ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From me...@apache.org
Subject [2/9] ranger git commit: RANGER-2203, RANGER-2219: Review and update database schema for ranger policies and tag objects to minimize database queries/updates
Date Mon, 22 Oct 2018 06:42:37 GMT
http://git-wip-us.apache.org/repos/asf/ranger/blob/3af1f59d/security-admin/src/main/java/org/apache/ranger/service/RangerServiceResourceService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceResourceService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceResourceService.java
index d725680..f0cb8f4 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceResourceService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceResourceService.java
@@ -19,113 +19,167 @@
 
 package org.apache.ranger.service;
 
+import java.lang.reflect.Type;
 import java.util.ArrayList;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 
+import com.google.gson.reflect.TypeToken;
 import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.collections.MapUtils;
 import org.apache.commons.lang.StringUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ranger.authorization.utils.JsonUtils;
+import org.apache.ranger.biz.RangerTagDBRetriever;
 import org.apache.ranger.common.SearchField;
 import org.apache.ranger.common.SearchField.DATA_TYPE;
 import org.apache.ranger.common.SearchField.SEARCH_TYPE;
 import org.apache.ranger.entity.XXServiceResource;
+import org.apache.ranger.plugin.model.RangerPolicy;
 import org.apache.ranger.plugin.model.RangerServiceResource;
+import org.apache.ranger.plugin.model.RangerTag;
 import org.apache.ranger.plugin.util.SearchFilter;
 import org.springframework.stereotype.Service;
 
 @Service
 public class RangerServiceResourceService extends RangerServiceResourceServiceBase<XXServiceResource, RangerServiceResource> {
 
-	private boolean serviceUpdateNeeded = true;
+    private static final Log LOG = LogFactory.getLog(RangerServiceResourceService.class);
 
-	public RangerServiceResourceService() {
-		searchFields.add(new SearchField(SearchFilter.TAG_RESOURCE_ID, "obj.id", DATA_TYPE.INTEGER, SEARCH_TYPE.FULL));
-		searchFields.add(new SearchField(SearchFilter.TAG_SERVICE_ID, "obj.serviceId", DATA_TYPE.INTEGER, SEARCH_TYPE.FULL));
-		searchFields.add(new SearchField(SearchFilter.TAG_RESOURCE_SIGNATURE, "obj.resourceSignature", DATA_TYPE.STRING, SEARCH_TYPE.FULL));
-	}
+    private boolean serviceUpdateNeeded = true;
 
-	@Override
-	protected void validateForCreate(RangerServiceResource vObj) {
+    public static final Type subsumedDataType   = new TypeToken<Map<String, RangerPolicy.RangerPolicyResource>>() {}.getType();
+    public static final Type duplicatedDataType = new TypeToken<List<RangerTag>>() {}.getType();
 
-	}
+    public RangerServiceResourceService() {
+        searchFields.add(new SearchField(SearchFilter.TAG_RESOURCE_ID, "obj.id", DATA_TYPE.INTEGER, SEARCH_TYPE.FULL));
+        searchFields.add(new SearchField(SearchFilter.TAG_SERVICE_ID, "obj.serviceId", DATA_TYPE.INTEGER, SEARCH_TYPE.FULL));
+        searchFields.add(new SearchField(SearchFilter.TAG_RESOURCE_SIGNATURE, "obj.resourceSignature", DATA_TYPE.STRING, SEARCH_TYPE.FULL));
+    }
 
-	@Override
-	protected void validateForUpdate(RangerServiceResource vObj, XXServiceResource entityObj) {
-		if (StringUtils.equals(entityObj.getGuid(), vObj.getGuid()) &&
-				StringUtils.equals(entityObj.getResourceSignature(), vObj.getResourceSignature())) {
-			serviceUpdateNeeded = false;
-		} else {
-			serviceUpdateNeeded = true;
-		}
-	}
+    @Override
+    protected void validateForCreate(RangerServiceResource vObj) {
 
-	@Override
-	public RangerServiceResource postUpdate(XXServiceResource resource) {
-		RangerServiceResource ret = super.postUpdate(resource);
+    }
 
-		if (serviceUpdateNeeded) {
-			daoMgr.getXXServiceVersionInfo().updateServiceVersionInfoForServiceResourceUpdate(resource.getId(), resource.getUpdateTime());
-		}
+    @Override
+    protected void validateForUpdate(RangerServiceResource vObj, XXServiceResource entityObj) {
+        if (StringUtils.equals(entityObj.getGuid(), vObj.getGuid()) &&
+                StringUtils.equals(entityObj.getResourceSignature(), vObj.getResourceSignature())) {
+            serviceUpdateNeeded = false;
+        } else {
+            serviceUpdateNeeded = true;
+        }
+    }
 
-		return ret;
-	}
+    @Override
+    public RangerServiceResource postUpdate(XXServiceResource resource) {
+        RangerServiceResource ret = super.postUpdate(resource);
 
-	public RangerServiceResource getPopulatedViewObject(XXServiceResource xObj) {
-		return populateViewBean(xObj);
-	}
+        if (serviceUpdateNeeded) {
+            daoMgr.getXXServiceVersionInfo().updateServiceVersionInfoForServiceResourceUpdate(resource.getId(), resource.getUpdateTime());
+        }
 
-	public RangerServiceResource getServiceResourceByGuid(String guid) {
-		RangerServiceResource ret = null;
+        return ret;
+    }
 
-		XXServiceResource xxServiceResource = daoMgr.getXXServiceResource().findByGuid(guid);
-		
-		if(xxServiceResource != null) {
-			ret = populateViewBean(xxServiceResource);
-		}
+    public RangerServiceResource getPopulatedViewObject(XXServiceResource xObj) {
+        return populateViewBean(xObj);
+    }
 
-		return ret;
-	}
+    public RangerServiceResource getServiceResourceByGuid(String guid) {
+        RangerServiceResource ret = null;
 
-	public List<RangerServiceResource> getByServiceId(Long serviceId) {
-		List<RangerServiceResource> ret = new ArrayList<RangerServiceResource>();
+        XXServiceResource xxServiceResource = daoMgr.getXXServiceResource().findByGuid(guid);
 
-		List<XXServiceResource> xxServiceResources = daoMgr.getXXServiceResource().findByServiceId(serviceId);
+        if (xxServiceResource != null) {
+            ret = populateViewBean(xxServiceResource);
+        }
 
-		if(CollectionUtils.isNotEmpty(xxServiceResources)) {
-			for(XXServiceResource xxServiceResource : xxServiceResources) {
-				RangerServiceResource serviceResource = populateViewBean(xxServiceResource);
+        return ret;
+    }
 
-				ret.add(serviceResource);
-			}
-		}
+    public List<RangerServiceResource> getByServiceId(Long serviceId) {
+        List<RangerServiceResource> ret = new ArrayList<RangerServiceResource>();
 
-		return ret;
-	}
+        List<XXServiceResource> xxServiceResources = daoMgr.getXXServiceResource().findByServiceId(serviceId);
 
-	public RangerServiceResource getByServiceAndResourceSignature(Long serviceId, String resourceSignature) {
-		RangerServiceResource ret = null;
+        if (CollectionUtils.isNotEmpty(xxServiceResources)) {
+            for (XXServiceResource xxServiceResource : xxServiceResources) {
+                RangerServiceResource serviceResource = populateViewBean(xxServiceResource);
 
-		XXServiceResource xxServiceResource = daoMgr.getXXServiceResource().findByServiceAndResourceSignature(serviceId, resourceSignature);
-		
-		if(xxServiceResource != null) {
-			ret = populateViewBean(xxServiceResource);
-		}
+                ret.add(serviceResource);
+            }
+        }
 
-		return ret;
-	}
+        return ret;
+    }
 
-	public List<RangerServiceResource> getTaggedResourcesInServiceId(Long serviceId) {
-		List<RangerServiceResource> ret = new ArrayList<RangerServiceResource>();
+    public RangerServiceResource getByServiceAndResourceSignature(Long serviceId, String resourceSignature) {
+        RangerServiceResource ret = null;
 
-		List<XXServiceResource> xxServiceResources = daoMgr.getXXServiceResource().findByServiceId(serviceId);
-		
-		if(CollectionUtils.isNotEmpty(xxServiceResources)) {
-			for(XXServiceResource xxServiceResource : xxServiceResources) {
-				RangerServiceResource serviceResource = populateViewBean(xxServiceResource);
+        XXServiceResource xxServiceResource = daoMgr.getXXServiceResource().findByServiceAndResourceSignature(serviceId, resourceSignature);
 
-				ret.add(serviceResource);
-			}
-		}
+        if (xxServiceResource != null) {
+            ret = populateViewBean(xxServiceResource);
+        }
 
-		return ret;
-	}
+        return ret;
+    }
+
+    public List<RangerServiceResource> getTaggedResourcesInServiceId(Long serviceId) {
+        List<RangerServiceResource> ret = new ArrayList<RangerServiceResource>();
+
+        List<XXServiceResource> xxServiceResources = daoMgr.getXXServiceResource().findByServiceId(serviceId);
+
+        if (CollectionUtils.isNotEmpty(xxServiceResources)) {
+            for (XXServiceResource xxServiceResource : xxServiceResources) {
+                RangerServiceResource serviceResource = populateViewBean(xxServiceResource);
+
+                ret.add(serviceResource);
+            }
+        }
+
+        return ret;
+    }
+
+    @Override
+    protected XXServiceResource mapViewToEntityBean(RangerServiceResource serviceResource, XXServiceResource xxServiceResource, int operationContext) {
+        XXServiceResource ret = super.mapViewToEntityBean(serviceResource, xxServiceResource, operationContext);
+        if (MapUtils.isNotEmpty(serviceResource.getResourceElements())) {
+            String serviceResourceElements = JsonUtils.mapToJson(serviceResource.getResourceElements());
+            if (StringUtils.isNotEmpty(serviceResourceElements)) {
+                ret.setServiceResourceElements(serviceResourceElements);
+            } else {
+                LOG.info("Empty string representing serviceResourceElements in [" + ret + "]!!");
+            }
+        }
+
+        return ret;
+    }
+
+    @Override
+    protected RangerServiceResource mapEntityToViewBean(RangerServiceResource serviceResource, XXServiceResource xxServiceResource) {
+        RangerServiceResource ret = super.mapEntityToViewBean(serviceResource, xxServiceResource);
+        if (StringUtils.isNotEmpty(xxServiceResource.getServiceResourceElements())) {
+            Map<String, RangerPolicy.RangerPolicyResource> serviceResourceElements =
+                RangerTagDBRetriever.gsonBuilder.fromJson(xxServiceResource.getServiceResourceElements(), RangerServiceResourceService.subsumedDataType);
+            if (MapUtils.isNotEmpty(serviceResourceElements)) {
+                ret.setResourceElements(serviceResourceElements);
+            } else {
+                LOG.info("Empty serviceResourceElement in [" + ret + "]!!");
+            }
+        } else {
+            LOG.info("Empty string representing serviceResourceElements in [" + xxServiceResource + "]!!");
+        }
+
+        return ret;
+    }
+
+    @Override
+    Map<String, RangerPolicy.RangerPolicyResource> getServiceResourceElements(XXServiceResource xxServiceResource) {
+        return new HashMap<>();
+    }
 }

http://git-wip-us.apache.org/repos/asf/ranger/blob/3af1f59d/security-admin/src/main/java/org/apache/ranger/service/RangerServiceResourceServiceBase.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceResourceServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceResourceServiceBase.java
index 6af682a..329d3ee 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceResourceServiceBase.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceResourceServiceBase.java
@@ -73,26 +73,31 @@ public abstract class RangerServiceResourceServiceBase<T extends XXServiceResour
 
 		vObj.setServiceName(xService.getName());
 
-		List<XXServiceResourceElement> resElementList = daoMgr.getXXServiceResourceElement().findByResourceId(xObj.getId());
-		Map<String, RangerPolicy.RangerPolicyResource> resourceElements = new HashMap<String, RangerPolicy.RangerPolicyResource>();
+		Map<String, RangerPolicy.RangerPolicyResource> resourceElements = getServiceResourceElements(xObj);
 
-		for (XXServiceResourceElement resElement : resElementList) {
-			List<String> resValueMapList = daoMgr.getXXServiceResourceElementValue().findValuesByResElementId(resElement.getId());
+		vObj.setResourceElements(resourceElements);
 
-			XXResourceDef xResDef = daoMgr.getXXResourceDef().getById(resElement.getResDefId());
+		return vObj;
+	}
 
