FK_upd_by_id FOREIGN KEY (upd_by_id) REFERENCES x_portal_user (id)
+);
+
+CREATE TABLE x_group_users (
+	id NUMBER(20) NOT NULL ,
+	create_time DATE DEFAULT NULL NULL ,
+	update_time DATE DEFAULT NULL NULL ,
+	added_by_id NUMBER(20) DEFAULT NULL NULL ,
+	upd_by_id NUMBER(20) DEFAULT NULL NULL ,
+	group_name VARCHAR(1024) NOT NULL,
+	p_group_id NUMBER(20) DEFAULT NULL NULL ,
+	user_id NUMBER(20) DEFAULT NULL NULL ,
+	PRIMARY KEY (id),
+	CONSTRAINT x_group_users_FK_added_by_id FOREIGN KEY (added_by_id) REFERENCES x_portal_user (id),
+	CONSTRAINT x_group_users_FK_p_group_id FOREIGN KEY (p_group_id) REFERENCES x_group (id),
+	CONSTRAINT x_group_users_FK_upd_by_id FOREIGN KEY (upd_by_id) REFERENCES x_portal_user (id),
+	CONSTRAINT x_group_users_FK_user_id FOREIGN KEY (user_id) REFERENCES x_user (id)
+);
+
+CREATE TABLE x_policy_export_audit (
+	id NUMBER(20) NOT NULL,
+	create_time DATE DEFAULT NULL NULL ,
+	update_time DATE DEFAULT NULL NULL ,
+	added_by_id NUMBER(20) DEFAULT NULL NULL ,
+	upd_by_id NUMBER(20) DEFAULT NULL NULL ,
+	client_ip VARCHAR(255) NOT NULL,
+	agent_id VARCHAR(255) DEFAULT NULL NULL ,
+	req_epoch NUMBER(20) NOT NULL,
+	last_updated DATE DEFAULT NULL NULL ,
+	repository_name VARCHAR(1024) DEFAULT NULL NULL ,
+	exported_json CLOB NULL,
+	http_ret_code NUMBER(11) DEFAULT '0' NOT NULL ,
+	PRIMARY KEY (id),
+	CONSTRAINT x_policy_export_audit_FK_added FOREIGN KEY (added_by_id) REFERENCES x_portal_user (id),
+	CONSTRAINT x_policy_export_audit_FK_upd FOREIGN KEY (upd_by_id) REFERENCES x_portal_user (id)
+);
+
+CREATE TABLE x_resource (
+	id NUMBER(20) NOT NULL,
+	create_time DATE DEFAULT NULL NULL ,
+	update_time DATE DEFAULT NULL NULL ,
+	added_by_id NUMBER(20) DEFAULT NULL NULL ,
+	upd_by_id NUMBER(20) DEFAULT NULL NULL ,
+	res_name VARCHAR(4000) DEFAULT NULL NULL ,
+	descr VARCHAR(4000) DEFAULT NULL NULL ,
+	res_type NUMBER(11) DEFAULT '0' NOT NULL ,
+	asset_id NUMBER(20) NOT NULL,
+	parent_id NUMBER(20) DEFAULT NULL NULL ,
+	parent_path VARCHAR(4000) DEFAULT NULL NULL ,
+	is_encrypt NUMBER(11) DEFAULT '0' NOT NULL ,
+	is_recursive NUMBER(11) DEFAULT '0' NOT NULL ,
+	res_group VARCHAR(1024) DEFAULT NULL NULL ,
+	res_dbs CLOB NULL,
+	res_tables CLOB NULL,
+	res_col_fams CLOB NULL,
+	res_cols CLOB NULL,
+	res_udfs CLOB NULL,
+	res_status NUMBER(11) DEFAULT '1' NOT NULL,
+	table_type NUMBER(11) DEFAULT '0' NOT NULL,
+	col_type NUMBER(11) DEFAULT '0' NOT NULL,
+	PRIMARY KEY (id),
+	CONSTRAINT x_resource_FK_added_by_id FOREIGN KEY (added_by_id) REFERENCES x_portal_user (id),
+	CONSTRAINT x_resource_FK_asset_id FOREIGN KEY (asset_id) REFERENCES x_asset (id),
+	CONSTRAINT x_resource_FK_parent_id FOREIGN KEY (parent_id) REFERENCES x_resource (id),
+	CONSTRAINT x_resource_FK_upd_by_id FOREIGN KEY (upd_by_id) REFERENCES x_portal_user (id)
+);
+
+
+CREATE TABLE x_trx_log (
+	id NUMBER(20) NOT NULL,
+	create_time DATE DEFAULT NULL NULL ,
+	update_time DATE DEFAULT NULL NULL ,
+	added_by_id NUMBER(20) DEFAULT NULL NULL ,
+	upd_by_id NUMBER(20) DEFAULT NULL NULL ,
+	class_type NUMBER(11) DEFAULT '0' NOT NULL ,
+	object_id NUMBER(20) DEFAULT NULL NULL ,
+	parent_object_id NUMBER(20) DEFAULT NULL NULL ,
+	parent_object_class_type NUMBER(11) DEFAULT '0' NOT NULL ,
+	parent_object_name VARCHAR(1024) DEFAULT NULL NULL ,
+	object_name VARCHAR(1024) DEFAULT NULL NULL ,
+	attr_name VARCHAR(255) DEFAULT NULL NULL ,
+	prev_val CLOB DEFAULT NULL NULL ,
+	new_val CLOB DEFAULT NULL NULL ,
+	trx_id VARCHAR(1024) DEFAULT NULL NULL ,
