sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pras...@apache.org
Subject [2/3] git commit: SENTRY-380: Clean up some grantorPrincipal semantics (Sravya Tirukkovalur via Prasad Mujumdar)
Date Wed, 17 Sep 2014 06:03:42 GMT
SENTRY-380: Clean up some grantorPrincipal semantics (Sravya Tirukkovalur via Prasad Mujumdar)


Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/dbcdb6d6
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/dbcdb6d6
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/dbcdb6d6

Branch: refs/heads/master
Commit: dbcdb6d6430fd5cde17df1cf3bd0f805795da2d7
Parents: fd70448
Author: Prasad Mujumdar <prasadm@cloudera.com>
Authored: Tue Sep 16 23:00:33 2014 -0700
Committer: Prasad Mujumdar <prasadm@cloudera.com>
Committed: Tue Sep 16 23:00:33 2014 -0700

----------------------------------------------------------------------
 .../hive/ql/exec/SentryGrantRevokeTask.java     |   4 +-
 .../db/service/thrift/TSentryPrivilege.java     | 122 +--------------
 .../provider/db/service/thrift/TSentryRole.java | 105 +------------
 .../provider/db/service/model/MSentryGroup.java |  16 +-
 .../db/service/model/MSentryPrivilege.java      |  11 +-
 .../provider/db/service/model/MSentryRole.java  |  15 +-
 .../provider/db/service/model/package.jdo       |  11 +-
 .../db/service/persistent/SentryStore.java      |  44 ++----
 .../thrift/SentryPolicyServiceClient.java       |   2 -
 .../thrift/SentryPolicyStoreProcessor.java      |  13 +-
 .../src/main/resources/sentry-db2-1.5.0.sql     |   9 +-
 .../src/main/resources/sentry-derby-1.5.0.sql   |   9 +-
 .../src/main/resources/sentry-mysql-1.5.0.sql   |  15 +-
 .../src/main/resources/sentry-oracle-1.5.0.sql  |  13 +-
 .../main/resources/sentry-postgres-1.5.0.sql    |  13 +-
 .../main/resources/sentry_policy_service.thrift |   5 +-
 .../db/service/persistent/TestSentryStore.java  | 155 ++++++++-----------
 .../e2e/dbprovider/TestDatabaseProvider.java    |  34 ++--
 .../tests/e2e/hive/TestMovingToProduction.java  |   2 +-
 .../sentry/tests/e2e/hive/TestPolicyImport.java |   1 -
 20 files changed, 151 insertions(+), 448 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/dbcdb6d6/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java
index 4f34de6..4126341 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java
@@ -425,7 +425,7 @@ public class SentryGrantRevokeTask extends Task<DDLWork> implements Serializable
       appendNonNull(builder, privilege.getAction());
       appendNonNull(builder, false);//isGrantOption()
       appendNonNull(builder, privilege.getCreateTime() * 1000L);
-      appendNonNull(builder, privilege.getGrantorPrincipal());
+      appendNonNull(builder, "--");
     }
     LOG.info("builder.toString(): " + builder.toString());
     return builder.toString();
@@ -440,7 +440,7 @@ public class SentryGrantRevokeTask extends Task<DDLWork> implements Serializable
       appendNonNull(builder, roleGrant.getRoleName(), true);
       appendNonNull(builder, false);//isGrantOption()
       appendNonNull(builder, null);//roleGrant.getGrantTime() * 1000L
-      appendNonNull(builder, roleGrant.getGrantorPrincipal());
+      appendNonNull(builder, "--");
     }
     return builder.toString();
   }

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/dbcdb6d6/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryPrivilege.java b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryPrivilege.java
index 54b6204..dbe96ff 100644
--- a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryPrivilege.java
+++ b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryPrivilege.java
@@ -41,8 +41,7 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
   private static final org.apache.thrift.protocol.TField URI_FIELD_DESC = new org.apache.thrift.protocol.TField("URI", org.apache.thrift.protocol.TType.STRING, (short)6);
   private static final org.apache.thrift.protocol.TField ACTION_FIELD_DESC = new org.apache.thrift.protocol.TField("action", org.apache.thrift.protocol.TType.STRING, (short)7);
   private static final org.apache.thrift.protocol.TField CREATE_TIME_FIELD_DESC = new org.apache.thrift.protocol.TField("createTime", org.apache.thrift.protocol.TType.I64, (short)8);
-  private static final org.apache.thrift.protocol.TField GRANTOR_PRINCIPAL_FIELD_DESC = new org.apache.thrift.protocol.TField("grantorPrincipal", org.apache.thrift.protocol.TType.STRING, (short)9);
-  private static final org.apache.thrift.protocol.TField GRANT_OPTION_FIELD_DESC = new org.apache.thrift.protocol.TField("grantOption", org.apache.thrift.protocol.TType.I32, (short)10);
+  private static final org.apache.thrift.protocol.TField GRANT_OPTION_FIELD_DESC = new org.apache.thrift.protocol.TField("grantOption", org.apache.thrift.protocol.TType.I32, (short)9);
 
   private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
   static {
@@ -57,7 +56,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
   private String URI; // optional
   private String action; // required
   private long createTime; // optional
-  private String grantorPrincipal; // optional
   private TSentryGrantOption grantOption; // optional
 
   /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
@@ -69,12 +67,11 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
     URI((short)6, "URI"),
     ACTION((short)7, "action"),
     CREATE_TIME((short)8, "createTime"),
-    GRANTOR_PRINCIPAL((short)9, "grantorPrincipal"),
     /**
      * 
      * @see TSentryGrantOption
      */
-    GRANT_OPTION((short)10, "grantOption");
+    GRANT_OPTION((short)9, "grantOption");
 
     private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
 
@@ -103,9 +100,7 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
           return ACTION;
         case 8: // CREATE_TIME
           return CREATE_TIME;
-        case 9: // GRANTOR_PRINCIPAL
-          return GRANTOR_PRINCIPAL;
-        case 10: // GRANT_OPTION
+        case 9: // GRANT_OPTION
           return GRANT_OPTION;
         default:
           return null;
@@ -149,7 +144,7 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
   // isset id assignments
   private static final int __CREATETIME_ISSET_ID = 0;
   private byte __isset_bitfield = 0;
-  private _Fields optionals[] = {_Fields.DB_NAME,_Fields.TABLE_NAME,_Fields.URI,_Fields.CREATE_TIME,_Fields.GRANTOR_PRINCIPAL,_Fields.GRANT_OPTION};
+  private _Fields optionals[] = {_Fields.DB_NAME,_Fields.TABLE_NAME,_Fields.URI,_Fields.CREATE_TIME,_Fields.GRANT_OPTION};
   public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
   static {
     Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
@@ -167,8 +162,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
         new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
     tmpMap.put(_Fields.CREATE_TIME, new org.apache.thrift.meta_data.FieldMetaData("createTime", org.apache.thrift.TFieldRequirementType.OPTIONAL, 
         new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.I64)));
-    tmpMap.put(_Fields.GRANTOR_PRINCIPAL, new org.apache.thrift.meta_data.FieldMetaData("grantorPrincipal", org.apache.thrift.TFieldRequirementType.OPTIONAL, 
-        new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
     tmpMap.put(_Fields.GRANT_OPTION, new org.apache.thrift.meta_data.FieldMetaData("grantOption", org.apache.thrift.TFieldRequirementType.OPTIONAL, 
         new org.apache.thrift.meta_data.EnumMetaData(org.apache.thrift.protocol.TType.ENUM, TSentryGrantOption.class)));
     metaDataMap = Collections.unmodifiableMap(tmpMap);
@@ -223,9 +216,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
       this.action = other.action;
     }
     this.createTime = other.createTime;
-    if (other.isSetGrantorPrincipal()) {
-      this.grantorPrincipal = other.grantorPrincipal;
-    }
     if (other.isSetGrantOption()) {
       this.grantOption = other.grantOption;
     }
@@ -249,7 +239,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
 
     setCreateTimeIsSet(false);
     this.createTime = 0;
-    this.grantorPrincipal = null;
     this.grantOption = org.apache.sentry.provider.db.service.thrift.TSentryGrantOption.FALSE;
 
   }
@@ -414,29 +403,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
     __isset_bitfield = EncodingUtils.setBit(__isset_bitfield, __CREATETIME_ISSET_ID, value);
   }
 
-  public String getGrantorPrincipal() {
-    return this.grantorPrincipal;
-  }
-
-  public void setGrantorPrincipal(String grantorPrincipal) {
-    this.grantorPrincipal = grantorPrincipal;
-  }
-
-  public void unsetGrantorPrincipal() {
-    this.grantorPrincipal = null;
-  }
-
-  /** Returns true if field grantorPrincipal is set (has been assigned a value) and false otherwise */
-  public boolean isSetGrantorPrincipal() {
-    return this.grantorPrincipal != null;
-  }
-
-  public void setGrantorPrincipalIsSet(boolean value) {
-    if (!value) {
-      this.grantorPrincipal = null;
-    }
-  }
-
   /**
    * 
    * @see TSentryGrantOption
@@ -526,14 +492,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
       }
       break;
 