-			RangerPolicyResource policyRes = new RangerPolicyResource();
-			policyRes.setIsExcludes(resElement.getIsExcludes());
-			policyRes.setIsRecursive(resElement.getIsRecursive());
-			policyRes.setValues(resValueMapList);
+	Map<String, RangerPolicyResource> getServiceResourceElements(T xObj) {
+        List<XXServiceResourceElement> resElementList = daoMgr.getXXServiceResourceElement().findByResourceId(xObj.getId());
+        Map<String, RangerPolicy.RangerPolicyResource> resourceElements = new HashMap<String, RangerPolicy.RangerPolicyResource>();
 
-			resourceElements.put(xResDef.getName(), policyRes);
-		}
+        for (XXServiceResourceElement resElement : resElementList) {
+            List<String> resValueMapList = daoMgr.getXXServiceResourceElementValue().findValuesByResElementId(resElement.getId());
 
-		vObj.setResourceElements(resourceElements);
+            XXResourceDef xResDef = daoMgr.getXXResourceDef().getById(resElement.getResDefId());
 
-		return vObj;
-	}
+            RangerPolicyResource policyRes = new RangerPolicyResource();
+            policyRes.setIsExcludes(resElement.getIsExcludes());
+            policyRes.setIsRecursive(resElement.getIsRecursive());
+            policyRes.setValues(resValueMapList);
+
+            resourceElements.put(xResDef.getName(), policyRes);
+        }
+        return resourceElements;
+    }
 
 	public PList<V> searchServiceResources(SearchFilter searchFilter) {
 		PList<V> retList = new PList<V>();

http://git-wip-us.apache.org/repos/asf/ranger/blob/3af1f59d/security-admin/src/main/java/org/apache/ranger/service/RangerTagDefService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerTagDefService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerTagDefService.java
index 82eb252..10c73f0 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/RangerTagDefService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/RangerTagDefService.java
@@ -23,6 +23,8 @@ import java.util.ArrayList;
 import java.util.List;
 
 import org.apache.commons.collections.CollectionUtils;
+import org.apache.ranger.authorization.utils.JsonUtils;
+import org.apache.ranger.biz.RangerTagDBRetriever;
 import org.apache.ranger.common.SearchField;
 import org.apache.ranger.common.SearchField.DATA_TYPE;
 import org.apache.ranger.common.SearchField.SEARCH_TYPE;
@@ -102,5 +104,27 @@ public class RangerTagDefService extends RangerTagDefServiceBase<XXTagDef, Range
 
 		return ret;
 	}
+
+    @Override
+    protected RangerTagDef mapEntityToViewBean(RangerTagDef vObj, XXTagDef xObj) {
+        super.mapEntityToViewBean(vObj, xObj);
+
+        List<RangerTagDef.RangerTagAttributeDef> attributeDefs = RangerTagDBRetriever.gsonBuilder.fromJson(xObj.getTagAttrDefs(), RangerTagDBRetriever.subsumedDataType);
+        vObj.setAttributeDefs(attributeDefs);
+
+        return vObj;
+    }
+
+    @Override
+    protected XXTagDef mapViewToEntityBean(RangerTagDef vObj, XXTagDef xObj, int OPERATION_CONTEXT) {
+        super.mapViewToEntityBean(vObj, xObj, OPERATION_CONTEXT);
+        xObj.setTagAttrDefs(JsonUtils.listToJson(vObj.getAttributeDefs()));
+        return xObj;
+    }
+
+    @Override
+    public List<RangerTagDef.RangerTagAttributeDef> getAttributeDefForTagDef(XXTagDef xtagDef) {
+        return new ArrayList<>();
+    }
 	
 }

http://git-wip-us.apache.org/repos/asf/ranger/blob/3af1f59d/security-admin/src/main/java/org/apache/ranger/service/RangerTagDefServiceBase.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerTagDefServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/RangerTagDefServiceBase.java
index 408358c..929a4b0 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/RangerTagDefServiceBase.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/RangerTagDefServiceBase.java
@@ -40,7 +40,7 @@ public abstract class RangerTagDefServiceBase<T extends XXTagDef, V extends Rang
 	GUIDUtil guidUtil;
 
 	@Autowired
-	RangerAuditFields rangerAuditFields;
+	RangerAuditFields<?> rangerAuditFields;
 	
 	@Autowired
 	RangerConfigUtil configUtil;

http://git-wip-us.apache.org/repos/asf/ranger/blob/3af1f59d/security-admin/src/main/java/org/apache/ranger/service/RangerTagService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerTagService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerTagService.java
index 28b9115..2fa8830 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/RangerTagService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/RangerTagService.java
@@ -19,13 +19,21 @@
 
 package org.apache.ranger.service;
 
+import java.lang.reflect.Type;
 import java.util.ArrayList;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 
+import com.google.gson.reflect.TypeToken;
 import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.lang.StringUtils;
+import org.apache.ranger.authorization.utils.JsonUtils;
+import org.apache.ranger.biz.RangerTagDBRetriever;
 import org.apache.ranger.common.SearchField;
 import org.apache.ranger.common.SearchField.DATA_TYPE;
 import org.apache.ranger.common.SearchField.SEARCH_TYPE;
+import org.apache.ranger.entity.XXServiceResource;
 import org.apache.ranger.entity.XXTag;
 import org.apache.ranger.plugin.model.RangerTag;
 import org.apache.ranger.plugin.util.SearchFilter;
@@ -35,6 +43,8 @@ import org.springframework.stereotype.Service;
 @Service
 public class RangerTagService extends RangerTagServiceBase<XXTag, RangerTag> {
 
+	public static final Type subsumedDataType = new TypeToken<Map<String, String>>() {}.getType();
+
 	public RangerTagService() {
 		searchFields.add(new SearchField(SearchFilter.TAG_ID, "obj.id", SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL));
 		searchFields.add(new SearchField(SearchFilter.TAG_DEF_ID, "obj.type", SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL));
@@ -95,13 +105,12 @@ public class RangerTagService extends RangerTagServiceBase<XXTag, RangerTag> {
 	public List<RangerTag> getTagsForResourceId(Long resourceId) {
 		List<RangerTag> ret = new ArrayList<RangerTag>();
 
-		List<XXTag> xxTags = daoMgr.getXXTag().findForResourceId(resourceId);
-		
-		if(CollectionUtils.isNotEmpty(xxTags)) {
-			for(XXTag xxTag : xxTags) {
-				RangerTag tag = populateViewBean(xxTag);
+		XXServiceResource serviceResourceEntity = daoMgr.getXXServiceResource().getById(resourceId);
 
-				ret.add(tag);
+		if (serviceResourceEntity != null) {
+			String tagsText = serviceResourceEntity.getTags();
+			if (StringUtils.isNotEmpty(tagsText)) {
+				ret = RangerTagDBRetriever.gsonBuilder.fromJson(tagsText, RangerServiceResourceService.duplicatedDataType);
 			}
 		}
 
@@ -111,13 +120,12 @@ public class RangerTagService extends RangerTagServiceBase<XXTag, RangerTag> {
 	public List<RangerTag> getTagsForResourceGuid(String resourceGuid) {
 		List<RangerTag> ret = new ArrayList<RangerTag>();
 
-		List<XXTag> xxTags = daoMgr.getXXTag().findForResourceGuid(resourceGuid);
-		
-		if(CollectionUtils.isNotEmpty(xxTags)) {
-			for(XXTag xxTag : xxTags) {
-				RangerTag tag = populateViewBean(xxTag);
+		XXServiceResource serviceResourceEntity = daoMgr.getXXServiceResource().findByGuid(resourceGuid);
 
-				ret.add(tag);
+		if (serviceResourceEntity != null) {
+			String tagsText = serviceResourceEntity.getTags();
+			if (StringUtils.isNotEmpty(tagsText)) {
+				ret = RangerTagDBRetriever.gsonBuilder.fromJson(tagsText, RangerServiceResourceService.duplicatedDataType);
 			}
 		}
 
@@ -139,4 +147,25 @@ public class RangerTagService extends RangerTagServiceBase<XXTag, RangerTag> {
 
 		return ret;
 	}
+
+    @Override
+    protected RangerTag mapEntityToViewBean(RangerTag vObj, XXTag xObj) {
+        super.mapEntityToViewBean(vObj, xObj);
+
+        Map<String, String> attributes = RangerTagDBRetriever.gsonBuilder.fromJson(xObj.getTagAttrs(), RangerTagService.subsumedDataType);
+        vObj.setAttributes(attributes);
+        return vObj;
+    }
+
+    @Override
+    protected XXTag mapViewToEntityBean(RangerTag vObj, XXTag xObj, int OPERATION_CONTEXT) {
+        super.mapViewToEntityBean(vObj, xObj, OPERATION_CONTEXT);
+        xObj.setTagAttrs(JsonUtils.mapToJson(vObj.getAttributes()));
+        return xObj;
+    }
+
+    @Override
+    public Map<String, String> getAttributesForTag(XXTag xTag) {
+        return new HashMap<>();
+    }
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/ranger/blob/3af1f59d/security-admin/src/main/java/org/apache/ranger/service/XPortalUserService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XPortalUserService.java b/security-admin/src/main/java/org/apache/ranger/service/XPortalUserService.java
index c96878d..5f5b5c4 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/XPortalUserService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/XPortalUserService.java
@@ -269,18 +269,10 @@ public class XPortalUserService extends
 		//0.6
 		daoManager.getXXTagDef().updateUserIDReference("added_by_id", xXPortalUserId);
 		daoManager.getXXTagDef().updateUserIDReference("upd_by_id", xXPortalUserId);
-		daoManager.getXXTagAttributeDef().updateUserIDReference("added_by_id", xXPortalUserId);
-		daoManager.getXXTagAttributeDef().updateUserIDReference("upd_by_id", xXPortalUserId);
 		daoManager.getXXServiceResource().updateUserIDReference("added_by_id", xXPortalUserId);
 		daoManager.getXXServiceResource().updateUserIDReference("upd_by_id", xXPortalUserId);
-		daoManager.getXXServiceResourceElement().updateUserIDReference("added_by_id", xXPortalUserId);
-		daoManager.getXXServiceResourceElement().updateUserIDReference("upd_by_id", xXPortalUserId);
-		daoManager.getXXServiceResourceElementValue().updateUserIDReference("added_by_id", xXPortalUserId);
-		daoManager.getXXServiceResourceElementValue().updateUserIDReference("upd_by_id", xXPortalUserId);
 		daoManager.getXXTag().updateUserIDReference("added_by_id", xXPortalUserId);
 		daoManager.getXXTag().updateUserIDReference("upd_by_id", xXPortalUserId);
-		daoManager.getXXTagAttribute().updateUserIDReference("added_by_id", xXPortalUserId);
-		daoManager.getXXTagAttribute().updateUserIDReference("upd_by_id", xXPortalUserId);
 		daoManager.getXXTagResourceMap().updateUserIDReference("added_by_id", xXPortalUserId);
 		daoManager.getXXTagResourceMap().updateUserIDReference("upd_by_id", xXPortalUserId);
 	}

http://git-wip-us.apache.org/repos/asf/ranger/blob/3af1f59d/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
index cdf6ba6..be51592 100644
--- a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
+++ b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
@@ -244,22 +244,11 @@
 		</query>
 	</named-query>
 
-	<named-query name="XXUser.findByPolicyItemId">
-		<query>select obj.name from XXUser obj, XXPolicyItemUserPerm polItemUser 
-		where polItemUser.policyItemId = :polItemId and polItemUser.userId = obj.id </query>
-	</named-query>
-
 	<named-query name="XXUser.findByPortalUserId">
 		<query>select obj from XXUser obj, XXPortalUser portalUser where portalUser.id = :portalUserId and 
 		obj.name = portalUser.loginId</query>
 	</named-query>
 
-	<named-query name="XXGroup.findByPolicyItemId">
-		<query>select obj.name from XXGroup obj, XXPolicyItemGroupPerm polItemGrp 
-		where polItemGrp.policyItemId = :polItemId and polItemGrp.groupId = obj.id </query>
-	</named-query>
-
-
 	<!-- XXPolicyItem -->
 	<named-query name="XXPolicyItem.findByPolicyId">
 		<query>select obj from XXPolicyItem obj
@@ -388,18 +377,6 @@
 		<query>select obj from XXPolicyConditionDef obj where obj.defId = :serviceDefId and obj.name = :name order by obj.order</query>
 	</named-query>
 