+	action VARCHAR(255) DEFAULT NULL NULL ,
+	sess_id VARCHAR(512) DEFAULT NULL NULL ,
+	req_id VARCHAR(30) DEFAULT NULL NULL ,
+	sess_type VARCHAR(30) DEFAULT NULL NULL ,
+	PRIMARY KEY (id),
+	CONSTRAINT x_trx_log_FK_added_by_id FOREIGN KEY (added_by_id) REFERENCES x_portal_user (id),
+	CONSTRAINT x_trx_log_FK_upd_by_id FOREIGN KEY (upd_by_id) REFERENCES x_portal_user (id)
+);
+CREATE TABLE x_perm_map (
+	id NUMBER(20) NOT NULL,
+	create_time DATE DEFAULT NULL NULL ,
+	update_time DATE DEFAULT NULL NULL ,
+	added_by_id NUMBER(20) DEFAULT NULL NULL ,
+	upd_by_id NUMBER(20) DEFAULT NULL NULL ,
+	perm_group VARCHAR(1024) DEFAULT NULL NULL ,
+	res_id NUMBER(20) DEFAULT NULL NULL ,
+	group_id NUMBER(20) DEFAULT NULL NULL ,
+	user_id NUMBER(20) DEFAULT NULL NULL ,
+	perm_for NUMBER(11) DEFAULT '0' NOT NULL ,
+	perm_type NUMBER(11) DEFAULT '0' NOT NULL ,
+	is_recursive NUMBER(11) DEFAULT '0' NOT NULL ,
+	is_wild_card NUMBER(1) DEFAULT '1' NOT NULL ,
+	grant_revoke NUMBER(1) DEFAULT '1' NOT NULL ,
+	PRIMARY KEY (id),
+	CONSTRAINT x_perm_map_FK_added_by_id FOREIGN KEY (added_by_id) REFERENCES x_portal_user (id),
+	CONSTRAINT x_perm_map_FK_group_id FOREIGN KEY (group_id) REFERENCES x_group (id),
+	CONSTRAINT x_perm_map_FK_res_id FOREIGN KEY (res_id) REFERENCES x_resource (id),
+	CONSTRAINT x_perm_map_FK_upd_by_id FOREIGN KEY (upd_by_id) REFERENCES x_portal_user (id),
+	CONSTRAINT x_perm_map_FK_user_id FOREIGN KEY (user_id) REFERENCES x_user (id)
+);
+
+CREATE TABLE X_AUDIT_MAP
+(	ID NUMBER(20,0) NOT NULL ENABLE,
+	CREATE_TIME DATE DEFAULT NULL,
+	UPDATE_TIME DATE DEFAULT NULL,
+	ADDED_BY_ID NUMBER(20,0) DEFAULT NULL,
+	UPD_BY_ID NUMBER(20,0) DEFAULT NULL,
+	RES_ID NUMBER(20,0) DEFAULT NULL,
+	GROUP_ID NUMBER(20,0) DEFAULT NULL,
+	USER_ID NUMBER(20,0) DEFAULT NULL,
+	AUDIT_TYPE NUMBER(11,0) DEFAULT 0 NOT NULL ENABLE,
+	PRIMARY KEY (ID),
+	CONSTRAINT X_AUDIT_MAP_FK_ADDED_BY_ID FOREIGN KEY (ADDED_BY_ID) REFERENCES X_PORTAL_USER (ID) ENABLE,
+	CONSTRAINT X_AUDIT_MAP_FK_GROUP_ID FOREIGN KEY (GROUP_ID) REFERENCES X_GROUP (ID) ENABLE,
+	CONSTRAINT X_AUDIT_MAP_FK_RES_ID FOREIGN KEY (RES_ID) REFERENCES X_RESOURCE (ID) ENABLE,
+	CONSTRAINT X_AUDIT_MAP_FK_UPD_BY_ID FOREIGN KEY (UPD_BY_ID) REFERENCES X_PORTAL_USER (ID) ENABLE,
+	CONSTRAINT X_AUDIT_MAP_FK_USER_ID FOREIGN KEY (USER_ID) REFERENCES X_USER (ID) ENABLE
+);
+commit;
+CREATE VIEW vx_trx_log AS select x_trx_log.id AS id,x_trx_log.create_time AS create_time,x_trx_log.update_time AS update_time,x_trx_log.added_by_id AS added_by_id,x_trx_log.upd_by_id AS upd_by_id,x_trx_log.class_type AS class_type,x_trx_log.object_id AS object_id,x_trx_log.parent_object_id AS parent_object_id,x_trx_log.parent_object_class_type AS parent_object_class_type,x_trx_log.attr_name AS attr_name,x_trx_log.parent_object_name AS parent_object_name,x_trx_log.object_name AS object_name,x_trx_log.prev_val AS prev_val,x_trx_log.new_val AS new_val,x_trx_log.trx_id AS trx_id,x_trx_log.action AS action,x_trx_log.sess_id AS sess_id,x_trx_log.req_id AS req_id,x_trx_log.sess_type AS sess_type from x_trx_log  where id in(select min(x_trx_log.id) from x_trx_log group by x_trx_log.trx_id);
+commit;
+
+CREATE  INDEX xa_access_audit_FK_added_by_id ON  xa_access_audit(added_by_id);
+CREATE  INDEX xa_access_audit_FK_upd_by_id ON  xa_access_audit(upd_by_id);
+CREATE  INDEX xa_access_audit_cr_time ON  xa_access_audit(create_time);
+CREATE  INDEX xa_access_audit_up_time ON  xa_access_audit(update_time);