-    case GRANTOR_PRINCIPAL:
-      if (value == null) {
-        unsetGrantorPrincipal();
-      } else {
-        setGrantorPrincipal((String)value);
-      }
-      break;
-
     case GRANT_OPTION:
       if (value == null) {
         unsetGrantOption();
@@ -568,9 +526,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
     case CREATE_TIME:
       return Long.valueOf(getCreateTime());
 
-    case GRANTOR_PRINCIPAL:
-      return getGrantorPrincipal();
-
     case GRANT_OPTION:
       return getGrantOption();
 
@@ -599,8 +554,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
       return isSetAction();
     case CREATE_TIME:
       return isSetCreateTime();
-    case GRANTOR_PRINCIPAL:
-      return isSetGrantorPrincipal();
     case GRANT_OPTION:
       return isSetGrantOption();
     }
@@ -683,15 +636,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
         return false;
     }
 
-    boolean this_present_grantorPrincipal = true && this.isSetGrantorPrincipal();
-    boolean that_present_grantorPrincipal = true && that.isSetGrantorPrincipal();
-    if (this_present_grantorPrincipal || that_present_grantorPrincipal) {
-      if (!(this_present_grantorPrincipal && that_present_grantorPrincipal))
-        return false;
-      if (!this.grantorPrincipal.equals(that.grantorPrincipal))
-        return false;
-    }
-
     boolean this_present_grantOption = true && this.isSetGrantOption();
     boolean that_present_grantOption = true && that.isSetGrantOption();
     if (this_present_grantOption || that_present_grantOption) {
@@ -743,11 +687,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
     if (present_createTime)
       builder.append(createTime);
 
-    boolean present_grantorPrincipal = true && (isSetGrantorPrincipal());
-    builder.append(present_grantorPrincipal);
-    if (present_grantorPrincipal)
-      builder.append(grantorPrincipal);
-
     boolean present_grantOption = true && (isSetGrantOption());
     builder.append(present_grantOption);
     if (present_grantOption)
@@ -834,16 +773,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
         return lastComparison;
       }
     }
-    lastComparison = Boolean.valueOf(isSetGrantorPrincipal()).compareTo(typedOther.isSetGrantorPrincipal());
-    if (lastComparison != 0) {
-      return lastComparison;
-    }
-    if (isSetGrantorPrincipal()) {
-      lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.grantorPrincipal, typedOther.grantorPrincipal);
-      if (lastComparison != 0) {
-        return lastComparison;
-      }
-    }
     lastComparison = Boolean.valueOf(isSetGrantOption()).compareTo(typedOther.isSetGrantOption());
     if (lastComparison != 0) {
       return lastComparison;
@@ -933,16 +862,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
       sb.append(this.createTime);
       first = false;
     }
-    if (isSetGrantorPrincipal()) {
-      if (!first) sb.append(", ");
-      sb.append("grantorPrincipal:");
-      if (this.grantorPrincipal == null) {
-        sb.append("null");
-      } else {
-        sb.append(this.grantorPrincipal);
-      }
-      first = false;
-    }
     if (isSetGrantOption()) {
       if (!first) sb.append(", ");
       sb.append("grantOption:");
@@ -1066,15 +985,7 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
               org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
             }
             break;
-          case 9: // GRANTOR_PRINCIPAL
-            if (schemeField.type == org.apache.thrift.protocol.TType.STRING) {
-              struct.grantorPrincipal = iprot.readString();
-              struct.setGrantorPrincipalIsSet(true);
-            } else { 
-              org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
-            }
-            break;
-          case 10: // GRANT_OPTION
+          case 9: // GRANT_OPTION
             if (schemeField.type == org.apache.thrift.protocol.TType.I32) {
               struct.grantOption = TSentryGrantOption.findByValue(iprot.readI32());
               struct.setGrantOptionIsSet(true);
@@ -1136,13 +1047,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
         oprot.writeI64(struct.createTime);
         oprot.writeFieldEnd();
       }
-      if (struct.grantorPrincipal != null) {
-        if (struct.isSetGrantorPrincipal()) {
-          oprot.writeFieldBegin(GRANTOR_PRINCIPAL_FIELD_DESC);
-          oprot.writeString(struct.grantorPrincipal);
-          oprot.writeFieldEnd();
-        }
-      }
       if (struct.grantOption != null) {
         if (struct.isSetGrantOption()) {
           oprot.writeFieldBegin(GRANT_OPTION_FIELD_DESC);
@@ -1183,13 +1087,10 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
       if (struct.isSetCreateTime()) {
         optionals.set(3);
       }
-      if (struct.isSetGrantorPrincipal()) {
-        optionals.set(4);
-      }
       if (struct.isSetGrantOption()) {
-        optionals.set(5);
+        optionals.set(4);
       }
-      oprot.writeBitSet(optionals, 6);
+      oprot.writeBitSet(optionals, 5);
       if (struct.isSetDbName()) {
         oprot.writeString(struct.dbName);
       }
@@ -1202,9 +1103,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
       if (struct.isSetCreateTime()) {
         oprot.writeI64(struct.createTime);
       }
-      if (struct.isSetGrantorPrincipal()) {
-        oprot.writeString(struct.grantorPrincipal);
-      }
       if (struct.isSetGrantOption()) {
         oprot.writeI32(struct.grantOption.getValue());
       }
@@ -1219,7 +1117,7 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
       struct.setServerNameIsSet(true);
       struct.action = iprot.readString();
       struct.setActionIsSet(true);
-      BitSet incoming = iprot.readBitSet(6);
+      BitSet incoming = iprot.readBitSet(5);
       if (incoming.get(0)) {
         struct.dbName = iprot.readString();
         struct.setDbNameIsSet(true);
@@ -1237,10 +1135,6 @@ public class TSentryPrivilege implements org.apache.thrift.TBase<TSentryPrivileg
         struct.setCreateTimeIsSet(true);
       }
       if (incoming.get(4)) {
-        struct.grantorPrincipal = iprot.readString();
-        struct.setGrantorPrincipalIsSet(true);
-      }
-      if (incoming.get(5)) {
         struct.grantOption = TSentryGrantOption.findByValue(iprot.readI32());
         struct.setGrantOptionIsSet(true);
       }

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/dbcdb6d6/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryRole.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryRole.java b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryRole.java
index f43a6d5..cc7973f 100644
--- a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryRole.java
+++ b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryRole.java
@@ -36,7 +36,6 @@ public class TSentryRole implements org.apache.thrift.TBase<TSentryRole, TSentry
 
   private static final org.apache.thrift.protocol.TField ROLE_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("roleName", org.apache.thrift.protocol.TType.STRING, (short)1);
   private static final org.apache.thrift.protocol.TField GROUPS_FIELD_DESC = new org.apache.thrift.protocol.TField("groups", org.apache.thrift.protocol.TType.SET, (short)2);
-  private static final org.apache.thrift.protocol.TField GRANTOR_PRINCIPAL_FIELD_DESC = new org.apache.thrift.protocol.TField("grantorPrincipal", org.apache.thrift.protocol.TType.STRING, (short)3);
 
   private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
   static {
@@ -46,13 +45,11 @@ public class TSentryRole implements org.apache.thrift.TBase<TSentryRole, TSentry
 
   private String roleName; // required
   private Set<TSentryGroup> groups; // required
-  private String grantorPrincipal; // required
 
   /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
   public enum _Fields implements org.apache.thrift.TFieldIdEnum {
     ROLE_NAME((short)1, "roleName"),
-    GROUPS((short)2, "groups"),
-    GRANTOR_PRINCIPAL((short)3, "grantorPrincipal");
+    GROUPS((short)2, "groups");
 
     private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
 
@@ -71,8 +68,6 @@ public class TSentryRole implements org.apache.thrift.TBase<TSentryRole, TSentry
           return ROLE_NAME;
         case 2: // GROUPS
           return GROUPS;
-        case 3: // GRANTOR_PRINCIPAL
-          return GRANTOR_PRINCIPAL;
         default:
           return null;
       }
@@ -121,8 +116,6 @@ public class TSentryRole implements org.apache.thrift.TBase<TSentryRole, TSentry
     tmpMap.put(_Fields.GROUPS, new org.apache.thrift.meta_data.FieldMetaData("groups", org.apache.thrift.TFieldRequirementType.REQUIRED, 
         new org.apache.thrift.meta_data.SetMetaData(org.apache.thrift.protocol.TType.SET, 
             new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, TSentryGroup.class))));
-    tmpMap.put(_Fields.GRANTOR_PRINCIPAL, new org.apache.thrift.meta_data.FieldMetaData("grantorPrincipal", org.apache.thrift.TFieldRequirementType.REQUIRED, 
-        new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
     metaDataMap = Collections.unmodifiableMap(tmpMap);
     org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(TSentryRole.class, metaDataMap);
   }
@@ -132,13 +125,11 @@ public class TSentryRole implements org.apache.thrift.TBase<TSentryRole, TSentry
 
   public TSentryRole(
     String roleName,
-    Set<TSentryGroup> groups,
-    String grantorPrincipal)
+    Set<TSentryGroup> groups)
   {
     this();
     this.roleName = roleName;
     this.groups = groups;
-    this.grantorPrincipal = grantorPrincipal;
   }
 