-	<named-query name="XXPolicyConditionDef.findByPolicyItemId">
-		<query>select obj from XXPolicyConditionDef obj, XXPolicyItemCondition xPolItemCond 
-		where xPolItemCond.policyItemId = :polItemId and obj.id = xPolItemCond.type order by obj.order</query>
-	</named-query>
-
-	<named-query name="XXPolicyConditionDef.findByPolicyItemIdAndName">
-		<query>select obj from XXPolicyConditionDef obj, XXPolicyItemCondition xPolItemCond 
-				where xPolItemCond.policyItemId = :polItemId and obj.name = :name 
-				and obj.id = xPolItemCond.type order by obj.order 
-		</query>
-	</named-query>
-
 	<!-- XXContextEnricherDef -->
 	<named-query name="XXContextEnricherDef.findByServiceDefId">
 		<query>select obj from XXContextEnricherDef obj where obj.defId = :serviceDefId order by obj.order</query>
@@ -511,10 +488,6 @@
 	</named-query>
 
 	<!-- XXPolicyResource -->
-	<named-query name="XXPolicyResource.findByResDefIdAndPolicyId">
-		<query>select obj from XXPolicyResource obj where 
-				obj.policyId = :polId and obj.resDefId = :resDefId</query>
-	</named-query>
 
 	<named-query name="XXPolicyResource.findByPolicyId">
 		<query>select obj from XXPolicyResource obj
@@ -533,11 +506,6 @@
 	<named-query name="XXPolicyResource.findByResDefId">
 		<query>select obj from XXPolicyResource obj where obj.resDefId = :resDefId</query>
 	</named-query>
-	
-	<!-- XXPolicyResourceMap -->
-	<named-query name="XXPolicyResourceMap.findByPolicyResId">
-		<query>select obj from XXPolicyResourceMap obj where obj.resourceId = :polResId order by obj.order</query>
-	</named-query>
 
 	<named-query name="XXPolicyResourceMap.findByPolicyId">
 		<query>select obj from XXPolicyResourceMap obj, XXPolicyResource res
@@ -556,13 +524,6 @@
 	</named-query>
 
 	<!-- XXPolicyItemAccess -->
-	<named-query name="XXPolicyItemAccess.findByPolicyItemId">
-		<query>select obj from XXPolicyItemAccess obj where obj.policyItemId = :polItemId order by obj.order</query>
-	</named-query>
-	
-	<named-query name="XXPolicyItemAccess.findByType">
-		<query>select obj from XXPolicyItemAccess obj where obj.type = :type</query>
-	</named-query>
 
 	<named-query name="XXPolicyItemAccess.findByPolicyId">
 		<query>select obj from XXPolicyItemAccess obj, XXPolicyItem item
@@ -579,21 +540,214 @@
 		        order by item.policyId, obj.policyItemId, obj.order
 		</query>
 	</named-query>
-	
-	<!-- XXPolicyItemCondition -->
-	<named-query name="XXPolicyItemCondition.findByPolicyItemId">
-		<query>select obj from XXPolicyItemCondition obj where obj.policyItemId = :polItemId order by obj.order</query>
+
+	<!-- XXPolicyRefAccessType -->
+	<named-query name="XXPolicyRefAccessType.findByPolicyId">
+		<query>select obj from XXPolicyRefAccessType obj where obj.policyId = :policyId </query>
+	</named-query>
+
+	<named-query name="XXPolicyRefAccessType.findByAccessTypeDefId">
+		<query>select obj from XXPolicyRefAccessType obj where obj.accessDefId = :accessDefId</query>
+	</named-query>
+
+	<!-- XXPolicyRefCondition -->
+	<named-query name="XXPolicyRefCondition.findByPolicyId">
+		<query>select obj from XXPolicyRefCondition obj where obj.policyId = :policyId </query>
+	</named-query>
+
+	<named-query name="XXPolicyRefCondition.findByConditionName">
+		<query>select obj from XXPolicyRefCondition obj where obj.conditionName = :conditionName</query>
+	</named-query>
+
+	<!-- XXPolicyRefGroup -->
+	<named-query name="XXPolicyRefGroup.findByPolicyId">
+		<query>select obj from XXPolicyRefGroup obj where obj.policyId = :policyId </query>
+	</named-query>
+
+	<named-query name="XXPolicyRefGroup.findByGroupName">
+		<query>select obj from XXPolicyRefGroup obj where obj.groupName = :groupName</query>
+	</named-query>
+
+<!-- 	new queries -->
+	<named-query name="XXPolicyRefGroup.findByGroupIdAndPolicyId">
+		<query>select obj from XXPolicyRefGroup obj where obj.groupId = :groupId and obj.policyId = :policyId </query>
+	</named-query>
+
+	<named-query name="XXPolicyRefCondition.findByConditionDefIdAndPolicyId">
+		<query>select obj from XXPolicyRefCondition obj where obj.conditionDefId = :conditionDefId and obj.policyId = :policyId </query>
+	</named-query>
+	<named-query name="XXPolicyRefCondition.findByConditionDefId">
+		<query>select obj from XXPolicyRefCondition obj where obj.conditionDefId = :conditionDefId </query>
+	</named-query>
+
+	<named-query name="XXUser.findUpdatedUserNames">
+		<query>select distinct obj from XXUser obj, XXPolicyRefUser ref where ref.policyId   = :policyId and ref.userId    = obj.id
+		and ref.userName != obj.name</query>
+	</named-query>
+
+	<named-query name="XXAccessTypeDef.findUpdatedAccessDefNames">
+		<query>select distinct obj from XXAccessTypeDef obj, XXPolicyRefAccessType ref where ref.policyId   = :policyId and ref.accessDefId    = obj.id
+		and ref.accessTypeName != obj.name</query>
+	</named-query>
+
+	<named-query name="XXDataMaskTypeDef.findUpdatedDataMaskDefNames">
+		<query>select distinct obj from XXDataMaskTypeDef obj, XXPolicyRefDataMaskType ref where ref.policyId   = :policyId and ref.dataMaskDefId    = obj.id
+		and ref.dataMaskTypeName != obj.name</query>
+	</named-query>
+
+	<named-query name="XXResourceDef.findUpdatedResourceDefNames">
+		<query>select distinct obj from XXResourceDef obj, XXPolicyRefResource ref where ref.policyId   = :policyId and ref.resourceDefId    = obj.id
+		and ref.resourceName != obj.name</query>
+	</named-query>
+
+    <named-query name="XXPolicyRefGroup.findUpdatedGroupNamesByPolicy">
+        <query>select groupRef.policyId, groupRef.groupName, grp.name
+            from XXPolicyRefGroup groupRef, XXGroup grp
+            where groupRef.policyId    = :policy
+            and groupRef.groupId       = grp.id
+            and groupRef.groupName    != grp.name
+        </query>
+    </named-query>
+
+	<named-query name="XXPolicyRefGroup.findUpdatedGroupNamesByService">
+		<query>select groupRef.policyId, groupRef.groupName, grp.name
+		    from XXPolicy policy, XXPolicyRefGroup groupRef, XXGroup grp
+		    where policy.service       = :service
+		    and groupRef.policyId      = policy.id
+		    and groupRef.groupId       = grp.id
+		    and groupRef.groupName    != grp.name
+        </query>
+	</named-query>
+
+	<named-query name="XXPolicyRefUser.findUpdatedUserNamesByPolicy">
+        <query>select userRef.policyId, userRef.userName, user.name
+            from XXPolicyRefUser userRef, XXUser user
+            where userRef.policyId    = :policy
+            and userRef.userId       = user.id
+            and userRef.userName    != user.name
+        </query>
+    </named-query>
+
+	<named-query name="XXPolicyRefUser.findUpdatedUserNamesByService">
+		<query>select userRef.policyId, userRef.userName, user.name
+		    from XXPolicy policy, XXPolicyRefUser userRef, XXUser user
+		    where policy.service       = :service
+		    and userRef.policyId      = policy.id
+		    and userRef.userId       = user.id
+		    and userRef.userName    != user.name
+        </query>
+	</named-query>
+
+	<named-query name="XXPolicyRefAccessType.findUpdatedAccessNamesByPolicy">
+        <query>select accessRef.policyId, accessRef.accessTypeName, accessDef.name
+            from XXPolicyRefAccessType accessRef, XXAccessTypeDef accessDef
+            where accessRef.policyId    = :policy
+            and accessRef.accessDefId       = accessDef.id
+            and accessRef.accessTypeName    != accessDef.name
+        </query>
+    </named-query>
+
+	<named-query name="XXPolicyRefAccessType.findUpdatedAccessNamesByService">
+		<query>select accessRef.policyId, accessRef.accessTypeName, accessDef.name
+            from  XXPolicy policy, XXPolicyRefAccessType accessRef, XXAccessTypeDef accessDef
+		    where policy.service       = :service
+		    and accessRef.policyId      = policy.id
+		    and accessRef.accessDefId       = accessDef.id
+            and accessRef.accessTypeName    != accessDef.name
+        </query>
+	</named-query>
+
+	<named-query name="XXPolicyRefResource.findUpdatedResourceNamesByPolicy">
+		<query>select resourceRef.policyId, resourceRef.resourceName, resourceDef.name
+            from XXPolicyRefResource resourceRef, XXResourceDef resourceDef
+		    where resourceRef.policyId     = :policy
+		    and resourceRef.resourceDefId       = resourceDef.id
+            and resourceRef.resourceName    != resourceDef.name
+        </query>
+	</named-query>
+
+	<named-query name="XXPolicyRefResource.findUpdatedResourceNamesByService">
+		<query>select resourceRef.policyId, resourceRef.resourceName, resourceDef.name
+            from  XXPolicy policy, XXPolicyRefResource resourceRef, XXResourceDef resourceDef
+		    where policy.service       = :service
+		    and resourceRef.policyId      = policy.id
+		    and resourceRef.resourceDefId       = resourceDef.id
+            and resourceRef.resourceName    != resourceDef.name
+        </query>
+	</named-query>
+
+	<named-query name="XXPolicyRefDataMaskType.findUpdatedDataMaskNamesByPolicy">
+	        <query>select dataMaskRef.policyId, dataMaskRef.dataMaskTypeName, dMaskDef.name
+	            from XXPolicyRefDataMaskType dataMaskRef, XXDataMaskTypeDef dMaskDef
+	            where dataMaskRef.policyId    = :policy
+	            and dataMaskRef.dataMaskDefId       = dMaskDef.id
+	            and dataMaskRef.dataMaskTypeName    != dMaskDef.name
+	        </query>
+	    </named-query>
+
+	<named-query name="XXPolicyRefDataMaskType.findUpdatedDataMaskNamesByService">
+		<query>select dataMaskRef.policyId, dataMaskRef.dataMaskTypeName, dMaskDef.name
+		    from XXPolicy policy, XXPolicyRefDataMaskType dataMaskRef, XXDataMaskTypeDef dMaskDef
+		    where policy.service       = :service
+		    and dataMaskRef.policyId      = policy.id
+		    and dataMaskRef.dataMaskDefId       = dMaskDef.id
+		    and dataMaskRef.dataMaskTypeName    != dMaskDef.name
+	    </query>
+	</named-query>
+
+    <named-query name="XXPolicyRefCondition.findUpdatedConditionNamesByPolicy">
+        <query>select conditionRef.policyId, conditionRef.conditionName, condDef.name
+            from XXPolicyRefCondition conditionRef, XXPolicyConditionDef condDef
+            where conditionRef.policyId    = :policy
+            and conditionRef.conditionDefId       = condDef.id
+            and conditionRef.conditionName    != condDef.name
+        </query>
+    </named-query>
+
+	<named-query name="XXPolicyRefCondition.findUpdatedConditionNamesByService">
+		<query>select conditionRef.policyId, conditionRef.conditionName, condDef.name
+		    from XXPolicy policy, XXPolicyRefCondition conditionRef, XXPolicyConditionDef condDef
+		    where policy.service       = :service
+		    and conditionRef.policyId      = policy.id
+		    and conditionRef.conditionDefId       = condDef.id
+		    and conditionRef.conditionName    != condDef.name
+        </query>
+	</named-query>
+<!-- end -->
+
+	<!-- XXPolicyRefDataMaskType -->
+	<named-query name="XXPolicyRefDataMaskType.findByPolicyId">
+		<query>select obj from XXPolicyRefDataMaskType obj where obj.policyId = :policyId </query>
+	</named-query>
+
+	<named-query name="XXPolicyRefDataMaskType.findByDataMaskTypeName">
+		<query>select obj from XXPolicyRefDataMaskType obj where obj.dataMaskTypeName = :dataMaskTypeName</query>
+	</named-query>
+
+	<!-- XXPolicyRefResource -->
+	<named-query name="XXPolicyRefResource.findByPolicyId">
+		<query>select obj from XXPolicyRefResource obj where obj.policyId = :policyId </query>
 	</named-query>
 