+CREATE  INDEX xa_access_audit_event_time ON  xa_access_audit(event_time);
+CREATE  INDEX x_asset_FK_added_by_id ON  x_asset(added_by_id);
+CREATE  INDEX x_asset_FK_upd_by_id ON  x_asset(upd_by_id);
+CREATE  INDEX x_asset_cr_time ON x_asset (create_time);
+CREATE  INDEX x_asset_up_time ON x_asset (update_time);
+CREATE  INDEX x_audit_map_FK_added_by_id ON x_audit_map (added_by_id);
+CREATE  INDEX x_audit_map_FK_upd_by_id ON x_audit_map (upd_by_id);
+CREATE  INDEX x_audit_map_FK_res_id ON  x_audit_map(res_id);
+CREATE  INDEX x_audit_map_FK_group_id ON x_audit_map (group_id);
+CREATE  INDEX x_audit_map_FK_user_id ON  x_audit_map(user_id);
+CREATE  INDEX x_audit_map_cr_time ON  x_audit_map(create_time);
+CREATE  INDEX x_audit_map_up_time ON x_audit_map (update_time);
+CREATE  INDEX x_auth_sess_FK_added_by_id ON x_auth_sess (added_by_id);
+CREATE  INDEX x_auth_sess_FK_upd_by_id ON x_auth_sess (upd_by_id);
+CREATE  INDEX x_auth_sess_FK_user_id ON x_auth_sess (user_id);
+CREATE  INDEX x_auth_sess_cr_time ON x_auth_sess (create_time);
+CREATE  INDEX x_auth_sess_up_time ON x_auth_sess (update_time);
+CREATE  INDEX x_cred_store_FK_added_by_id ON x_cred_store (added_by_id);
+CREATE  INDEX x_cred_store_FK_upd_by_id ON x_cred_store (upd_by_id);
+CREATE  INDEX x_cred_store_cr_time ON x_cred_store (create_time);
+CREATE  INDEX x_cred_store_up_time ON x_cred_store (update_time);
+CREATE  INDEX x_db_base_FK_added_by_id ON x_db_base (added_by_id);
+CREATE  INDEX x_db_base_FK_upd_by_id ON x_db_base (upd_by_id);
+CREATE  INDEX x_db_base_cr_time ON x_db_base (create_time);
+CREATE  INDEX x_db_base_up_time ON  x_db_base(update_time);
+CREATE  INDEX x_group_FK_added_by_id ON x_group (added_by_id);
+CREATE  INDEX x_group_FK_upd_by_id ON x_group (upd_by_id);
+CREATE  INDEX x_group_FK_cred_store_id ON x_group (cred_store_id);
+CREATE  INDEX x_group_cr_time ON x_group (create_time);
+CREATE  INDEX x_group_up_time ON x_group (update_time);
+CREATE  INDEX x_group_groups_FK_added_by_id ON x_group_groups (added_by_id);
+CREATE  INDEX x_group_groups_FK_upd_by_id ON  x_group_groups(upd_by_id);
+CREATE  INDEX x_group_groups_FK_p_group_id ON x_group_groups (p_group_id);
+CREATE  INDEX x_group_groups_FK_group_id ON  x_group_groups(group_id);
+CREATE  INDEX x_group_groups_cr_time ON x_group_groups (create_time);
+CREATE  INDEX x_group_groups_up_time ON x_group_groups (update_time);
+CREATE  INDEX x_group_users_FK_added_by_id ON x_group_users (added_by_id);
+CREATE  INDEX x_group_users_FK_upd_by_id ON  x_group_users(upd_by_id);
+CREATE  INDEX x_group_users_FK_p_group_id ON x_group_users (p_group_id);
+CREATE  INDEX x_group_users_FK_user_id ON x_group_users (user_id);
+CREATE  INDEX x_group_users_cr_time ON  x_group_users(create_time);
+CREATE  INDEX x_group_users_up_time ON  x_group_users(update_time);
+CREATE  INDEX x_perm_map_FK_added_by_id ON x_perm_map (added_by_id);
+CREATE  INDEX x_perm_map_FK_upd_by_id ON x_perm_map (upd_by_id);
+CREATE  INDEX x_perm_map_FK_res_id ON  x_perm_map(res_id);
+CREATE  INDEX x_perm_map_FK_group_id ON  x_perm_map(group_id);
+CREATE  INDEX x_perm_map_FK_user_id ON  x_perm_map(user_id);
+CREATE  INDEX x_perm_map_cr_time ON x_perm_map (create_time);
+CREATE  INDEX x_perm_map_up_time ON  x_perm_map(update_time);
+CREATE  INDEX x_policy_export_audit_FK_added ON x_policy_export_audit (added_by_id);
+CREATE  INDEX x_policy_export_audit_FK_upd ON x_policy_export_audit (upd_by_id);