   /**
@@ -155,9 +146,6 @@ public class TSentryRole implements org.apache.thrift.TBase<TSentryRole, TSentry
       }
       this.groups = __this__groups;
     }
-    if (other.isSetGrantorPrincipal()) {
-      this.grantorPrincipal = other.grantorPrincipal;
-    }
   }
 
   public TSentryRole deepCopy() {
@@ -168,7 +156,6 @@ public class TSentryRole implements org.apache.thrift.TBase<TSentryRole, TSentry
   public void clear() {
     this.roleName = null;
     this.groups = null;
-    this.grantorPrincipal = null;
   }
 
   public String getRoleName() {
@@ -232,29 +219,6 @@ public class TSentryRole implements org.apache.thrift.TBase<TSentryRole, TSentry
     }
   }
 
-  public String getGrantorPrincipal() {
-    return this.grantorPrincipal;
-  }
-
-  public void setGrantorPrincipal(String grantorPrincipal) {
-    this.grantorPrincipal = grantorPrincipal;
-  }
-
-  public void unsetGrantorPrincipal() {
-    this.grantorPrincipal = null;
-  }
-
-  /** Returns true if field grantorPrincipal is set (has been assigned a value) and false otherwise */
-  public boolean isSetGrantorPrincipal() {
-    return this.grantorPrincipal != null;
-  }
-
-  public void setGrantorPrincipalIsSet(boolean value) {
-    if (!value) {
-      this.grantorPrincipal = null;
-    }
-  }
-
   public void setFieldValue(_Fields field, Object value) {
     switch (field) {
     case ROLE_NAME:
@@ -273,14 +237,6 @@ public class TSentryRole implements org.apache.thrift.TBase<TSentryRole, TSentry
       }
       break;
 
-    case GRANTOR_PRINCIPAL:
-      if (value == null) {
-        unsetGrantorPrincipal();
-      } else {
-        setGrantorPrincipal((String)value);
-      }
-      break;
-
     }
   }
 
@@ -292,9 +248,6 @@ public class TSentryRole implements org.apache.thrift.TBase<TSentryRole, TSentry
     case GROUPS:
       return getGroups();
 
-    case GRANTOR_PRINCIPAL:
-      return getGrantorPrincipal();
-
     }
     throw new IllegalStateException();
   }
@@ -310,8 +263,6 @@ public class TSentryRole implements org.apache.thrift.TBase<TSentryRole, TSentry
       return isSetRoleName();
     case GROUPS:
       return isSetGroups();
-    case GRANTOR_PRINCIPAL:
-      return isSetGrantorPrincipal();
     }
     throw new IllegalStateException();
   }
@@ -347,15 +298,6 @@ public class TSentryRole implements org.apache.thrift.TBase<TSentryRole, TSentry
         return false;
     }
 
-    boolean this_present_grantorPrincipal = true && this.isSetGrantorPrincipal();
-    boolean that_present_grantorPrincipal = true && that.isSetGrantorPrincipal();
-    if (this_present_grantorPrincipal || that_present_grantorPrincipal) {
-      if (!(this_present_grantorPrincipal && that_present_grantorPrincipal))
-        return false;
-      if (!this.grantorPrincipal.equals(that.grantorPrincipal))
-        return false;
-    }
-
     return true;
   }
 
@@ -373,11 +315,6 @@ public class TSentryRole implements org.apache.thrift.TBase<TSentryRole, TSentry
     if (present_groups)
       builder.append(groups);
 
-    boolean present_grantorPrincipal = true && (isSetGrantorPrincipal());
-    builder.append(present_grantorPrincipal);
-    if (present_grantorPrincipal)
-      builder.append(grantorPrincipal);
-
     return builder.toHashCode();
   }
 
@@ -409,16 +346,6 @@ public class TSentryRole implements org.apache.thrift.TBase<TSentryRole, TSentry
         return lastComparison;
       }
     }
-    lastComparison = Boolean.valueOf(isSetGrantorPrincipal()).compareTo(typedOther.isSetGrantorPrincipal());
-    if (lastComparison != 0) {
-      return lastComparison;
-    }
-    if (isSetGrantorPrincipal()) {
-      lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.grantorPrincipal, typedOther.grantorPrincipal);
-      if (lastComparison != 0) {
-        return lastComparison;
-      }
-    }
     return 0;
   }
 
@@ -454,14 +381,6 @@ public class TSentryRole implements org.apache.thrift.TBase<TSentryRole, TSentry
       sb.append(this.groups);
     }
     first = false;
-    if (!first) sb.append(", ");
-    sb.append("grantorPrincipal:");
-    if (this.grantorPrincipal == null) {
-      sb.append("null");
-    } else {
-      sb.append(this.grantorPrincipal);
-    }
-    first = false;
     sb.append(")");
     return sb.toString();
   }
@@ -476,10 +395,6 @@ public class TSentryRole implements org.apache.thrift.TBase<TSentryRole, TSentry
       throw new org.apache.thrift.protocol.TProtocolException("Required field 'groups' is unset! Struct:" + toString());
     }
 
-    if (!isSetGrantorPrincipal()) {
-      throw new org.apache.thrift.protocol.TProtocolException("Required field 'grantorPrincipal' is unset! Struct:" + toString());
-    }
-
     // check for sub-struct validity
   }
 
@@ -544,14 +459,6 @@ public class TSentryRole implements org.apache.thrift.TBase<TSentryRole, TSentry
               org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
             }
             break;
-          case 3: // GRANTOR_PRINCIPAL
-            if (schemeField.type == org.apache.thrift.protocol.TType.STRING) {
-              struct.grantorPrincipal = iprot.readString();
-              struct.setGrantorPrincipalIsSet(true);
-            } else { 
-              org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
-            }
-            break;
           default:
             org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
         }
@@ -582,11 +489,6 @@ public class TSentryRole implements org.apache.thrift.TBase<TSentryRole, TSentry
         }
         oprot.writeFieldEnd();
       }
-      if (struct.grantorPrincipal != null) {
-        oprot.writeFieldBegin(GRANTOR_PRINCIPAL_FIELD_DESC);
-        oprot.writeString(struct.grantorPrincipal);
-        oprot.writeFieldEnd();
-      }
       oprot.writeFieldStop();
       oprot.writeStructEnd();
     }
@@ -612,7 +514,6 @@ public class TSentryRole implements org.apache.thrift.TBase<TSentryRole, TSentry
           _iter20.write(oprot);
         }
       }
-      oprot.writeString(struct.grantorPrincipal);
     }
 
     @Override
@@ -632,8 +533,6 @@ public class TSentryRole implements org.apache.thrift.TBase<TSentryRole, TSentry
         }
       }
       struct.setGroupsIsSet(true);
-      struct.grantorPrincipal = iprot.readString();
-      struct.setGrantorPrincipalIsSet(true);
     }
   }
 

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/dbcdb6d6/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryGroup.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryGroup.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryGroup.java
index 3f68f0d..32dbafc 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryGroup.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryGroup.java
@@ -36,13 +36,10 @@ public class MSentryGroup {
   // set of roles granted to this group
   private Set<MSentryRole> roles;
   private long createTime;
-  private String grantorPrincipal;
 
-  public MSentryGroup(String groupName, long createTime, String grantorPrincipal,
-      Set<MSentryRole> roles) {
+  public MSentryGroup(String groupName, long createTime, Set<MSentryRole> roles) {
     this.setGroupName(groupName);
     this.createTime = createTime;
-    this.grantorPrincipal = grantorPrincipal;
     this.roles = roles;
   }
 
@@ -54,14 +51,6 @@ public class MSentryGroup {
     this.createTime = createTime;
   }
 
-  public String getGrantorPrincipal() {
-    return grantorPrincipal;
-  }
-
-  public void setGrantorPrincipal(String grantorPrincipal) {
-    this.grantorPrincipal = grantorPrincipal;
-  }
-
   public Set<MSentryRole> getRoles() {
     return roles;
   }
@@ -89,8 +78,7 @@ public class MSentryGroup {
   @Override
   public String toString() {
     return "MSentryGroup [groupName=" + groupName + ", roles=[...]"
-        + ", createTime=" + createTime + ", grantorPrincipal="
-        + grantorPrincipal + "]";
+        + ", createTime=" + createTime +  "]";
   }
 