-	<named-query name="XXPolicyItemCondition.findByPolicyItemAndDefId">
-		<query>select obj from XXPolicyItemCondition obj where 
-				obj.policyItemId = :polItemId and obj.type = :polCondDefId order by obj.order</query>
+	<named-query name="XXPolicyRefResource.findByResourceDefId">
+		<query>select obj from XXPolicyRefResource obj where obj.resourceDefId = :resourceDefId</query>
 	</named-query>
 
-	<named-query name="XXPolicyItemCondition.findByPolicyConditionDefId">
-		<query>select obj from XXPolicyItemCondition obj where obj.type = :polCondDefId</query>
+	<!-- XXPolicyRefUser -->
+	<named-query name="XXPolicyRefUser.findByPolicyId">
+		<query>select obj from XXPolicyRefUser obj where obj.policyId = :policyId </query>
 	</named-query>
 
+	<named-query name="XXPolicyRefUser.findByUserName">
+		<query>select obj from XXPolicyRefUser obj where obj.userName = :userName</query>
+	</named-query>
+
+	<named-query name="XXPolicyRefUser.findByUserId">
+		<query>select obj from XXPolicyRefUser obj where obj.userId = :userId</query>
+	</named-query>
+
+	<!-- XXPolicyItemCondition -->
+
 	<named-query name="XXPolicyItemCondition.findByPolicyId">
 		<query>select obj from XXPolicyItemCondition obj, XXPolicyItem item
 		        where obj.policyItemId = item.id
@@ -611,9 +765,6 @@
 	</named-query>
 	
 	<!-- XXPolicyItemGroupPerm -->
-	<named-query name="XXPolicyItemGroupPerm.findByPolicyItemId">
-		<query>select obj from XXPolicyItemGroupPerm obj where obj.policyItemId = :polItemId order by obj.order</query>
-	</named-query>
 
 	<named-query name="XXPolicyItemGroupPerm.findByPolicyId">
 		<query>select obj from XXPolicyItemGroupPerm obj, XXPolicyItem item
@@ -632,9 +783,6 @@
 	</named-query>
 
 	<!-- XXPolicyItemUserPerm -->
-	<named-query name="XXPolicyItemUserPerm.findByPolicyItemId">
-		<query>select obj from XXPolicyItemUserPerm obj where obj.policyItemId = :polItemId order by obj.order</query>
-	</named-query>
 
 	<named-query name="XXPolicyItemUserPerm.findByPolicyId">
 		<query>select obj from XXPolicyItemUserPerm obj, XXPolicyItem item
@@ -653,9 +801,6 @@
 	</named-query>
 
 	<!-- XXPolicyItemDataMaskInfo -->
-	<named-query name="XXPolicyItemDataMaskInfo.findByPolicyItemId">
-		<query>select obj from XXPolicyItemDataMaskInfo obj where obj.policyItemId = :polItemId</query>
-	</named-query>
 
 	<named-query name="XXPolicyItemDataMaskInfo.findByPolicyId">
 		<query>select obj from XXPolicyItemDataMaskInfo obj, XXPolicyItem item
@@ -673,14 +818,7 @@
 		</query>
 	</named-query>
 
-	<named-query name="XXPolicyItemDataMaskInfo.findByType">
-		<query>select obj from XXPolicyItemDataMaskInfo obj where obj.type = :type</query>
-	</named-query>
-
 	<!-- XXPolicyItemRowFilterInfo -->
-	<named-query name="XXPolicyItemRowFilterInfo.findByPolicyItemId">
-		<query>select obj from XXPolicyItemRowFilterInfo obj where obj.policyItemId = :polItemId</query>
-	</named-query>
 
 	<named-query name="XXPolicyItemRowFilterInfo.findByPolicyId">
 		<query>select obj from XXPolicyItemRowFilterInfo obj, XXPolicyItem item
@@ -855,20 +993,6 @@
 		</query>
 	</named-query>
 
-	<named-query name="XXServiceResourceElement.findForServicePlugin">
-		<query>
-			select obj from XXServiceResourceElement obj where obj.resourceId in
-			(select serviceRes.id from XXServiceResource serviceRes, XXService service where service.id = :serviceId and service.tagService is not null and serviceRes.serviceId = service.id and serviceRes.id in
-			(select tagResMap.resourceId from XXTagResourceMap tagResMap, XXTag tag, XXTagDef tagDef
-			where tagResMap.tagId = tag.id and tag.type = tagDef.id and tagDef.name in
-			(select policyResMap.value from XXPolicyResourceMap policyResMap, XXPolicyResource policyRes, XXPolicy policy
-			where policy.service = service.tagService and policy.isEnabled = TRUE and policyRes.policyId = policy.id and policyResMap.resourceId = policyRes.id)
-			)
-			)
-			order by obj.resourceId, obj.id
-		</query>
-	</named-query>
-
 	<named-query name="XXServiceResourceElement.findByServiceId">
 		<query>select obj from XXServiceResourceElement obj where obj.resourceId in
 					(select serviceresource.id from XXServiceResource serviceresource where serviceresource.serviceId = :serviceId)
@@ -893,20 +1017,6 @@
 		</query>
 	</named-query>
 
-	<named-query name="XXServiceResourceElementValue.findForServicePlugin">
-		<query>
-			select obj from XXServiceResourceElementValue obj, XXServiceResourceElement serviceResElem where obj.resElementId = serviceResElem.id and
-			serviceResElem.resourceId in
-			(select serviceRes.id from XXServiceResource serviceRes, XXService service where service.id = :serviceId and service.tagService is not null and serviceRes.serviceId = service.id and serviceRes.id in
-			(select tagResMap.resourceId from XXTagResourceMap tagResMap, XXTag tag, XXTagDef tagDef
-			where tagResMap.tagId = tag.id and tag.type = tagDef.id and tagDef.name in
-			(select policyResMap.value from XXPolicyResourceMap policyResMap, XXPolicyResource policyRes, XXPolicy policy
-			where policy.service = service.tagService and policy.isEnabled = TRUE and policyRes.policyId = policy.id and policyResMap.resourceId = policyRes.id)
-			)
-			)
-			order by serviceResElem.resourceId, serviceResElem.id
-		</query>
-	</named-query>
 	<named-query name="XXServiceResourceElementValue.findByServiceId">
 		<query>select obj from XXServiceResourceElementValue obj, XXServiceResourceElement resElem where obj.resElementId = resElem.id and resElem.resourceId in
 			(select res.id from XXServiceResource res where res.serviceId = :serviceId)
@@ -954,19 +1064,6 @@
 				order by obj.resourceId</query>
 	</named-query>
 
-	<named-query name="XXTagResourceMap.findForServicePlugin">
-		<query>
-			select obj from XXTagResourceMap obj, XXService service, XXServiceResource serviceRes where service.id = :serviceId and service.tagService is not null
-			and obj.resourceId = serviceRes.id and serviceRes.serviceId = :serviceId
-			and obj.tagId in
-			(select tag.id from XXTag tag, XXTagDef tagDef where tag.type = tagDef.id and tagDef.name in
-			(select policyResMap.value from XXPolicyResourceMap policyResMap, XXPolicyResource policyRes, XXPolicy policy
-			where policy.service = service.tagService and policy.isEnabled = TRUE and policyRes.policyId = policy.id and policyResMap.resourceId = policyRes.id)
-			)
-			order by obj.resourceId
-		</query>
-	</named-query>
-
 	<named-query name="XXTagResourceMap.getTagIdsForResourceId">
 		<query>select obj.tagId from XXTagResourceMap obj
 				where obj.resourceId = :resourceId order by obj.id
@@ -980,22 +1077,14 @@
 	<named-query name="XXTagDef.findByName">
 		<query>select obj from XXTagDef obj where obj.name = :name</query>
 	</named-query>
-	
-	<named-query name="XXTagDef.findByServiceId">
-		<query>select obj from XXTagDef obj where obj.id in
-				(select tag.type from XXTag tag, XXTagResourceMap tagRes, XXServiceResource resource where tag.id = tagRes.tagId and tagRes.resourceId = resource.id and resource.serviceId = :serviceId)
-				order by obj.id
-		</query>
-	</named-query>
 
-	<named-query name="XXTagDef.findForServicePlugin">
-		<query>select obj from XXTagDef obj, XXService service where service.id = :serviceId and service.tagService is not null and
-			obj.name in
-			(select policyResMap.value from XXPolicyResourceMap policyResMap, XXPolicyResource policyRes, XXPolicy policy
-			where policy.service = service.tagService and policyRes.policyId = policy.id and policy.isEnabled = TRUE and policyResMap.resourceId = policyRes.id)
+	<named-query name="XXTagDef.findByServiceId">
+		<query>select obj.id, obj.guid, obj.version, obj.isEnabled, obj.name, obj.source, obj.tagAttrDefs from XXTagDef obj where obj.id in
+			(select tag.type from XXTag tag, XXTagResourceMap tagRes, XXServiceResource resource where tag.id = tagRes.tagId and tagRes.resourceId = resource.id and resource.serviceId = :serviceId)
 			order by obj.id
 		</query>
 	</named-query>
+
 	<named-query name="XXTagDef.findByResourceId">
 		<query>select obj from XXTagDef obj where obj.id in
 			(select tag.type from XXTag tag, XXTagResourceMap tagRes where tag.id = tagRes.tagId and tagRes.resourceId = :resourceId)
@@ -1017,16 +1106,6 @@
 			order by obj.tagDefId
 		</query>
 	</named-query>
-	<named-query name="XXTagAttributeDef.findForServicePlugin">
-		<query>select obj from XXTagAttributeDef obj where obj.tagDefId in
-			(select tagDef.id from XXTagDef tagDef, XXService service where service.id = :serviceId and service.tagService is not null and
-			tagDef.name in
-			(select policyResMap.value from XXPolicyResourceMap policyResMap, XXPolicyResource policyRes, XXPolicy policy
-			where policy.service = service.tagService and policy.isEnabled = TRUE and policyRes.policyId = policy.id and policyResMap.resourceId = policyRes.id)
-			)
-			order by obj.tagDefId
-		</query>
-	</named-query>
 	<named-query name="XXTagAttributeDef.findByResourceId">
 		<query>select obj from XXTagAttributeDef obj where obj.tagDefId in
 			(select tag.type from XXTag tag, XXTagResourceMap tagRes where tag.id = tagRes.tagId and tagRes.resourceId = :resourceId)
@@ -1062,16 +1141,6 @@
 		</query>
 	</named-query>
 
-	<named-query name="XXTag.findForServicePlugin">
-		<query>
-			select obj from XXTag obj, XXTagDef tagDef, XXService service where service.id = :serviceId and service.tagService is not null and
-			obj.type = tagDef.id and tagDef.name in
-			(select policyResMap.value from XXPolicyResourceMap policyResMap, XXPolicyResource policyRes, XXPolicy policy
-			where policy.service = service.tagService and policy.isEnabled = TRUE and policyRes.policyId = policy.id and policyResMap.resourceId = policyRes.id)
-			order by obj.id
-		</query>
-	</named-query>
-
 	<named-query name="XXTag.findByServiceIdAndOwner">
 		<query>select obj from XXTag obj where obj.owner = :owner and obj.id in
 			(select tagRes.tagId from XXTagResourceMap tagRes, XXServiceResource resource where tagRes.resourceId = resource.id and resource.serviceId = :serviceId)
@@ -1106,18 +1175,6 @@
 		</query>
 	</named-query>
 
-	<named-query name="XXTagAttribute.findForServicePlugin">
-		<query>
-			select obj from XXTagAttribute obj where obj.tagId in
-			(select tag.id from XXTag tag, XXTagDef tagDef, XXService service where service.id = :serviceId and service.tagService is not null and
-			tag.type = tagDef.id and tagDef.name in
-			(select policyResMap.value from XXPolicyResourceMap policyResMap, XXPolicyResource policyRes, XXPolicy policy
-			where policy.service = service.tagService and policy.isEnabled = TRUE and policyRes.policyId = policy.id and policyResMap.resourceId = policyRes.id)
-			)
-			order by obj.tagId
-		</query>
-	</named-query>
-
 	<named-query name="XXServiceResource.findByGuid">
 		<query>select obj from XXServiceResource obj where obj.guid = :guid</query>
 	</named-query>
@@ -1129,9 +1186,9 @@
 	</named-query>
 