+CREATE  INDEX x_policy_export_audit_cr_time ON x_policy_export_audit (create_time);
+CREATE  INDEX x_policy_export_audit_up_time ON  x_policy_export_audit(update_time);
+CREATE  INDEX x_portal_user_FK_added_by_id ON x_portal_user (added_by_id);
+CREATE  INDEX x_portal_user_FK_upd_by_id ON x_portal_user (upd_by_id);
+CREATE  INDEX x_portal_user_cr_time ON  x_portal_user(create_time);
+CREATE  INDEX x_portal_user_up_time ON x_portal_user (update_time);
+CREATE  INDEX x_portal_user_name ON  x_portal_user(first_name);
+CREATE  INDEX x_portal_user_role_FK_added ON  x_portal_user_role(added_by_id);
+CREATE  INDEX x_portal_user_role_FK_upd ON  x_portal_user_role(upd_by_id);
+CREATE  INDEX x_portal_user_role_FK_user_id ON  x_portal_user_role(user_id);
+CREATE  INDEX x_portal_user_role_cr_time ON  x_portal_user_role(create_time);
+CREATE  INDEX x_portal_user_role_up_time ON x_portal_user_role (update_time);
+CREATE  INDEX x_resource_FK_added_by_id ON  x_resource(added_by_id);
+CREATE  INDEX x_resource_FK_upd_by_id ON x_resource(upd_by_id);
+CREATE  INDEX x_resource_FK_asset_id ON x_resource (asset_id);
+CREATE  INDEX x_resource_FK_parent_id ON x_resource (parent_id);
+CREATE  INDEX x_resource_cr_time ON  x_resource(create_time);
+CREATE  INDEX x_resource_up_time ON x_resource (update_time);
+CREATE  INDEX x_trx_log_FK_added_by_id ON x_trx_log (added_by_id);
+CREATE  INDEX x_trx_log_FK_upd_by_id ON  x_trx_log(upd_by_id);
+CREATE  INDEX x_trx_log_cr_time ON x_trx_log (create_time);
+CREATE  INDEX x_trx_log_up_time ON x_trx_log (update_time);
+CREATE  INDEX x_user_FK_added_by_id ON x_user (added_by_id);
+CREATE  INDEX x_user_FK_upd_by_id ON x_user (upd_by_id);
+CREATE  INDEX x_user_FK_cred_store_id ON x_user (cred_store_id);
+CREATE  INDEX x_user_cr_time ON x_user (create_time);
+CREATE  INDEX x_user_up_time ON  x_user(update_time);
+
+insert into x_portal_user (
+       id,CREATE_TIME, UPDATE_TIME,
+       FIRST_NAME, LAST_NAME, PUB_SCR_NAME,
+       LOGIN_ID, PASSWORD, EMAIL, STATUS
+) values (
+X_PORTAL_USER_SEQ.NEXTVAL, SYSDATE, SYSDATE,
+ 'Admin', '', 'Admin',
+ 'admin', 'ceb4f32325eda6142bd65215f4c0f371', '', 1
+);
+
+insert into x_portal_user_role (
+      id, CREATE_TIME, UPDATE_TIME,
+       USER_ID, USER_ROLE, STATUS
+) values (
+X_PORTAL_USER_ROLE_SEQ.NEXTVAL, SYSDATE, SYSDATE,
+ 1, 'ROLE_SYS_ADMIN', 1
+);
+
+insert into x_user (id,CREATE_TIME, UPDATE_TIME,user_name, status,descr) values (
+X_USER_SEQ.NEXTVAL, SYSDATE, SYSDATE,'Admin', 0,'Administrator');
+
+INSERT INTO x_group (ID,ADDED_BY_ID, CREATE_TIME, DESCR, GROUP_TYPE, GROUP_NAME, STATUS, UPDATE_TIME, UPD_BY_ID) VALUES (X_GROUP_SEQ.nextval,1, sys_extract_utc(systimestamp), 'public group', 0, 'public', 0, sys_extract_utc(systimestamp), 1);
+commit;
+
+
+
+CREATE OR REPLACE TRIGGER x_auth_sess_trigger
+  BEFORE INSERT
+  ON x_auth_sess
+  FOR EACH ROW
+  -- Optionally restrict this trigger to fire only when really needed
+  WHEN (new.id is null)
+DECLARE
+  v_id x_auth_sess.id%TYPE;
+BEGIN
+  -- Select a new value from the sequence into a local variable. As
+  -- commented, this step is optional. You can directly select into :new.qname_id
+  SELECT  x_auth_sess_seq.nextval INTO v_id FROM DUAL;
+
+  -- :new references the record that you are about to insert into qname. Hence,
+  -- you can overwrite the value of :new.qname_id (qname.qname_id) with the value
+  -- obtained from your sequence, before inserting
+  :new.id := v_id;
+END my_trigger;
+/
+commit;