   @Override

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/dbcdb6d6/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java
index 5328fff..0667cb5 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java
@@ -46,7 +46,6 @@ public class MSentryPrivilege {
   // roles this privilege is a part of
   private Set<MSentryRole> roles;
   private long createTime;
-  private String grantorPrincipal;
 
   public MSentryPrivilege() {
     this.roles = new HashSet<MSentryRole>();
@@ -134,14 +133,6 @@ public class MSentryPrivilege {
     this.createTime = createTime;
   }
 
-  public String getGrantorPrincipal() {
-    return grantorPrincipal;
-  }
-
-  public void setGrantorPrincipal(String grantorPrincipal) {
-    this.grantorPrincipal = grantorPrincipal;
-  }
-
   public String getPrivilegeScope() {
     return privilegeScope;
   }
@@ -177,7 +168,7 @@ public class MSentryPrivilege {
         + ", serverName=" + serverName + ", dbName=" + dbName
         + ", tableName=" + tableName + ", URI=" + URI
         + ", action=" + action + ", roles=[...]" + ", createTime="
-        + createTime + ", grantorPrincipal=" + grantorPrincipal
+        + createTime
         + ", grantOption=" + grantOption +"]";
   }
 

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/dbcdb6d6/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryRole.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryRole.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryRole.java
index 912ed95..bca9fb9 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryRole.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryRole.java
@@ -39,12 +39,10 @@ public class MSentryRole {
   // set of groups this role belongs to
   private Set<MSentryGroup> groups;
   private long createTime;
-  private String grantorPrincipal;
 
-  public MSentryRole(String roleName, long createTime, String grantorPrincipal) {
+  public MSentryRole(String roleName, long createTime) {
     this.roleName = roleName;
     this.createTime = createTime;
-    this.grantorPrincipal = grantorPrincipal;
     privileges = new HashSet<MSentryPrivilege>();
     groups = new HashSet<MSentryGroup>();
   }
@@ -57,14 +55,6 @@ public class MSentryRole {
     this.createTime = createTime;
   }
 
-  public String getGrantorPrincipal() {
-    return grantorPrincipal;
-  }
-
-  public void setGrantorPrincipal(String grantorPrincipal) {
-    this.grantorPrincipal = grantorPrincipal;
-  }
-
   public String getRoleName() {
     return roleName;
   }
@@ -132,8 +122,7 @@ public class MSentryRole {
   @Override
   public String toString() {
     return "MSentryRole [roleName=" + roleName + ", privileges=[..]"
-        + ", groups=[...]" + ", createTime=" + createTime
-        + ", grantorPrincipal=" + grantorPrincipal + "]";
+        + ", groups=[...]" + ", createTime=" + createTime + "]";
   }
 
   @Override

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/dbcdb6d6/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/package.jdo
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/package.jdo b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/package.jdo
index b39cb18..9abaab8 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/package.jdo
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/package.jdo
@@ -38,10 +38,7 @@
       <field name = "createTime">
       	<column name = "CREATE_TIME" jdbc-type="BIGINT"/>
       </field>
-      <field name="grantorPrincipal">  
-        <column name="GRANTOR_PRINCIPAL" length="4000" jdbc-type="VARCHAR"/>
-      </field>
-      
+
       <field name="roles" mapped-by="groups">
          <collection element-type="org.apache.sentry.provider.db.service.model.MSentryRole"/>
       </field>
@@ -59,9 +56,6 @@
       <field name = "createTime">
       	<column name = "CREATE_TIME" jdbc-type="BIGINT"/>
       </field>
-      <field name="grantorPrincipal">  
-        <column name="GRANTOR_PRINCIPAL" length="4000" jdbc-type="VARCHAR"/>
-      </field>
       <field name = "privileges" table="SENTRY_ROLE_DB_PRIVILEGE_MAP" default-fetch-group="true">
         <collection element-type="org.apache.sentry.provider.db.service.model.MSentryPrivilege"/>
             <join>
@@ -116,9 +110,6 @@
       <field name = "createTime">
       	<column name = "CREATE_TIME" jdbc-type="BIGINT"/>
       </field>
-      <field name="grantorPrincipal">  
-        <column name="GRANTOR_PRINCIPAL" length="4000" jdbc-type="VARCHAR"/>
-      </field>
       <field name="grantOption">
         <column name="WITH_GRANT_OPTION" length="1" jdbc-type="CHAR"/>
       </field>

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/dbcdb6d6/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
index 718306d..869b8e3 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
@@ -243,11 +243,10 @@ public class SentryStore {
   /**
    * Create a sentry role and persist it.
    * @param roleName: Name of the role being persisted
-   * @param grantorPrincipal: TODO: Currently not used
    * @returns commit context used for notification handlers
    * @throws SentryAlreadyExistsException
    */
-  public CommitContext createSentryRole(String roleName, String grantorPrincipal)
+  public CommitContext createSentryRole(String roleName)
       throws SentryAlreadyExistsException {
     roleName = trimAndLower(roleName);
     boolean rollbackTransaction = true;
@@ -256,7 +255,7 @@ public class SentryStore {
       pm = openTransaction();
       MSentryRole mSentryRole = getMSentryRole(pm, roleName);
       if (mSentryRole == null) {
-        MSentryRole mRole = new MSentryRole(roleName, System.currentTimeMillis(), grantorPrincipal);
+        MSentryRole mRole = new MSentryRole(roleName, System.currentTimeMillis());
         pm.makePersistent(mRole);
         CommitContext commit = commitUpdateTransaction(pm);
         rollbackTransaction = false;
@@ -271,7 +270,8 @@ public class SentryStore {
     }
   }
 
-  public CommitContext alterSentryRoleGrantPrivilege(String roleName, TSentryPrivilege privilege)
+  public CommitContext alterSentryRoleGrantPrivilege(String grantorPrincipal,
+      String roleName, TSentryPrivilege privilege)
       throws SentryUserException {
     boolean rollbackTransaction = true;
     PersistenceManager pm = null;
@@ -279,7 +279,7 @@ public class SentryStore {
     try {
       pm = openTransaction();
       // first do grant check
-      grantOptionCheck(pm, privilege);
+      grantOptionCheck(pm, grantorPrincipal, privilege);
 
       alterSentryRoleGrantPrivilegeCore(pm, roleName, privilege);
       CommitContext commit = commitUpdateTransaction(pm);
@@ -340,7 +340,7 @@ public class SentryStore {
     return;
   }
 
-  public CommitContext alterSentryRoleRevokePrivilege(String roleName,
+  public CommitContext alterSentryRoleRevokePrivilege(String grantorPrincipal, String roleName,
       TSentryPrivilege tPrivilege) throws SentryUserException {
     boolean rollbackTransaction = true;
     PersistenceManager pm = null;
@@ -348,7 +348,7 @@ public class SentryStore {
     try {
       pm = openTransaction();
       // first do revoke check
-      grantOptionCheck(pm, tPrivilege);
+      grantOptionCheck(pm, grantorPrincipal, tPrivilege);
 
       alterSentryRoleRevokePrivilegeCore(pm, roleName, tPrivilege);
 
@@ -497,7 +497,7 @@ public class SentryStore {
 
       query.setFilter(filters.toString());
       query
-          .setResult("privilegeScope, serverName, dbName, tableName, URI, action, grantorPrincipal, grantOption");
+          .setResult("privilegeScope, serverName, dbName, tableName, URI, action, grantOption");
       Set<MSentryPrivilege> privileges = new HashSet<MSentryPrivilege>();
       for (Object[] privObj : (List<Object[]>) query.execute()) {
         MSentryPrivilege priv = new MSentryPrivilege();
@@ -507,8 +507,7 @@ public class SentryStore {
         priv.setTableName((String) privObj[3]);
         priv.setURI((String) privObj[4]);
         priv.setAction((String) privObj[5]);
-        priv.setGrantorPrincipal((String) privObj[6]);
-        priv.setGrantOption((Boolean) privObj[7]);
+        priv.setGrantOption((Boolean) privObj[6]);
         privileges.add(priv);
       }
       rollbackTransaction = false;
@@ -573,8 +572,8 @@ public class SentryStore {
     }
   }
 