 	<named-query name="XXServiceResource.findTaggedResourcesInServiceId">
-		<query>select obj from XXServiceResource obj where obj.serviceId = :serviceId and obj.id in
-					(select tagResMap.resourceId from XXTagResourceMap tagResMap)
-				order by obj.id
+		<query>select obj.id, obj.guid, obj.version, obj.isEnabled, obj.resourceSignature, obj.serviceId, obj.serviceResourceElements, obj.tags from XXServiceResource obj where obj.serviceId = :serviceId and obj.id in
+            (select tagResMap.resourceId from XXTagResourceMap tagResMap)
+            order by obj.id
 		</query>
 	</named-query>
 
@@ -1141,18 +1198,6 @@
 		</query>
 	</named-query>
 
-	<named-query name="XXServiceResource.findForServicePlugin">
-		<query>
-			select obj from XXServiceResource obj, XXService service where service.id = :serviceId and service.tagService is not null and obj.serviceId = service.id and obj.id in
-				(select tagResMap.resourceId from XXTagResourceMap tagResMap, XXTag tag, XXTagDef tagDef
-					where tagResMap.tagId = tag.id and tag.type = tagDef.id and tagDef.name in
-						(select policyResMap.value from XXPolicyResourceMap policyResMap, XXPolicyResource policyRes, XXPolicy policy
-							where policy.service = service.tagService and policy.isEnabled = TRUE and policyRes.policyId = policy.id and policyResMap.resourceId = policyRes.id)
-				)
-			order by obj.id
-		</query>
-	</named-query>
-
 	<named-query name="XXServiceResource.findByServiceAndResourceSignature">
 		<query>select obj from XXServiceResource obj where obj.serviceId = :serviceId and obj.resourceSignature = :resourceSignature</query>
 	</named-query>
@@ -1182,12 +1227,12 @@
 		</query>
 	</named-query>
 	<named-query name="XXPolicy.findByUserId">
-		<query>select obj from XXPolicy obj, XXPolicyItem polItem,XXPolicyItemUserPerm polItemUserPerm where 
-		 obj.id = polItem.policyId and polItem.id = polItemUserPerm.policyItemId and polItemUserPerm.userId = :userId</query>
+		<query>select obj from XXPolicy obj, XXPolicyRefUser ref where
+		 obj.id = ref.policyId and ref.userId = :userId</query>
 	</named-query>
 	<named-query name="XXPolicy.findByGroupId">
-		<query>select obj from XXPolicy obj, XXPolicyItem polItem,XXPolicyItemGroupPerm polItemGroupPerm where 
-		 obj.id = polItem.policyId and polItem.id = polItemGroupPerm.policyItemId and polItemGroupPerm.groupId = :groupId</query>
+		<query>select obj from XXPolicy obj, XXPolicyRefGroup ref where
+		 obj.id = ref.policyId and ref.groupId = :groupId</query>
 	</named-query>
 	<named-query name="XXAccessAudit.getMaxIdOfXXAccessAudit">
 		<query>select max(obj.id) from XXAccessAudit obj</query>

http://git-wip-us.apache.org/repos/asf/ranger/blob/3af1f59d/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java
----------------------------------------------------------------------
diff --git a/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java b/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java
index c9db90a..bf19efd 100644
--- a/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java
+++ b/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java
@@ -22,8 +22,8 @@ import java.util.Date;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
-import java.util.Map.Entry;
 
+import org.apache.commons.collections.ListUtils;
 import org.apache.ranger.common.ContextUtil;
 import org.apache.ranger.common.RESTErrorUtil;
 import org.apache.ranger.common.RangerFactory;
@@ -47,7 +47,6 @@ import org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumDef;
 import org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef;
 import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef;
 import org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef;
-//import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
 import org.apache.ranger.plugin.store.PList;
 import org.apache.ranger.plugin.store.ServicePredicateUtil;
 import org.apache.ranger.plugin.util.SearchFilter;
@@ -67,6 +66,7 @@ import org.apache.ranger.view.RangerServiceDefList;
 import org.apache.ranger.view.RangerServiceList;
 import org.apache.ranger.view.VXGroupList;
 import org.apache.ranger.view.VXString;
+import org.apache.ranger.view.VXUser;
 import org.apache.ranger.view.VXUserList;
 import org.junit.Assert;
 import org.junit.FixMethodOrder;
@@ -130,13 +130,16 @@ public class TestServiceDBStore {
 	@Mock
 	ServicePredicateUtil predicateUtil;
 
+    @Mock
+    PolicyRefUpdater policyRefUpdater;
+
 	@Mock
 	XGroupService xGroupService;
 	
 	
 	@Mock
 	RESTErrorUtil restErrorUtil;
-	
+
 	@Mock
 	AssetMgr assetMgr;
 
@@ -154,6 +157,22 @@ public class TestServiceDBStore {
 				.getCurrentUserSession();
 		currentUserSession.setUserAdmin(true);
 	}
+	
+	private XXAccessTypeDef rangerKmsAccessTypes(String accessTypeName, int itemId) {
+		XXAccessTypeDef accessTypeDefObj = new XXAccessTypeDef();
+		accessTypeDefObj.setAddedByUserId(Id);
+		accessTypeDefObj.setCreateTime(new Date());
+		accessTypeDefObj.setDefid(Long.valueOf(itemId));
+		accessTypeDefObj.setId(Long.valueOf(itemId));
+		accessTypeDefObj.setItemId(Long.valueOf(itemId));
+		accessTypeDefObj.setLabel(accessTypeName);
+		accessTypeDefObj.setName(accessTypeName);
+		accessTypeDefObj.setOrder(null);
+		accessTypeDefObj.setRbkeylabel(null);
+		accessTypeDefObj.setUpdatedByUserId(Id);
+		accessTypeDefObj.setUpdateTime(new Date());
+		return accessTypeDefObj;
+	}
 
 	private RangerServiceDef rangerServiceDef() {
 		List<RangerServiceConfigDef> configs = new ArrayList<RangerServiceConfigDef>();
@@ -224,6 +243,28 @@ public class TestServiceDBStore {
 
 		return rangerService;
 	}
+	
+	private RangerService rangerKMSService() {
+		Map<String, String> configs = new HashMap<String, String>();
+		configs.put("username", "servicemgr");
+		configs.put("password", "servicemgr");
+		configs.put("provider", "kmsurl");
+		
+		RangerService rangerService = new RangerService();
+		rangerService.setId(Id);
+		rangerService.setConfigs(configs);
+		rangerService.setCreateTime(new Date());
+		rangerService.setDescription("service kms policy");
+		rangerService.setGuid("1427365526516_835_1");
+		rangerService.setIsEnabled(true);
+		rangerService.setName("KMS_1");
+		rangerService.setPolicyUpdateTime(new Date());
+		rangerService.setType("7");
+		rangerService.setUpdatedBy("Admin");
+		rangerService.setUpdateTime(new Date());
+		
+		return rangerService;
+	}
 
 	private RangerPolicy rangerPolicy() {
 		List<RangerPolicyItemAccess> accesses = new ArrayList<RangerPolicyItemAccess>();
@@ -531,14 +572,19 @@ public class TestServiceDBStore {
 
 	@Test
 	public void test13deleteServiceDef() throws Exception {
+		setup();
 		XXServiceDao xServiceDao = Mockito.mock(XXServiceDao.class);
 		XXDataMaskTypeDefDao xDataMaskDefDao = Mockito.mock(XXDataMaskTypeDefDao.class);
 		XXAccessTypeDefDao xAccessTypeDefDao = Mockito
 				.mock(XXAccessTypeDefDao.class);
 		XXAccessTypeDefGrantsDao xAccessTypeDefGrantsDao = Mockito
 				.mock(XXAccessTypeDefGrantsDao.class);
-		XXPolicyItemAccessDao xPolicyItemAccessDao = Mockito
-				.mock(XXPolicyItemAccessDao.class);
+		XXPolicyRefAccessTypeDao xPolicyRefAccessTypeDao = Mockito
+				.mock(XXPolicyRefAccessTypeDao.class);
+		XXPolicyRefConditionDao xPolicyRefConditionDao  = Mockito
+				.mock(XXPolicyRefConditionDao.class);
+		XXPolicyRefResourceDao xPolicyRefResourceDao = Mockito
+				.mock(XXPolicyRefResourceDao.class);
 		XXContextEnricherDefDao xContextEnricherDefDao = Mockito
 				.mock(XXContextEnricherDefDao.class);
 		XXEnumDefDao xEnumDefDao = Mockito.mock(XXEnumDefDao.class);
@@ -546,13 +592,7 @@ public class TestServiceDBStore {
 				.mock(XXEnumElementDefDao.class);
 		XXPolicyConditionDefDao xPolicyConditionDefDao = Mockito
 				.mock(XXPolicyConditionDefDao.class);
-		XXPolicyItemConditionDao xPolicyItemConditionDao = Mockito
-				.mock(XXPolicyItemConditionDao.class);
 		XXResourceDefDao xResourceDefDao = Mockito.mock(XXResourceDefDao.class);
-		XXPolicyResourceDao xPolicyResourceDao = Mockito
-				.mock(XXPolicyResourceDao.class);
-		XXPolicyResourceMapDao xPolicyResourceMapDao = Mockito
-				.mock(XXPolicyResourceMapDao.class);
 		XXServiceConfigDefDao xServiceConfigDefDao = Mockito
 				.mock(XXServiceConfigDefDao.class);
 
@@ -783,6 +823,40 @@ public class TestServiceDBStore {
 		policyItemUserPermObj.setUserId(Id);
 		policyItemUserPermList.add(policyItemUserPermObj);
 
+		List<XXPolicyRefAccessType> policyRefAccessTypeList = new ArrayList<XXPolicyRefAccessType>();
+		XXPolicyRefAccessType policyRefAccessType = new XXPolicyRefAccessType();
+		policyRefAccessType.setId(Id);
+		policyRefAccessType.setAccessTypeName("myAccessType");
+		policyRefAccessType.setPolicyId(Id);
+		policyRefAccessType.setCreateTime(new Date());
+		policyRefAccessType.setUpdateTime(new Date());
+		policyRefAccessType.setAddedByUserId(Id);
+		policyRefAccessType.setUpdatedByUserId(Id);
+		policyRefAccessTypeList.add(policyRefAccessType);
+
+		List<XXPolicyRefCondition> policyRefConditionsList = new ArrayList<XXPolicyRefCondition>();
+		XXPolicyRefCondition policyRefCondition = new XXPolicyRefCondition();
+		policyRefCondition.setId(Id);
+		policyRefCondition.setAddedByUserId(Id);
+		policyRefCondition.setConditionDefId(Id);
+		policyRefCondition.setConditionName("myConditionName");
+		policyRefCondition.setPolicyId(Id);
+		policyRefCondition.setUpdatedByUserId(Id);
+		policyRefCondition.setCreateTime(new Date());
+		policyRefCondition.setUpdateTime(new Date());
+		policyRefConditionsList.add(policyRefCondition);
+
+		List<XXPolicyRefResource> policyRefResourcesList = new ArrayList<XXPolicyRefResource>();
+		XXPolicyRefResource policyRefResource = new XXPolicyRefResource();
+		policyRefResource.setAddedByUserId(Id);
+		policyRefResource.setCreateTime(new Date());
+		policyRefResource.setId(Id);
+		policyRefResource.setPolicyId(Id);
+		policyRefResource.setResourceDefId(Id);
+		policyRefResource.setUpdateTime(new Date());
+		policyRefResource.setResourceName("myresourceName");
+		policyRefResourcesList.add(policyRefResource);
+
 		XXUser xUser = new XXUser();
 		xUser.setAddedByUserId(Id);
 		xUser.setCreateTime(new Date());
@@ -795,6 +869,18 @@ public class TestServiceDBStore {
 		xUser.setUpdatedByUserId(Id);
 		xUser.setUpdateTime(new Date());
 
+		Mockito.when(daoManager.getXXPolicyRefAccessType()).thenReturn(xPolicyRefAccessTypeDao);
+		Mockito.when(xPolicyRefAccessTypeDao.findByAccessTypeDefId(Id)).thenReturn(policyRefAccessTypeList);
+		Mockito.when(xPolicyRefAccessTypeDao.remove(policyRefAccessType)).thenReturn(true);
+
+		Mockito.when(daoManager.getXXPolicyRefCondition()).thenReturn(xPolicyRefConditionDao);
+		Mockito.when(xPolicyRefConditionDao.findByConditionDefId(Id)).thenReturn(policyRefConditionsList);
+		Mockito.when(xPolicyRefConditionDao.remove(policyRefCondition)).thenReturn(true);
+
+		Mockito.when(daoManager.getXXPolicyRefResource()).thenReturn(xPolicyRefResourceDao);
+		Mockito.when(xPolicyRefResourceDao.findByResourceDefID(Id)).thenReturn(policyRefResourcesList);
+		Mockito.when(xPolicyRefResourceDao.remove(policyRefResource)).thenReturn(true);
+
 		Mockito.when(serviceDefService.read(Id)).thenReturn(rangerServiceDef);
 		Mockito.when(daoManager.getXXService()).thenReturn(xServiceDao);
 		Mockito.when(xServiceDao.findByServiceDefId(serviceDefId)).thenReturn(null);
@@ -811,11 +897,6 @@ public class TestServiceDBStore {
 				xAccessTypeDefGrantsDao.findByATDId(accessTypeDefObj.getId()))
 				.thenReturn(accessTypeDefGrantslist);
 