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/security-admin/pom.xml
----------------------------------------------------------------------
diff --git a/security-admin/pom.xml b/security-admin/pom.xml
index 43e941d..bb037ac 100644
--- a/security-admin/pom.xml
+++ b/security-admin/pom.xml
@@ -362,7 +362,11 @@
                        <version>${hive.version}</version>
                        <scope>runtime</scope>
                 </dependency>
-	
+	<dependency>
+      <groupId>cn.guoyukun.jdbc</groupId>
+      <artifactId>oracle-ojdbc6</artifactId>
+      <version>11.2.0.3.0</version>
+	</dependency>
   </dependencies>
   <build>
   <pluginManagement>

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/a0a18007/security-admin/scripts/install.properties
----------------------------------------------------------------------
diff --git a/security-admin/scripts/install.properties b/security-admin/scripts/install.properties
index 5facf0c..63f193d 100644
--- a/security-admin/scripts/install.properties
+++ b/security-admin/scripts/install.properties
@@ -2,38 +2,48 @@
 # This file provides list of deployment variables for the Policy Manager Web Application 
 #
 
-#------------------------- MYSQL CONFIG - BEGIN ----------------------------------
+#------------------------- DB CONFIG - BEGIN ----------------------------------
 
+#DB_FLAVOR=ORACLE
+#DB_FLAVOR=MYSQL
+DB_FLAVOR=MYSQL
 #
 # The executable path to be used to invoke command-line MYSQL 
 #
-MYSQL_BIN='mysql'
+#SQL_COMMAND_INVOKER='mysql'
+#SQL_COMMAND_INVOKER='sqlplus'
+SQL_COMMAND_INVOKER='mysql'
 