-  public CommitContext alterSentryRoleAddGroups(String grantorPrincipal,
-      String roleName, Set<TSentryGroup> groupNames)
+  public CommitContext alterSentryRoleAddGroups( String grantorPrincipal, String roleName,
+      Set<TSentryGroup> groupNames)
           throws SentryNoSuchObjectException {
     boolean rollbackTransaction = true;
     PersistenceManager pm = null;
@@ -599,7 +598,7 @@ public class SentryStore {
           MSentryGroup group = (MSentryGroup) query.execute(groupName);
           if (group == null) {
             group = new MSentryGroup(groupName, System.currentTimeMillis(),
-                grantorPrincipal, Sets.newHashSet(role));
+                 Sets.newHashSet(role));
           }
           group.appendRole(role);
           groups.add(group);
@@ -1000,7 +999,6 @@ public class SentryStore {
   private TSentryRole convertToTSentryRole(MSentryRole mSentryRole) {
     TSentryRole role = new TSentryRole();
     role.setRoleName(mSentryRole.getRoleName());
-    role.setGrantorPrincipal(mSentryRole.getGrantorPrincipal());
     Set<TSentryGroup> sentryGroups = new HashSet<TSentryGroup>();
     for(MSentryGroup mSentryGroup:mSentryRole.getGroups()) {
       TSentryGroup group = convertToTSentryGroup(mSentryGroup);
@@ -1026,7 +1024,6 @@ public class SentryStore {
     privilege.setDbName(fromNULLCol(mSentryPrivilege.getDbName()));
     privilege.setTableName(fromNULLCol(mSentryPrivilege.getTableName()));
     privilege.setURI(fromNULLCol(mSentryPrivilege.getURI()));
-    privilege.setGrantorPrincipal(mSentryPrivilege.getGrantorPrincipal());
     if (mSentryPrivilege.getGrantOption() != null) {
       privilege.setGrantOption(TSentryGrantOption.valueOf(mSentryPrivilege.getGrantOption().toString().toUpperCase()));
     } else {
@@ -1049,7 +1046,6 @@ public class SentryStore {
     mSentryPrivilege.setPrivilegeScope(safeTrim(privilege.getPrivilegeScope()));
     mSentryPrivilege.setAction(toNULLCol(safeTrimLower(privilege.getAction())));
     mSentryPrivilege.setCreateTime(System.currentTimeMillis());
-    mSentryPrivilege.setGrantorPrincipal(safeTrim(privilege.getGrantorPrincipal()));
     mSentryPrivilege.setURI(toNULLCol(safeTrim(privilege.getURI())));
     if ( !privilege.getGrantOption().equals(TSentryGrantOption.UNSET) ) {
       mSentryPrivilege.setGrantOption(Boolean.valueOf(privilege.getGrantOption().toString()));
@@ -1183,14 +1179,14 @@ public class SentryStore {
    * @throws SentryInvalidInputException
    */
   public void renamePrivilege(TSentryAuthorizable tAuthorizable,
-      TSentryAuthorizable newTAuthorizable, String grantorPrincipal)
+      TSentryAuthorizable newTAuthorizable)
       throws SentryNoSuchObjectException, SentryInvalidInputException {
     PersistenceManager pm = null;
     boolean rollbackTransaction = true;
 
     TSentryPrivilege tPrivilege = toSentryPrivilege(tAuthorizable);
-    TSentryPrivilege newPrivilege = toSentryPrivilege(newTAuthorizable,
-        grantorPrincipal);
+    TSentryPrivilege newPrivilege = toSentryPrivilege(newTAuthorizable);
+
     try {
       pm = openTransaction();
       // In case of tables or DBs, check all actions
@@ -1266,20 +1262,13 @@ public class SentryStore {
     }
   }
 
-  // convert TSentryAuthorizable to TSentryPrivilege
   private TSentryPrivilege toSentryPrivilege(TSentryAuthorizable tAuthorizable)
       throws SentryInvalidInputException {
-    return toSentryPrivilege(tAuthorizable, null);
-  }
-
-  private TSentryPrivilege toSentryPrivilege(TSentryAuthorizable tAuthorizable,
-      String grantorPrincipal) throws SentryInvalidInputException {
     TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
     tSentryPrivilege.setDbName(fromNULLCol(tAuthorizable.getDb()));
     tSentryPrivilege.setServerName(fromNULLCol(tAuthorizable.getServer()));
     tSentryPrivilege.setTableName(fromNULLCol(tAuthorizable.getTable()));
     tSentryPrivilege.setURI(fromNULLCol(tAuthorizable.getUri()));
-    tSentryPrivilege.setGrantorPrincipal(grantorPrincipal);
     PrivilegeScope scope;
     if (!isNULL(tSentryPrivilege.getTableName())) {
       scope = PrivilegeScope.TABLE;
@@ -1313,10 +1302,9 @@ public class SentryStore {
    * @param privilege
    * @throws SentryUserException
    */
-  private void grantOptionCheck(PersistenceManager pm, TSentryPrivilege privilege)
+  private void grantOptionCheck(PersistenceManager pm, String grantorPrincipal, TSentryPrivilege privilege)
       throws SentryUserException {
     MSentryPrivilege mPrivilege = convertToMSentryPrivilege(privilege);
-    String grantorPrincipal = mPrivilege.getGrantorPrincipal();
     if (grantorPrincipal == null) {
       throw new SentryInvalidInputException("grantorPrincipal should not be null");
     }

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/dbcdb6d6/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
index 6358289..5d97dc1 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
@@ -376,7 +376,6 @@ public class SentryPolicyServiceClient {
     privilege.setDbName(db);
     privilege.setTableName(table);
     privilege.setAction(action);
-    privilege.setGrantorPrincipal(requestorUserName);
     privilege.setCreateTime(System.currentTimeMillis());
     privilege.setGrantOption(convertTSentryGrantOption(grantOption));
     request.setPrivilege(privilege);
@@ -466,7 +465,6 @@ public class SentryPolicyServiceClient {
     privilege.setDbName(db);
     privilege.setTableName(table);
     privilege.setAction(action);
-    privilege.setGrantorPrincipal(requestorUserName);
     privilege.setCreateTime(System.currentTimeMillis());
     privilege.setGrantOption(convertTSentryGrantOption(grantOption));
     request.setPrivilege(privilege);

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/dbcdb6d6/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
index ad66838..5b829a8 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
@@ -149,8 +149,7 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface {
     try {
       authorize(request.getRequestorUserName(),
           getRequestorGroups(request.getRequestorUserName()));
-      CommitContext commitContext = sentryStore.createSentryRole(request.getRoleName(),
-          request.getRequestorUserName());
+      CommitContext commitContext = sentryStore.createSentryRole(request.getRoleName());
       response.setStatus(Status.OK());
       notificationHandlerInvoker.create_sentry_role(commitContext,
           request, response);
@@ -178,8 +177,8 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface {
 
     TAlterSentryRoleGrantPrivilegeResponse response = new TAlterSentryRoleGrantPrivilegeResponse();
     try {
-      CommitContext commitContext = sentryStore.alterSentryRoleGrantPrivilege(request.getRoleName(),
-                                    request.getPrivilege());
+      CommitContext commitContext = sentryStore.alterSentryRoleGrantPrivilege(request.getRequestorUserName(),
+          request.getRoleName(), request.getPrivilege());
       response.setStatus(Status.OK());
       notificationHandlerInvoker.alter_sentry_role_grant_privilege(commitContext,
           request, response);
@@ -210,8 +209,8 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface {
   (TAlterSentryRoleRevokePrivilegeRequest request) throws TException {
     TAlterSentryRoleRevokePrivilegeResponse response = new TAlterSentryRoleRevokePrivilegeResponse();
     try {
-      CommitContext commitContext = sentryStore.alterSentryRoleRevokePrivilege(request.getRoleName(),
-                                    request.getPrivilege());
+      CommitContext commitContext = sentryStore.alterSentryRoleRevokePrivilege(request.getRequestorUserName(),
+          request.getRoleName(), request.getPrivilege());
       response.setStatus(Status.OK());
       notificationHandlerInvoker.alter_sentry_role_revoke_privilege(commitContext,
           request, response);
@@ -513,7 +512,7 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface {
     try {
       authorize(request.getRequestorUserName(), adminGroups);
       sentryStore.renamePrivilege(request.getOldAuthorizable(),
-          request.getNewAuthorizable(), request.getRequestorUserName());
+          request.getNewAuthorizable());
       response.setStatus(Status.OK());
     } catch (SentryAccessDeniedException e) {
       LOGGER.error(e.getMessage(), e);

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/dbcdb6d6/sentry-provider/sentry-provider-db/src/main/resources/sentry-db2-1.5.0.sql
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/sentry-db2-1.5.0.sql b/sentry-provider/sentry-provider-db/src/main/resources/sentry-db2-1.5.0.sql
index 785c885..4c5ae39 100644
--- a/sentry-provider/sentry-provider-db/src/main/resources/sentry-db2-1.5.0.sql
+++ b/sentry-provider/sentry-provider-db/src/main/resources/sentry-db2-1.5.0.sql
@@ -21,7 +21,6 @@ CREATE TABLE SENTRY_DB_PRIVILEGE
     "ACTION" VARCHAR(40),
     CREATE_TIME BIGINT NOT NULL,
     DB_NAME VARCHAR(4000),
-    GRANTOR_PRINCIPAL VARCHAR(4000),
     PRIVILEGE_SCOPE VARCHAR(40),
     "SERVER_NAME" VARCHAR(4000),
     "TABLE_NAME" VARCHAR(4000),
@@ -35,7 +34,6 @@ CREATE TABLE SENTRY_ROLE
 (
     ROLE_ID BIGINT NOT NULL generated always as identity (start with 1),
     CREATE_TIME BIGINT NOT NULL,
-    GRANTOR_PRINCIPAL VARCHAR(4000),
     ROLE_NAME VARCHAR(128)
 );
 