-		Mockito.when(daoManager.getXXPolicyItemAccess()).thenReturn(
-				xPolicyItemAccessDao);
-		Mockito.when(xPolicyItemAccessDao.findByType(accessTypeDefObj.getId()))
-				.thenReturn(policyItemAccessList);
-
 		Mockito.when(daoManager.getXXContextEnricherDef()).thenReturn(
 				xContextEnricherDefDao);
 		Mockito.when(xContextEnricherDefDao.findByServiceDefId(serviceDefId))
@@ -835,28 +916,10 @@ public class TestServiceDBStore {
 		Mockito.when(xPolicyConditionDefDao.findByServiceDefId(serviceDefId))
 				.thenReturn(xConditionDefList);
 
-		Mockito.when(daoManager.getXXPolicyItemCondition()).thenReturn(
-				xPolicyItemConditionDao);
-		Mockito.when(
-				xPolicyItemConditionDao
-						.findByPolicyConditionDefId(policyConditionDefObj
-								.getId())).thenReturn(policyItemConditionList);
-
 		Mockito.when(daoManager.getXXResourceDef()).thenReturn(xResourceDefDao);
 		Mockito.when(xResourceDefDao.findByServiceDefId(serviceDefId))
 				.thenReturn(resDefList);
 
-		Mockito.when(daoManager.getXXPolicyResource()).thenReturn(
-				xPolicyResourceDao);
-		Mockito.when(xPolicyResourceDao.findByResDefId(resourceDef.getId()))
-				.thenReturn(policyResourceList);
-
-		Mockito.when(daoManager.getXXPolicyResourceMap()).thenReturn(
-				xPolicyResourceMapDao);
-		Mockito.when(
-				xPolicyResourceMapDao.findByPolicyResId(policyResource.getId()))
-				.thenReturn(policyResourceMapList);
-
 		Mockito.when(daoManager.getXXServiceConfigDef()).thenReturn(
 				xServiceConfigDefDao);
 		Mockito.when(xServiceConfigDefDao.findByServiceDefId(serviceDefId))
@@ -1058,8 +1121,6 @@ public class TestServiceDBStore {
 	public void test20updateService() throws Exception {
 		XXServiceDao xServiceDao = Mockito.mock(XXServiceDao.class);
 		XXService xService = Mockito.mock(XXService.class);
-		//XXServiceVersionInfoDao xServiceVersionInfoDao = Mockito.mock(XXServiceVersionInfoDao.class);
-		//XXServiceVersionInfo xServiceVersionInfo = Mockito.mock(XXServiceVersionInfo.class);
 		XXServiceConfigMapDao xServiceConfigMapDao = Mockito
 				.mock(XXServiceConfigMapDao.class);
 		XXServiceConfigDefDao xServiceConfigDefDao = Mockito
@@ -1136,10 +1197,6 @@ public class TestServiceDBStore {
 		Mockito.when(svcService.getPopulatedViewObject(xService)).thenReturn(
 				rangerService);
 
-		//Mockito.when(daoManager.getXXServiceVersionInfo()).thenReturn(xServiceVersionInfoDao);
-		//Mockito.when(xServiceVersionInfoDao.findByServiceId(Id)).thenReturn(xServiceVersionInfo);
-		//Mockito.when(xServiceVersionInfoDao.update(xServiceVersionInfo)).thenReturn(xServiceVersionInfo);
-
 		RangerService dbRangerService = serviceDBStore
 				.updateService(rangerService, options);
 		Assert.assertNotNull(dbRangerService);
@@ -1158,31 +1215,16 @@ public class TestServiceDBStore {
 
 	@Test
 	public void test21deleteService() throws Exception {
+		setup();
 		XXPolicyDao xPolicyDao = Mockito.mock(XXPolicyDao.class);
 		XXServiceDao xServiceDao = Mockito.mock(XXServiceDao.class);
 		XXService xService = Mockito.mock(XXService.class);
-		//XXServiceVersionInfoDao xServiceVersionInfoDao = Mockito.mock(XXServiceVersionInfoDao.class);
-		//XXServiceVersionInfo xServiceVersionInfo = Mockito.mock(XXServiceVersionInfo.class);
-		XXPolicyItemDao xPolicyItemDao = Mockito.mock(XXPolicyItemDao.class);
-		XXPolicyItemDataMaskInfoDao xxPolicyItemDataMaskInfoDao = Mockito.mock(XXPolicyItemDataMaskInfoDao.class);
-		XXPolicyItemRowFilterInfoDao xxPolicyItemRowFilterInfoDao = Mockito.mock(XXPolicyItemRowFilterInfoDao.class);
-                XXPolicyLabelMapDao xPolicyLabelMapDao = Mockito.mock(XXPolicyLabelMapDao.class);
-		XXPolicyItemConditionDao xPolicyItemConditionDao = Mockito
-				.mock(XXPolicyItemConditionDao.class);
-		XXPolicyItemGroupPermDao xPolicyItemGroupPermDao = Mockito
-				.mock(XXPolicyItemGroupPermDao.class);
-		XXPolicyItemUserPermDao xPolicyItemUserPermDao = Mockito
-				.mock(XXPolicyItemUserPermDao.class);
-		XXPolicyItemAccessDao xPolicyItemAccessDao = Mockito
-				.mock(XXPolicyItemAccessDao.class);
-		XXPolicyResourceDao xPolicyResourceDao = Mockito
-				.mock(XXPolicyResourceDao.class);
-		XXPolicyResourceMapDao xPolicyResourceMapDao = Mockito
-				.mock(XXPolicyResourceMapDao.class);
 		XXServiceConfigMapDao xServiceConfigMapDao = Mockito
 				.mock(XXServiceConfigMapDao.class);
+		XXPolicyLabelMapDao xPolicyLabelMapDao = Mockito.mock(XXPolicyLabelMapDao.class);
 
-		RangerService rangerService = rangerService();
+
+        RangerService rangerService = rangerService();
 		RangerPolicy rangerPolicy = rangerPolicy();
 		String name = "HDFS_1-1-20150316062453";
 
@@ -1224,9 +1266,6 @@ public class TestServiceDBStore {
 		policyItem.setUpdateTime(new Date());
 		policyItemList.add(policyItem);
 
-		//List<XXPolicyItemDataMaskInfo> policyItemDataMaskInfoList = new ArrayList<XXPolicyItemDataMaskInfo>();
-		//List<XXPolicyItemRowFilterInfo> policyItemRowFilterInfoList = new ArrayList<XXPolicyItemRowFilterInfo>();
-
 		List<XXPolicyItemCondition> policyItemConditionList = new ArrayList<XXPolicyItemCondition>();
 		XXPolicyItemCondition policyItemCondition = new XXPolicyItemCondition();
 		policyItemCondition.setAddedByUserId(Id);
@@ -1329,54 +1368,6 @@ public class TestServiceDBStore {
 		Mockito.when(svcService.getPopulatedViewObject(xService)).thenReturn(
 				rangerService);
 
-		//Mockito.when(daoManager.getXXServiceVersionInfo()).thenReturn(xServiceVersionInfoDao);
-		//Mockito.when(xServiceVersionInfoDao.findByServiceId(Id)).thenReturn(xServiceVersionInfo);
-		//Mockito.when(xServiceVersionInfoDao.update(xServiceVersionInfo)).thenReturn(xServiceVersionInfo);
-
-		Mockito.when(daoManager.getXXPolicyItem()).thenReturn(xPolicyItemDao);
-		Mockito.when(xPolicyItemDao.findByPolicyId(policyItem.getId()))
-				.thenReturn(policyItemList);
-
-		Mockito.when(daoManager.getXXPolicyItemDataMaskInfo()).thenReturn(xxPolicyItemDataMaskInfoDao);
-		//Mockito.when(xxPolicyItemDataMaskInfoDao.findByPolicyItemId(policyItem.getId())).thenReturn(policyItemDataMaskInfoList);
-
-		Mockito.when(daoManager.getXXPolicyItemRowFilterInfo()).thenReturn(xxPolicyItemRowFilterInfoDao);
-		//Mockito.when(xxPolicyItemRowFilterInfoDao.findByPolicyItemId(policyItem.getId())).thenReturn(policyItemRowFilterInfoList);
-
-		Mockito.when(daoManager.getXXPolicyItemCondition()).thenReturn(
-				xPolicyItemConditionDao);
-		/*Mockito.when(
-				xPolicyItemConditionDao.findByPolicyItemId(policyItemCondition
-						.getId())).thenReturn(policyItemConditionList);
-		*/
-		Mockito.when(daoManager.getXXPolicyItemGroupPerm()).thenReturn(
-				xPolicyItemGroupPermDao);
-		/*Mockito.when(
-				xPolicyItemGroupPermDao.findByPolicyItemId(policyItem.getId()))
-				.thenReturn(policyItemGroupPermList);
-		*/
-		Mockito.when(daoManager.getXXPolicyItemUserPerm()).thenReturn(
-				xPolicyItemUserPermDao);
-		/*Mockito.when(xPolicyItemUserPermDao.findByPolicyItemId(Id)).thenReturn(
-				policyItemUserPermList);*/
-
-		Mockito.when(daoManager.getXXPolicyItemAccess()).thenReturn(
-				xPolicyItemAccessDao);
-		/*Mockito.when(
-				xPolicyItemAccessDao.findByPolicyItemId(policyItemAccess
-						.getId())).thenReturn(policyItemAccessList);
-		*/
-		Mockito.when(daoManager.getXXPolicyResource()).thenReturn(
-				xPolicyResourceDao);
-		Mockito.when(xPolicyResourceDao.findByPolicyId(policyResource.getId()))
-				.thenReturn(policyResourceList);
-
-		Mockito.when(daoManager.getXXPolicyResourceMap()).thenReturn(
-				xPolicyResourceMapDao);
-		/*Mockito.when(
-				xPolicyResourceMapDao.findByPolicyResId(policyResourceMap
-						.getId())).thenReturn(policyResourceMapList);
-		*/
 		Mockito.when(daoManager.getXXService()).thenReturn(xServiceDao);
 		Mockito.when(xServiceDao.getById(Id)).thenReturn(xService);
 
@@ -1389,12 +1380,14 @@ public class TestServiceDBStore {
 		Mockito.when(
 				xServiceConfigMapDao.findByServiceId(rangerService.getId()))
 				.thenReturn(xConfMapList);
-
-                Mockito.when(daoManager.getXXPolicyLabelMap()).thenReturn(xPolicyLabelMapDao);
-                /*Mockito.when(xPolicyLabelMapDao.findByPolicyId(rangerPolicy.getId())).thenReturn(xxPolicyLabelMapList);*/
+		Mockito.when(daoManager.getXXPolicyLabelMap()).thenReturn(xPolicyLabelMapDao);
+		Mockito.when(xPolicyLabelMapDao.findByPolicyId(rangerPolicy.getId())).thenReturn(ListUtils.EMPTY_LIST);
 
 		Mockito.when(!bizUtil.hasAccess(xService, null)).thenReturn(true);
-		serviceDBStore.deleteService(Id);
+        Mockito.when(policyRefUpdater.cleanupRefTables(rangerPolicy)).thenReturn(true);
+
+        serviceDBStore.deleteService(Id);
+		Mockito.verify(svcService).delete(rangerService);
 	}
 
 	@Test
@@ -1520,16 +1513,13 @@ public class TestServiceDBStore {
 	}
 
 	@Test
-	public void tess26createPolicy() throws Exception {
+	public void test26createPolicy() throws Exception {
 		setup();
 		XXServiceDefDao xServiceDefDao = Mockito.mock(XXServiceDefDao.class);
 		XXPolicy xPolicy = Mockito.mock(XXPolicy.class);
 		XXPolicyDao xPolicyDao = Mockito.mock(XXPolicyDao.class);
 		XXServiceDao xServiceDao = Mockito.mock(XXServiceDao.class);
-		//XXServiceVersionInfoDao xServiceVersionInfoDao = Mockito.mock(XXServiceVersionInfoDao.class);
 		XXService xService = Mockito.mock(XXService.class);
-		//XXServiceVersionInfo xServiceVersionInfo = Mockito.mock(XXServiceVersionInfo.class);
-		XXPolicyItemDao xPolicyItemDao = Mockito.mock(XXPolicyItemDao.class);
 