 #
-# Location of mysql client library (please check the location of the jar file)
+# Location of DB client library (please check the location of the jar file)
 #
-MYSQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
+#SQL_CONNECTOR_JAR=/usr/share/java/ojdbc6.jar
+#SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
+SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar
+
 
 #
-# MYSQL password for the MYSQL root user-id
+# DB password for the DB admin user-id
 # **************************************************************************
 # ** If the password is left empty or not-defined here, 
 # ** it will be prompted to enter the password during installation process 
 # **************************************************************************
 #
-
+#db_root_user=root
+#db_root_user=SYS
+db_root_user=root
 db_root_password=
 db_host=localhost
 
 #
-# MySQL UserId used for the XASecure schema
+# DB UserId used for the XASecure schema
 # 
 db_name=xasecure
 db_user=xaadmin
 db_password=
 
 #
-# MySQL UserId for storing auditlog infromation
+# DB UserId for storing auditlog infromation
 # 
 # * audit_db can be same as the XASecure schema db
 # * audit_db must exists in the same ${db_host} as xaserver database ${db_name} 
@@ -43,7 +53,7 @@ audit_db_name=xasecure
 audit_db_user=xalogger
 audit_db_password=
 
-#------------------------- MYSQL CONFIG - END ----------------------------------
+#------------------------- DB CONFIG - END ----------------------------------
 
 #
 # ------- PolicyManager CONFIG ----------------
@@ -127,10 +137,15 @@ JAVA_BIN='java'
 JAVA_VERSION_REQUIRED='1.7'
 JAVA_ORACLE='Java(TM) SE Runtime Environment'
 
-db_create_user_file=${PWD}/db/create_dev_user.sql
-db_core_file=${PWD}/db/xa_core_db.sql
-db_audit_file=${PWD}/db/xa_audit_db.sql
-db_asset_file=${PWD}/db/reset_asset.sql
+mysql_create_user_file=${PWD}/db/create_dev_user.sql
+mysql_core_file=${PWD}/db/xa_core_db.sql
+mysql_audit_file=${PWD}/db/xa_audit_db.sql
+mysql_asset_file=${PWD}/db/reset_asset.sql
+
+#oracle_create_user_file=${PWD}/db/oracle/create_dev_user_oracle.sql
+oracle_core_file=${PWD}/db/oracle/xa_core_db_oracle.sql
+oracle_audit_file=${PWD}/db/oracle/xa_audit_db_oracle.sql
+#oracle_asset_file=${PWD}/db/oracle/reset_asset_oracle.sql
 #
 
 cred_keystore_filename=/usr/lib/xapolicymgr/.jceks/xapolicymgr.jceks


Mime
View raw message