@@ -46,7 +44,6 @@ CREATE TABLE SENTRY_GROUP
 (
     GROUP_ID BIGINT NOT NULL generated always as identity (start with 1),
     CREATE_TIME BIGINT NOT NULL,
-    GRANTOR_PRINCIPAL VARCHAR(4000),
     GROUP_NAME VARCHAR(128)
 );
 
@@ -56,7 +53,8 @@ ALTER TABLE SENTRY_GROUP ADD CONSTRAINT SENTRY_GROUP_PK PRIMARY KEY (GROUP_ID);
 CREATE TABLE SENTRY_ROLE_GROUP_MAP
 (
     GROUP_ID BIGINT NOT NULL,
-    ROLE_ID BIGINT NOT NULL
+    ROLE_ID BIGINT NOT NULL,
+    GRANTOR_PRINCIPAL VARCHAR(128)
 );
 
 ALTER TABLE SENTRY_ROLE_GROUP_MAP ADD CONSTRAINT SENTRY_ROLE_GROUP_MAP_PK PRIMARY KEY (GROUP_ID,ROLE_ID);
@@ -65,7 +63,8 @@ ALTER TABLE SENTRY_ROLE_GROUP_MAP ADD CONSTRAINT SENTRY_ROLE_GROUP_MAP_PK PRIMAR
 CREATE TABLE SENTRY_ROLE_DB_PRIVILEGE_MAP
 (
     ROLE_ID BIGINT NOT NULL,
-    DB_PRIVILEGE_ID BIGINT NOT NULL
+    DB_PRIVILEGE_ID BIGINT NOT NULL,
+    GRANTOR_PRINCIPAL VARCHAR(128)
 );
 
 ALTER TABLE SENTRY_ROLE_DB_PRIVILEGE_MAP ADD CONSTRAINT SENTRY_ROLE_DB_PRIVILEGE_MAP_PK PRIMARY KEY (ROLE_ID,DB_PRIVILEGE_ID);

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/dbcdb6d6/sentry-provider/sentry-provider-db/src/main/resources/sentry-derby-1.5.0.sql
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/sentry-derby-1.5.0.sql b/sentry-provider/sentry-provider-db/src/main/resources/sentry-derby-1.5.0.sql
index 785c885..4c5ae39 100644
--- a/sentry-provider/sentry-provider-db/src/main/resources/sentry-derby-1.5.0.sql
+++ b/sentry-provider/sentry-provider-db/src/main/resources/sentry-derby-1.5.0.sql
@@ -21,7 +21,6 @@ CREATE TABLE SENTRY_DB_PRIVILEGE
     "ACTION" VARCHAR(40),
     CREATE_TIME BIGINT NOT NULL,
     DB_NAME VARCHAR(4000),
-    GRANTOR_PRINCIPAL VARCHAR(4000),
     PRIVILEGE_SCOPE VARCHAR(40),
     "SERVER_NAME" VARCHAR(4000),
     "TABLE_NAME" VARCHAR(4000),
@@ -35,7 +34,6 @@ CREATE TABLE SENTRY_ROLE
 (
     ROLE_ID BIGINT NOT NULL generated always as identity (start with 1),
     CREATE_TIME BIGINT NOT NULL,
-    GRANTOR_PRINCIPAL VARCHAR(4000),
     ROLE_NAME VARCHAR(128)
 );
 
@@ -46,7 +44,6 @@ CREATE TABLE SENTRY_GROUP
 (
     GROUP_ID BIGINT NOT NULL generated always as identity (start with 1),
     CREATE_TIME BIGINT NOT NULL,
-    GRANTOR_PRINCIPAL VARCHAR(4000),
     GROUP_NAME VARCHAR(128)
 );
 
@@ -56,7 +53,8 @@ ALTER TABLE SENTRY_GROUP ADD CONSTRAINT SENTRY_GROUP_PK PRIMARY KEY (GROUP_ID);
 CREATE TABLE SENTRY_ROLE_GROUP_MAP
 (
     GROUP_ID BIGINT NOT NULL,
-    ROLE_ID BIGINT NOT NULL
+    ROLE_ID BIGINT NOT NULL,
+    GRANTOR_PRINCIPAL VARCHAR(128)
 );
 
 ALTER TABLE SENTRY_ROLE_GROUP_MAP ADD CONSTRAINT SENTRY_ROLE_GROUP_MAP_PK PRIMARY KEY (GROUP_ID,ROLE_ID);
@@ -65,7 +63,8 @@ ALTER TABLE SENTRY_ROLE_GROUP_MAP ADD CONSTRAINT SENTRY_ROLE_GROUP_MAP_PK PRIMAR
 CREATE TABLE SENTRY_ROLE_DB_PRIVILEGE_MAP
 (
     ROLE_ID BIGINT NOT NULL,
-    DB_PRIVILEGE_ID BIGINT NOT NULL
+    DB_PRIVILEGE_ID BIGINT NOT NULL,
+    GRANTOR_PRINCIPAL VARCHAR(128)
 );
 
 ALTER TABLE SENTRY_ROLE_DB_PRIVILEGE_MAP ADD CONSTRAINT SENTRY_ROLE_DB_PRIVILEGE_MAP_PK PRIMARY KEY (ROLE_ID,DB_PRIVILEGE_ID);

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/dbcdb6d6/sentry-provider/sentry-provider-db/src/main/resources/sentry-mysql-1.5.0.sql
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/sentry-mysql-1.5.0.sql b/sentry-provider/sentry-provider-db/src/main/resources/sentry-mysql-1.5.0.sql
index f94f6bd..803b6a8 100644
--- a/sentry-provider/sentry-provider-db/src/main/resources/sentry-mysql-1.5.0.sql
+++ b/sentry-provider/sentry-provider-db/src/main/resources/sentry-mysql-1.5.0.sql
@@ -33,33 +33,32 @@ CREATE TABLE `SENTRY_DB_PRIVILEGE` (
   `TABLE_NAME` VARCHAR(128) CHARACTER SET utf8 COLLATE utf8_bin DEFAULT NULL,
   `URI` VARCHAR(4000) CHARACTER SET utf8 COLLATE utf8_bin DEFAULT NULL,
   `ACTION` VARCHAR(128) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL,
-  `CREATE_TIME` BIGINT NOT NULL,
-  `GRANTOR_PRINCIPAL` VARCHAR(128) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL,
+  `CREATE_TIME` BIGINT NOT NULL
   `WITH_GRANT_OPTION` CHAR(1) NOT NULL
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 
 CREATE TABLE `SENTRY_ROLE` (
   `ROLE_ID` BIGINT  NOT NULL,
   `ROLE_NAME` VARCHAR(128) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL,
-  `CREATE_TIME` BIGINT NOT NULL,
-  `GRANTOR_PRINCIPAL` VARCHAR(128) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL
+  `CREATE_TIME` BIGINT NOT NULL
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 
 CREATE TABLE `SENTRY_GROUP` (
   `GROUP_ID` BIGINT  NOT NULL,
   `GROUP_NAME` VARCHAR(128) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL,
-  `CREATE_TIME` BIGINT NOT NULL,
-  `GRANTOR_PRINCIPAL` VARCHAR(128) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL
+  `CREATE_TIME` BIGINT NOT NULL
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 
 CREATE TABLE `SENTRY_ROLE_DB_PRIVILEGE_MAP` (
   `ROLE_ID` BIGINT NOT NULL,
-  `DB_PRIVILEGE_ID` BIGINT NOT NULL
+  `DB_PRIVILEGE_ID` BIGINT NOT NULL,
+  `GRANTOR_PRINCIPAL` VARCHAR(128) CHARACTER SET utf8 COLLATE utf8_bin
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 
 CREATE TABLE `SENTRY_ROLE_GROUP_MAP` (
   `ROLE_ID` BIGINT NOT NULL,
-  `GROUP_ID` BIGINT NOT NULL
+  `GROUP_ID` BIGINT NOT NULL,
+  `GRANTOR_PRINCIPAL` VARCHAR(128) CHARACTER SET utf8 COLLATE utf8_bin
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 
 CREATE TABLE IF NOT EXISTS `SENTRY_VERSION` (