 		XXServiceDef xServiceDef = serviceDef();
 		Map<String, String> configs = new HashMap<String, String>();
@@ -1684,9 +1674,6 @@ public class TestServiceDBStore {
 
 		Mockito.when(daoManager.getXXService()).thenReturn(xServiceDao);
 		Mockito.when(xServiceDao.findByName(name)).thenReturn(xService);
-		//Mockito.when(daoManager.getXXServiceVersionInfo()).thenReturn(xServiceVersionInfoDao);
-		//Mockito.when(xServiceVersionInfoDao.findByServiceId(Id)).thenReturn(xServiceVersionInfo);
-		//Mockito.when(xServiceVersionInfoDao.update(xServiceVersionInfo)).thenReturn(xServiceVersionInfo);
 
 		Mockito.when(svcService.getPopulatedViewObject(xService)).thenReturn(
 				rangerService);
@@ -1701,15 +1688,8 @@ public class TestServiceDBStore {
 				rangerPolicy);
 
 		Mockito.when(daoManager.getXXPolicy()).thenReturn(xPolicyDao);
-		Mockito.when(xPolicyDao.getById(Id)).thenReturn(xPolicy);
-
-		Mockito.when(
-				rangerAuditFields.populateAuditFields(
-						Mockito.isA(XXPolicyItem.class),
-						Mockito.isA(XXPolicy.class))).thenReturn(xPolicyItem);
-		Mockito.when(daoManager.getXXPolicyItem()).thenReturn(xPolicyItemDao);
-		Mockito.when(xPolicyItemDao.create(xPolicyItem))
-				.thenReturn(xPolicyItem);
+		Mockito.when(xPolicyDao.getById(Id)).thenReturn(xPolicy);Mockito.doNothing().when(policyRefUpdater).createNewPolMappingForRefTable(rangerPolicy, xPolicy, xServiceDef);
+		Mockito.when(policyService.getPopulatedViewObject(xPolicy)).thenReturn(rangerPolicy);
 
 		Mockito.when(daoManager.getXXService()).thenReturn(xServiceDao);
 		Mockito.when(xServiceDao.getById(Id)).thenReturn(xService);
@@ -1721,61 +1701,12 @@ public class TestServiceDBStore {
 				.mock(RangerPolicyResourceSignature.class);
 		Mockito.when(factory.createPolicyResourceSignature(rangerPolicy))
 				.thenReturn(signature);
-
-		XXResourceDefDao xResourceDefDao = Mockito.mock(XXResourceDefDao.class);
-		XXResourceDef xResourceDef = Mockito.mock(XXResourceDef.class);
-		XXPolicyResourceDao xPolicyResourceDao = Mockito
-				.mock(XXPolicyResourceDao.class);
-		XXPolicyConditionDefDao xPolicyConditionDefDao = Mockito
-				.mock(XXPolicyConditionDefDao.class);
-		Mockito.when(daoManager.getXXResourceDef()).thenReturn(xResourceDefDao);
-		Mockito.when(xResourceDefDao.findByNameAndPolicyId(policyName, Id))
-				.thenReturn(xResourceDef);
-
-		Mockito.when(
-				rangerAuditFields.populateAuditFields(
-						Mockito.isA(XXPolicyResource.class),
-						Mockito.isA(XXPolicy.class))).thenReturn(
-				xPolicyResource);
-		Mockito.when(daoManager.getXXPolicyResource()).thenReturn(
-				xPolicyResourceDao);
-		Mockito.when(xPolicyResourceDao.create(xPolicyResource)).thenReturn(
-				xPolicyResource);
-
-		Mockito.when(daoManager.getXXPolicyConditionDef()).thenReturn(
-				xPolicyConditionDefDao);
-		Mockito.when(
-				xPolicyConditionDefDao.findByServiceDefIdAndName(Id,
-						policyItemCondition.getType())).thenReturn(
-				policyConditionDefObj);
-		for (Entry<String, RangerPolicyResource> resource : policyResource
-				.entrySet()) {
-			Mockito.when(daoManager.getXXResourceDef()).thenReturn(
-					xResourceDefDao);
-			Mockito.when(
-					xResourceDefDao.findByNameAndPolicyId(resource.getKey(),
-							rangerPolicy.getId())).thenReturn(xResourceDef);
-		}
-
-		Mockito.when(daoManager.getXXPolicyConditionDef()).thenReturn(
-				xPolicyConditionDefDao);
-		Mockito.when(
-				xPolicyConditionDefDao.findByServiceDefIdAndName(
-						xServiceDef.getId(), policyItemCondition.getType()))
-				.thenReturn(policyConditionDefObj);
 		Mockito.when(!bizUtil.hasAccess(xService, null)).thenReturn(true);
 
-		//RangerTransactionSynchronizationAdapter spy = Mockito.spy(transactionSynchronizationAdapter);
-		//Mockito.doNothing().when(spy).executeOnTransactionCommit(Mockito.any(Runnable.class));
-
 		RangerPolicy dbRangerPolicy = serviceDBStore.createPolicy(rangerPolicy);
-		Assert.assertNull(dbRangerPolicy);
-		Assert.assertEquals(Id, rangerPolicy.getId());
-		Mockito.verify(daoManager).getXXServiceDef();
-		Mockito.verify(policyService).create(rangerPolicy);
-		Mockito.verify(rangerAuditFields).populateAuditFields(
-				Mockito.isA(XXPolicyItem.class), Mockito.isA(XXPolicy.class));
-		Mockito.verify(daoManager).getXXPolicyItem();
+
+		Assert.assertNotNull(dbRangerPolicy);
+		Assert.assertEquals(Id, dbRangerPolicy.getId());
 	}
 
 	@Test
@@ -1816,18 +1747,10 @@ public class TestServiceDBStore {
 		XXPolicyDao xPolicyDao = Mockito.mock(XXPolicyDao.class);
 		XXPolicy xPolicy = Mockito.mock(XXPolicy.class);
 		XXServiceDao xServiceDao = Mockito.mock(XXServiceDao.class);
-                XXPolicyLabelMapDao xPolicyLabelMapDao = Mockito.mock(XXPolicyLabelMapDao.class);
 		XXService xService = Mockito.mock(XXService.class);
-		//XXServiceVersionInfoDao xServiceVersionInfoDao = Mockito.mock(XXServiceVersionInfoDao.class);
 		XXServiceDefDao xServiceDefDao = Mockito.mock(XXServiceDefDao.class);
 		XXServiceDef xServiceDef = Mockito.mock(XXServiceDef.class);
-		//XXServiceVersionInfo xServiceVersionInfo = Mockito.mock(XXServiceVersionInfo.class);
-		XXPolicyResourceDao xPolicyResourceDao = Mockito
-				.mock(XXPolicyResourceDao.class);
-		XXPolicyResourceMapDao xPolicyResourceMapDao = Mockito
-				.mock(XXPolicyResourceMapDao.class);
-		XXPolicyItemDao xPolicyItemDao = Mockito.mock(XXPolicyItemDao.class);
-		XXPolicyItem xPolicyItem = Mockito.mock(XXPolicyItem.class);
+		XXPolicyLabelMapDao xPolicyLabelMapDao = Mockito.mock(XXPolicyLabelMapDao.class);
 
 		RangerService rangerService = rangerService();
 
@@ -1859,8 +1782,6 @@ public class TestServiceDBStore {
 		policyResourceMap.setValue("1L");
 		policyResourceMapList.add(policyResourceMap);
 
-                List<XXPolicyLabelMap> xxPolicyLabelMapList = new ArrayList<>();
-
 		List<XXServiceConfigDef> xServiceConfigDefList = new ArrayList<XXServiceConfigDef>();
 		XXServiceConfigDef serviceConfigDefObj = new XXServiceConfigDef();
 		serviceConfigDefObj.setId(Id);
@@ -1888,10 +1809,6 @@ public class TestServiceDBStore {
 		Mockito.when(svcService.getPopulatedViewObject(xService)).thenReturn(
 				rangerService);
 
-		//Mockito.when(daoManager.getXXServiceVersionInfo()).thenReturn(xServiceVersionInfoDao);
-		//Mockito.when(xServiceVersionInfoDao.findByServiceId(Id)).thenReturn(xServiceVersionInfo);
-		//Mockito.when(xServiceVersionInfoDao.update(xServiceVersionInfo)).thenReturn(xServiceVersionInfo);
-
 		Mockito.when(daoManager.getXXServiceDef()).thenReturn(xServiceDefDao);
 		Mockito.when(xServiceDefDao.findByName(rangerService.getType()))
 				.thenReturn(xServiceDef);
@@ -1902,24 +1819,6 @@ public class TestServiceDBStore {
 		Mockito.when(xPolicyDao.getById(rangerPolicy.getId())).thenReturn(
 				xPolicy);
 
-		Mockito.when(daoManager.getXXPolicyResource()).thenReturn(
-				xPolicyResourceDao);
-		Mockito.when(xPolicyResourceDao.findByPolicyId(rangerPolicy.getId()))
-				.thenReturn(policyResourceList);
-
-		Mockito.when(daoManager.getXXPolicyResourceMap()).thenReturn(
-				xPolicyResourceMapDao);
-		Mockito.when(
-				xPolicyResourceMapDao.findByPolicyResId(policyResourceMap
-						.getId())).thenReturn(policyResourceMapList);
-
-		Mockito.when(daoManager.getXXPolicyItem()).thenReturn(xPolicyItemDao);
-
-		Mockito.when(
-				rangerAuditFields.populateAuditFields(
-						Mockito.isA(XXPolicyItem.class),
-						Mockito.isA(XXPolicy.class))).thenReturn(xPolicyItem);
-
 		Mockito.when(daoManager.getXXService()).thenReturn(xServiceDao);
 		Mockito.when(xServiceDao.getById(rangerService.getId())).thenReturn(
 				xService);
@@ -1927,19 +1826,19 @@ public class TestServiceDBStore {
 		Mockito.when(daoManager.getXXService()).thenReturn(xServiceDao);
 		Mockito.when(xServiceDao.getById(rangerService.getId())).thenReturn(
 				xService);
+		Mockito.when(daoManager.getXXPolicyLabelMap()).thenReturn(xPolicyLabelMapDao);
+		Mockito.when(xPolicyLabelMapDao.findByPolicyId(rangerPolicy.getId())).thenReturn(ListUtils.EMPTY_LIST);
 
-                Mockito.when(daoManager.getXXPolicyLabelMap()).thenReturn(
-                                xPolicyLabelMapDao);
-                Mockito.when(xPolicyLabelMapDao.findByPolicyId(rangerPolicy.getId()))
-                                .thenReturn(xxPolicyLabelMapList);
 
 		RangerPolicyResourceSignature signature = Mockito
 				.mock(RangerPolicyResourceSignature.class);
 		Mockito.when(factory.createPolicyResourceSignature(rangerPolicy))
 				.thenReturn(signature);
 		Mockito.when(!bizUtil.hasAccess(xService, null)).thenReturn(true);
+        Mockito.when(policyRefUpdater.cleanupRefTables(rangerPolicy)).thenReturn(true);
+
 
-		RangerPolicy dbRangerPolicy = serviceDBStore.updatePolicy(rangerPolicy);
+        RangerPolicy dbRangerPolicy = serviceDBStore.updatePolicy(rangerPolicy);
 		Assert.assertNotNull(dbRangerPolicy);
 		Assert.assertEquals(dbRangerPolicy, rangerPolicy);
 		Assert.assertEquals(dbRangerPolicy.getId(), rangerPolicy.getId());
@@ -1955,9 +1854,6 @@ public class TestServiceDBStore {
 				rangerPolicy.getIsEnabled());
 		Assert.assertEquals(dbRangerPolicy.getVersion(),
 				rangerPolicy.getVersion());
-
-		Mockito.verify(rangerAuditFields).populateAuditFields(
-				Mockito.isA(XXPolicyItem.class), Mockito.isA(XXPolicy.class));
 	}
 
 	@Test
@@ -1965,24 +1861,7 @@ public class TestServiceDBStore {
 		setup();
 		XXServiceDao xServiceDao = Mockito.mock(XXServiceDao.class);
 		XXService xService = Mockito.mock(XXService.class);
-		//XXServiceVersionInfoDao xServiceVersionInfoDao = Mockito.mock(XXServiceVersionInfoDao.class);
-		//XXServiceVersionInfo xServiceVersionInfo = Mockito.mock(XXServiceVersionInfo.class);
-                XXPolicyLabelMapDao xPolicyLabelMapDao = Mockito.mock(XXPolicyLabelMapDao.class);
-		XXPolicyItemDao xPolicyItemDao = Mockito.mock(XXPolicyItemDao.class);
-		XXPolicyItemDataMaskInfoDao xPolicyItemDataMaskInfoDao = Mockito.mock(XXPolicyItemDataMaskInfoDao.class);
-		XXPolicyItemRowFilterInfoDao xPolicyItemRowFilterInfoDao = Mockito.mock(XXPolicyItemRowFilterInfoDao.class);
-		XXPolicyItemConditionDao xPolicyItemConditionDao = Mockito
-				.mock(XXPolicyItemConditionDao.class);
-		XXPolicyItemGroupPermDao xPolicyItemGroupPermDao = Mockito
-				.mock(XXPolicyItemGroupPermDao.class);
-		XXPolicyItemUserPermDao xPolicyItemUserPermDao = Mockito
-				.mock(XXPolicyItemUserPermDao.class);
-		XXPolicyItemAccessDao xPolicyItemAccessDao = Mockito
-				.mock(XXPolicyItemAccessDao.class);
-		XXPolicyResourceDao xPolicyResourceDao = Mockito
-				.mock(XXPolicyResourceDao.class);
-		XXPolicyResourceMapDao xPolicyResourceMapDao = Mockito
-				.mock(XXPolicyResourceMapDao.class);
+		XXPolicyLabelMapDao xPolicyLabelMapDao = Mockito.mock(XXPolicyLabelMapDao.class);
 
 		RangerService rangerService = rangerService();
 		RangerPolicy rangerPolicy = rangerPolicy();
@@ -2071,7 +1950,6 @@ public class TestServiceDBStore {
 		policyResource.setUpdateTime(new Date());
 		policyResourceList.add(policyResource);
 
-		List<XXPolicyResourceMap> policyResourceMapList = new ArrayList<XXPolicyResourceMap>();
 		XXPolicyResourceMap policyResourceMap = new XXPolicyResourceMap();
 		policyResourceMap.setAddedByUserId(Id);
 		policyResourceMap.setCreateTime(new Date());
@@ -2081,8 +1959,6 @@ public class TestServiceDBStore {
 		policyResourceMap.setUpdatedByUserId(Id);
 		policyResourceMap.setUpdateTime(new Date());
 		policyResourceMap.setValue("1L");
-		policyResourceMapList.add(policyResourceMap);
-                List<XXPolicyLabelMap> xxPolicyLabelMapList = new ArrayList<>();
 		List<XXServiceConfigDef> xServiceConfigDefList = new ArrayList<XXServiceConfigDef>();
 		XXServiceConfigDef serviceConfigDefObj = new XXServiceConfigDef();
 		serviceConfigDefObj.setId(Id);
@@ -2096,68 +1972,17 @@ public class TestServiceDBStore {
 		Mockito.when(svcService.getPopulatedViewObject(xService)).thenReturn(
 				rangerService);
 
-		Mockito.when(daoManager.getXXPolicyItem()).thenReturn(xPolicyItemDao);
-		Mockito.when(xPolicyItemDao.findByPolicyId(policyItem.getId()))
-				.thenReturn(policyItemList);
-
-		Mockito.when(daoManager.getXXPolicyItemDataMaskInfo()).thenReturn(xPolicyItemDataMaskInfoDao);
-
-		Mockito.when(daoManager.getXXPolicyItemRowFilterInfo()).thenReturn(xPolicyItemRowFilterInfoDao);
-
-		Mockito.when(daoManager.getXXPolicyItemCondition()).thenReturn(
-				xPolicyItemConditionDao);
-		Mockito.when(
-				xPolicyItemConditionDao.findByPolicyItemId(policyItemCondition
-						.getId())).thenReturn(policyItemConditionList);
-
-		Mockito.when(daoManager.getXXPolicyItemGroupPerm()).thenReturn(
-				xPolicyItemGroupPermDao);
-		Mockito.when(
-				xPolicyItemGroupPermDao.findByPolicyItemId(policyItem.getId()))
-				.thenReturn(policyItemGroupPermList);
-
-		Mockito.when(daoManager.getXXPolicyItemUserPerm()).thenReturn(
-				xPolicyItemUserPermDao);
-		Mockito.when(xPolicyItemUserPermDao.findByPolicyItemId(Id)).thenReturn(
-				policyItemUserPermList);
-
-		Mockito.when(daoManager.getXXPolicyItemAccess()).thenReturn(
-				xPolicyItemAccessDao);
-		Mockito.when(
-				xPolicyItemAccessDao.findByPolicyItemId(policyItemAccess
-						.getId())).thenReturn(policyItemAccessList);
-
-		Mockito.when(daoManager.getXXPolicyResource()).thenReturn(
-				xPolicyResourceDao);
-		Mockito.when(xPolicyResourceDao.findByPolicyId(policyResource.getId()))
-				.thenReturn(policyResourceList);
-
-		Mockito.when(daoManager.getXXPolicyResourceMap()).thenReturn(
-				xPolicyResourceMapDao);
-		Mockito.when(
-				xPolicyResourceMapDao.findByPolicyResId(policyResourceMap
-						.getId())).thenReturn(policyResourceMapList);
-
 		Mockito.when(daoManager.getXXService()).thenReturn(xServiceDao);
 		Mockito.when(xServiceDao.getById(Id)).thenReturn(xService);
 
-		//Mockito.when(daoManager.getXXServiceVersionInfo()).thenReturn(xServiceVersionInfoDao);
-		//Mockito.when(xServiceVersionInfoDao.findByServiceId(Id)).thenReturn(xServiceVersionInfo);
-		//Mockito.when(xServiceVersionInfoDao.update(xServiceVersionInfo)).thenReturn(xServiceVersionInfo);
-
 		Mockito.when(daoManager.getXXService()).thenReturn(xServiceDao);
 		Mockito.when(xServiceDao.getById(rangerService.getId())).thenReturn(
 				xService);
+		Mockito.when(daoManager.getXXPolicyLabelMap()).thenReturn(xPolicyLabelMapDao);
+		Mockito.when(xPolicyLabelMapDao.findByPolicyId(rangerPolicy.getId())).thenReturn(ListUtils.EMPTY_LIST);
 
 		Mockito.when(!bizUtil.hasAccess(xService, null)).thenReturn(true);
-
-                Mockito.when(daoManager.getXXPolicyLabelMap()).thenReturn(
-                                xPolicyLabelMapDao);
-                Mockito.when(xPolicyLabelMapDao.findByPolicyId(rangerPolicy.getId()))
-                                .thenReturn(xxPolicyLabelMapList);
-		//RangerTransactionSynchronizationAdapter spy = Mockito.spy(transactionSynchronizationAdapter);
-		//Mockito.doNothing().when(spy).executeOnTransactionCommit(Mockito.any(Runnable.class));
-
+        Mockito.when(policyRefUpdater.cleanupRefTables(rangerPolicy)).thenReturn(true);
 
 		serviceDBStore.deletePolicy(Id);
 	}
@@ -2493,4 +2318,98 @@ public class TestServiceDBStore {
     	Mockito.verify(daoManager).getXXServiceConfigMap();
     	Mockito.verify(xxServiceConfigMapDao).findByServiceNameAndConfigKey(rService.getName(), configName);
     }
+	
+	@Test
+	public void test41createKMSService() throws Exception {
+		XXServiceDao xServiceDao = Mockito.mock(XXServiceDao.class);
+		XXServiceConfigMapDao xServiceConfigMapDao = Mockito
+				.mock(XXServiceConfigMapDao.class);
+		XXUserDao xUserDao = Mockito.mock(XXUserDao.class);
+		XXServiceConfigDefDao xServiceConfigDefDao = Mockito
+				.mock(XXServiceConfigDefDao.class);
+		XXService xService = Mockito.mock(XXService.class);
+		XXUser xUser = Mockito.mock(XXUser.class);
+
+		Mockito.when(xServiceDao.findByName("KMS_1")).thenReturn(
+				xService);
+		Mockito.when(!bizUtil.hasAccess(xService, null)).thenReturn(true);
+
+		RangerService rangerService = rangerKMSService();
+		VXUser vXUser = null;
+		String userName = "servicemgr";
+
+		List<XXServiceConfigDef> svcConfDefList = new ArrayList<XXServiceConfigDef>();
+		XXServiceConfigDef serviceConfigDefObj = new XXServiceConfigDef();
+		serviceConfigDefObj.setId(Id);
+		serviceConfigDefObj.setType("7");
+		svcConfDefList.add(serviceConfigDefObj);
+		Mockito.when(daoManager.getXXServiceConfigDef()).thenReturn(
+				xServiceConfigDefDao);
+
+		Mockito.when(svcService.create(rangerService)).thenReturn(rangerService);
+
+		Mockito.when(daoManager.getXXService()).thenReturn(xServiceDao);
+		Mockito.when(xServiceDao.getById(rangerService.getId())).thenReturn(
+				xService);
+		Mockito.when(daoManager.getXXServiceConfigMap()).thenReturn(
+				xServiceConfigMapDao);
+
+		Mockito.when(stringUtil.getValidUserName(userName))
+		.thenReturn(userName);
+		Mockito.when(daoManager.getXXUser()).thenReturn(xUserDao);
+		Mockito.when(xUserDao.findByUserName(userName)).thenReturn(xUser);
+
+		Mockito.when(xUserService.populateViewBean(xUser)).thenReturn(vXUser);
+		VXUser vXUserHdfs = new VXUser();
+		vXUserHdfs.setName("hdfs");
+		vXUserHdfs.setPassword("hdfs");
+		VXUser vXUserHive = new VXUser();
+		vXUserHive.setName("hive");
+		vXUserHive.setPassword("hive");
+
+		XXServiceConfigMap xConfMap = new XXServiceConfigMap();
+
+		Mockito.when(svcService.getPopulatedViewObject(xService)).thenReturn(
+				rangerService);
+
+		Mockito.when(
+				rangerAuditFields.populateAuditFields(
+						Mockito.isA(XXServiceConfigMap.class),
+						Mockito.isA(XXService.class))).thenReturn(xConfMap);
+
+		List<XXAccessTypeDef> accessTypeDefList = new ArrayList<XXAccessTypeDef>();
+		accessTypeDefList.add(rangerKmsAccessTypes("getmetadata", 7));
+		accessTypeDefList.add(rangerKmsAccessTypes("generateeek", 8));
+		accessTypeDefList.add(rangerKmsAccessTypes("decrypteek", 9));
+
+		RangerServiceDef ran = new RangerServiceDef();
+		ran.setName("KMS Test");
+
+		ServiceDBStore spy = Mockito.spy(serviceDBStore);
+
+		Mockito.when(spy.getServiceByName("KMS_1")).thenReturn(
+				rangerService);
+		Mockito.doNothing().when(spy).createDefaultPolicies(rangerService);
+
+		RangerResourceDef resourceDef = new RangerResourceDef();
+		resourceDef.setItemId(Id);
+		resourceDef.setName("keyname");
+		resourceDef.setType("string");
+		resourceDef.setType("string");
+		resourceDef.setLabel("Key Name");
+		resourceDef.setDescription("Key Name");
+
+		List<RangerResourceDef> resourceHierarchy = new ArrayList<RangerResourceDef>();
+		resourceHierarchy.addAll(resourceHierarchy);
+
+		spy.createService(rangerService);
+		vXUser = new VXUser();
+		vXUser.setName(userName);
+		vXUser.setPassword(userName);
+		
+		spy.createDefaultPolicies(rangerService);
+
+		Mockito.verify(daoManager, Mockito.atLeast(1)).getXXService();
+		Mockito.verify(daoManager).getXXServiceConfigMap();
+	}
 }

http://git-wip-us.apache.org/repos/asf/ranger/blob/3af1f59d/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
index 15344ea..a8e6e61 100644
--- a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
+++ b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
@@ -281,7 +281,7 @@ public class TestServiceREST {
 		return rangerService;
 	}
 
-	public RangerPolicy rangerPolicy() {
+	RangerPolicy rangerPolicy() {
 		List<RangerPolicyItemAccess> accesses = new ArrayList<RangerPolicyItemAccess>();
 		List<String> users = new ArrayList<String>();
 		List<String> groups = new ArrayList<String>();


Mime
View raw message