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/dbcdb6d6/sentry-provider/sentry-provider-db/src/main/resources/sentry-oracle-1.5.0.sql
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/sentry-oracle-1.5.0.sql b/sentry-provider/sentry-provider-db/src/main/resources/sentry-oracle-1.5.0.sql
index 35dbc5b..5d8336c 100644
--- a/sentry-provider/sentry-provider-db/src/main/resources/sentry-oracle-1.5.0.sql
+++ b/sentry-provider/sentry-provider-db/src/main/resources/sentry-oracle-1.5.0.sql
@@ -22,32 +22,31 @@ CREATE TABLE "SENTRY_DB_PRIVILEGE" (
   "URI" VARCHAR2(4000) NULL,
   "ACTION" VARCHAR2(128) NOT NULL,
   "CREATE_TIME" NUMBER NOT NULL,
-  "GRANTOR_PRINCIPAL" VARCHAR(128) NOT NULL,
   "WITH_GRANT_OPTION" CHAR(1) NOT NULL
 );
 
 CREATE TABLE "SENTRY_ROLE" (
   "ROLE_ID" NUMBER  NOT NULL,
   "ROLE_NAME" VARCHAR2(128) NOT NULL,
-  "CREATE_TIME" NUMBER NOT NULL,
-  "GRANTOR_PRINCIPAL" VARCHAR2(128) NOT NULL
+  "CREATE_TIME" NUMBER NOT NULL
 );
 
 CREATE TABLE "SENTRY_GROUP" (
   "GROUP_ID" NUMBER  NOT NULL,
   "GROUP_NAME" VARCHAR2(128) NOT NULL,
-  "CREATE_TIME" NUMBER NOT NULL,
-  "GRANTOR_PRINCIPAL" VARCHAR2(128) NOT NULL
+  "CREATE_TIME" NUMBER NOT NULL
 );
 
 CREATE TABLE "SENTRY_ROLE_DB_PRIVILEGE_MAP" (
   "ROLE_ID" NUMBER NOT NULL,
-  "DB_PRIVILEGE_ID" NUMBER NOT NULL
+  "DB_PRIVILEGE_ID" NUMBER NOT NULL,
+  "GRANTOR_PRINCIPAL" VARCHAR2(128)
 );
 
 CREATE TABLE "SENTRY_ROLE_GROUP_MAP" (
   "ROLE_ID" NUMBER NOT NULL,
-  "GROUP_ID" NUMBER NOT NULL
+  "GROUP_ID" NUMBER NOT NULL,
+  "GRANTOR_PRINCIPAL" VARCHAR2(128)
 );
 
 CREATE TABLE "SENTRY_VERSION" (

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/dbcdb6d6/sentry-provider/sentry-provider-db/src/main/resources/sentry-postgres-1.5.0.sql
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/sentry-postgres-1.5.0.sql b/sentry-provider/sentry-provider-db/src/main/resources/sentry-postgres-1.5.0.sql
index 1d6036f..24cac98 100644
--- a/sentry-provider/sentry-provider-db/src/main/resources/sentry-postgres-1.5.0.sql
+++ b/sentry-provider/sentry-provider-db/src/main/resources/sentry-postgres-1.5.0.sql
@@ -34,32 +34,31 @@ CREATE TABLE "SENTRY_DB_PRIVILEGE" (
   "URI" character varying(4000) DEFAULT NULL::character varying,
   "ACTION" character varying(128) NOT NULL,
   "CREATE_TIME" BIGINT NOT NULL,
-  "GRANTOR_PRINCIPAL" VARCHAR(128) NOT NULL,
   "WITH_GRANT_OPTION" CHAR(1) NOT NULL
 );
 
 CREATE TABLE "SENTRY_ROLE" (
   "ROLE_ID" BIGINT  NOT NULL,
   "ROLE_NAME" character varying(128) NOT NULL,
-  "CREATE_TIME" BIGINT NOT NULL,
-  "GRANTOR_PRINCIPAL" character varying(128) NOT NULL
+  "CREATE_TIME" BIGINT NOT NULL
 );
 
 CREATE TABLE "SENTRY_GROUP" (
   "GROUP_ID" BIGINT  NOT NULL,
   "GROUP_NAME" character varying(128) NOT NULL,
-  "CREATE_TIME" BIGINT NOT NULL,
-  "GRANTOR_PRINCIPAL" character varying(128) NOT NULL
+  "CREATE_TIME" BIGINT NOT NULL
 );
 
 CREATE TABLE "SENTRY_ROLE_DB_PRIVILEGE_MAP" (
   "ROLE_ID" BIGINT NOT NULL,
-  "DB_PRIVILEGE_ID" BIGINT NOT NULL
+  "DB_PRIVILEGE_ID" BIGINT NOT NULL,
+  "GRANTOR_PRINCIPAL" character varying(128)
 );
 
 CREATE TABLE "SENTRY_ROLE_GROUP_MAP" (
   "ROLE_ID" BIGINT NOT NULL,
-  "GROUP_ID" BIGINT NOT NULL
+  "GROUP_ID" BIGINT NOT NULL,
+  "GRANTOR_PRINCIPAL" character varying(128)
 );
 
 CREATE TABLE "SENTRY_VERSION" (

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/dbcdb6d6/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift b/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift
index b14616b..d215ffe 100644
--- a/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift
+++ b/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift
@@ -48,8 +48,7 @@ struct TSentryPrivilege {
 6: optional string URI = "",
 7: required string action = "",
 8: optional i64 createTime, # Set on server side
-9: optional string grantorPrincipal, # Set on server side
-10: optional TSentryGrantOption grantOption = TSentryGrantOption.FALSE
+9: optional TSentryGrantOption grantOption = TSentryGrantOption.FALSE
 }
 
 # TODO can this be deleted? it's not adding value to TAlterSentryRoleAddGroupsRequest
@@ -132,7 +131,7 @@ struct TListSentryRolesRequest {
 struct TSentryRole {
 1: required string roleName,
 2: required set<TSentryGroup> groups,
-3: required string grantorPrincipal
+3: required string grantorPrincipal #Deprecated
 }
 struct TListSentryRolesResponse {
 1: required sentry_common_service.TSentryResponseStatus status

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/dbcdb6d6/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
index 985a73d..befecf4 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
@@ -105,25 +105,23 @@ public class TestSentryStore {
     privilege.setDbName("default");
     privilege.setTableName("table1");
     privilege.setAction(AccessConstants.ALL);
-    privilege.setGrantorPrincipal(grantor);
     privilege.setCreateTime(System.currentTimeMillis());
 
-    long seqId = sentryStore.createSentryRole(roleName, grantor).getSequenceId();
+    long seqId = sentryStore.createSentryRole(roleName).getSequenceId();
     assertEquals(seqId + 1, sentryStore.alterSentryRoleAddGroups(grantor, roleName, groups).getSequenceId());
     assertEquals(seqId + 2, sentryStore.alterSentryRoleDeleteGroups(roleName, groups).getSequenceId());
-    assertEquals(seqId + 3, sentryStore.alterSentryRoleGrantPrivilege(roleName, privilege).getSequenceId());
-    assertEquals(seqId + 4, sentryStore.alterSentryRoleRevokePrivilege(roleName, privilege).getSequenceId());
+    assertEquals(seqId + 3, sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege).getSequenceId());
+    assertEquals(seqId + 4, sentryStore.alterSentryRoleRevokePrivilege(grantor, roleName, privilege).getSequenceId());
   }
   @Test
   public void testURI() throws Exception {
     String roleName = "test-dup-role";
     String grantor = "g1";
     String uri = "file:///var/folders/dt/9zm44z9s6bjfxbrm4v36lzdc0000gp/T/1401860678102-0/data/kv1.dat";
-    sentryStore.createSentryRole(roleName, grantor);
+    sentryStore.createSentryRole(roleName);
     TSentryPrivilege tSentryPrivilege = new TSentryPrivilege("URI", "server1", "ALL");
     tSentryPrivilege.setURI(uri);
-    tSentryPrivilege.setGrantorPrincipal(grantor);
-    sentryStore.alterSentryRoleGrantPrivilege(roleName, tSentryPrivilege);
+    sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, tSentryPrivilege);
 
     TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable();
     tSentryAuthorizable.setUri(uri);
@@ -151,9 +149,9 @@ public class TestSentryStore {
   public void testCreateDuplicateRole() throws Exception {
     String roleName = "test-dup-role";
     String grantor = "g1";
-    sentryStore.createSentryRole(roleName, grantor);
+    sentryStore.createSentryRole(roleName);
     try {
-      sentryStore.createSentryRole(roleName, grantor);
+      sentryStore.createSentryRole(roleName);
       fail("Expected SentryAlreadyExistsException");
     } catch(SentryAlreadyExistsException e) {
       // expected
@@ -163,17 +161,16 @@ public class TestSentryStore {
   public void testCaseSensitiveScope() throws Exception {
     String roleName = "role1";
     String grantor = "g1";
-    long seqId = sentryStore.createSentryRole(roleName, grantor).getSequenceId();
+    long seqId = sentryStore.createSentryRole(roleName).getSequenceId();
     TSentryPrivilege sentryPrivilege = new TSentryPrivilege("Database", "server1", "all");
     sentryPrivilege.setDbName("db1");
-    sentryPrivilege.setGrantorPrincipal(grantor);
-    assertEquals(seqId + 1, sentryStore.alterSentryRoleGrantPrivilege(roleName, sentryPrivilege).getSequenceId());
+    assertEquals(seqId + 1, sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, sentryPrivilege).getSequenceId());
   }
   @Test
   public void testCreateDropRole() throws Exception {
     String roleName = "test-drop-role";
     String grantor = "g1";
-    long seqId = sentryStore.createSentryRole(roleName, grantor).getSequenceId();
+    long seqId = sentryStore.createSentryRole(roleName).getSequenceId();
     assertEquals(seqId + 1, sentryStore.dropSentryRole(roleName).getSequenceId());
   }
 
@@ -190,7 +187,7 @@ public class TestSentryStore {
   public void testAddDeleteGroups() throws Exception {
     String roleName = "test-groups";
     String grantor = "g1";
-    long seqId = sentryStore.createSentryRole(roleName, grantor).getSequenceId();
+    long seqId = sentryStore.createSentryRole(roleName).getSequenceId();
     Set<TSentryGroup> groups = Sets.newHashSet();
     TSentryGroup group = new TSentryGroup();
     group.setGroupName("test-groups-g1");
@@ -213,22 +210,21 @@ public class TestSentryStore {
     String server = "server1";
     String db = "db1";
     String table = "tbl1";
-    long seqId = sentryStore.createSentryRole(roleName, grantor).getSequenceId();
+    long seqId = sentryStore.createSentryRole(roleName).getSequenceId();
     TSentryPrivilege privilege = new TSentryPrivilege();
     privilege.setPrivilegeScope("TABLE");
     privilege.setServerName(server);
     privilege.setDbName(db);
     privilege.setTableName(table);
     privilege.setAction(AccessConstants.ALL);
-    privilege.setGrantorPrincipal(grantor);
     privilege.setCreateTime(System.currentTimeMillis());
-    assertEquals(seqId + 1, sentryStore.alterSentryRoleGrantPrivilege(roleName, privilege)
+    assertEquals(seqId + 1, sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege)
         .getSequenceId());
     MSentryRole role = sentryStore.getMSentryRoleByName(roleName);
     Set<MSentryPrivilege> privileges = role.getPrivileges();
     assertEquals(privileges.toString(), 1, privileges.size());
     privilege.setAction(AccessConstants.SELECT);
-    assertEquals(seqId + 2, sentryStore.alterSentryRoleRevokePrivilege(roleName, privilege)
+    assertEquals(seqId + 2, sentryStore.alterSentryRoleRevokePrivilege(grantor, roleName, privilege)
         .getSequenceId());
     // after having ALL and revoking SELECT, we should have INSERT
     role = sentryStore.getMSentryRoleByName(roleName);
@@ -250,47 +246,45 @@ public class TestSentryStore {
     String db = "db1";
     String table = "tbl1";
     TSentryGrantOption grantOption = TSentryGrantOption.TRUE;
-    long seqId = sentryStore.createSentryRole(roleName, grantor).getSequenceId();
+    long seqId = sentryStore.createSentryRole(roleName).getSequenceId();
     TSentryPrivilege privilege = new TSentryPrivilege();
     privilege.setPrivilegeScope("TABLE");
     privilege.setServerName(server);
     privilege.setDbName(db);
     privilege.setTableName(table);
     privilege.setAction(AccessConstants.ALL);
-    privilege.setGrantorPrincipal(grantor);
     privilege.setCreateTime(System.currentTimeMillis());
     privilege.setGrantOption(grantOption);
-    assertEquals(seqId + 1, sentryStore.alterSentryRoleGrantPrivilege(roleName, privilege)
+    assertEquals(seqId + 1, sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege)
         .getSequenceId());
     MSentryRole role = sentryStore.getMSentryRoleByName(roleName);
     Set<MSentryPrivilege> privileges = role.getPrivileges();
     assertEquals(privileges.toString(), 1, privileges.size());
     assertEquals(Boolean.valueOf(privilege.getGrantOption().toString()), Iterables.get(privileges, 0).getGrantOption());
-    assertEquals(seqId + 2, sentryStore.alterSentryRoleRevokePrivilege(roleName, privilege)
+    assertEquals(seqId + 2, sentryStore.alterSentryRoleRevokePrivilege(grantor, roleName, privilege)
         .getSequenceId());
     role = sentryStore.getMSentryRoleByName(roleName);
     privileges = role.getPrivileges();
     assertEquals(0, privileges.size());
 
     roleName = "test-grantOption-db";
-    sentryStore.createSentryRole(roleName, grantor);
+    sentryStore.createSentryRole(roleName);
     privilege = new TSentryPrivilege();
     privilege.setPrivilegeScope("DATABASE");
     privilege.setServerName(server);
     privilege.setDbName(db);
     privilege.setAction(AccessConstants.ALL);
-    privilege.setGrantorPrincipal(grantor);
     privilege.setGrantOption(TSentryGrantOption.TRUE);
     privilege.setCreateTime(System.currentTimeMillis());
     privilege.setGrantOption(grantOption);
-    sentryStore.alterSentryRoleGrantPrivilege(roleName, privilege);
+    sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege);
     role = sentryStore.getMSentryRoleByName(roleName);
     privileges = role.getPrivileges();
     assertEquals(privileges.toString(), 1, privileges.size());
 
     privilege.setAction(AccessConstants.SELECT);
     privilege.setGrantOption(TSentryGrantOption.UNSET);
-    sentryStore.alterSentryRoleRevokePrivilege(roleName, privilege);
+    sentryStore.alterSentryRoleRevokePrivilege(grantor, roleName, privilege);
     // after having ALL and revoking SELECT, we should have INSERT
     role = sentryStore.getMSentryRoleByName(roleName);
     privileges = role.getPrivileges();
@@ -315,7 +309,7 @@ public class TestSentryStore {
     String[] groups = {"group0","group1","group2","group3","group4"};
     for (int i = 0; i < users.length; i++) {
       addGroupsToUser(users[i], groups[i]);
-      sentryStore.createSentryRole(roles[i], grantor);
+      sentryStore.createSentryRole(roles[i]);
       Set<TSentryGroup> tGroups = Sets.newHashSet();
       TSentryGroup tGroup = new TSentryGroup(groups[i]);
       tGroups.add(tGroup);
@@ -334,10 +328,9 @@ public class TestSentryStore {
     privilege1.setServerName(server);
     privilege1.setDbName(db);
     privilege1.setAction(AccessConstants.ALL);
-    privilege1.setGrantorPrincipal(grantor);
     privilege1.setCreateTime(System.currentTimeMillis());
     privilege1.setGrantOption(TSentryGrantOption.TRUE);
-    sentryStore.alterSentryRoleGrantPrivilege(roleName, privilege1);
+    sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege1);
     MSentryRole role = sentryStore.getMSentryRoleByName(roleName);
     Set<MSentryPrivilege> privileges = role.getPrivileges();
     assertEquals(privileges.toString(), 1, privileges.size());
@@ -350,10 +343,9 @@ public class TestSentryStore {
     privilege2.setServerName(server);
     privilege2.setDbName(db);
     privilege2.setAction(AccessConstants.SELECT);
-    privilege2.setGrantorPrincipal(grantor);
     privilege2.setCreateTime(System.currentTimeMillis());
     privilege2.setGrantOption(TSentryGrantOption.TRUE);
-    sentryStore.alterSentryRoleGrantPrivilege(roleName, privilege2);
+    sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege2);
 
     // 4. user0 grant all on table tb1 to role2, no grant option
     roleName = roles[2];
@@ -364,10 +356,9 @@ public class TestSentryStore {
     privilege3.setDbName(db);
     privilege3.setTableName(table);
     privilege3.setAction(AccessConstants.ALL);
-    privilege3.setGrantorPrincipal(grantor);
     privilege3.setCreateTime(System.currentTimeMillis());
     privilege3.setGrantOption(TSentryGrantOption.FALSE);
-    sentryStore.alterSentryRoleGrantPrivilege(roleName, privilege3);
+    sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege3);
 
     // 5. user1 has role1, no insert privilege,
     // grant insert to role3, will throw no grant exception
@@ -378,12 +369,11 @@ public class TestSentryStore {
     privilege4.setServerName(server);
     privilege4.setDbName(db);
     privilege4.setAction(AccessConstants.INSERT);
-    privilege4.setGrantorPrincipal(grantor);
     privilege4.setCreateTime(System.currentTimeMillis());
     privilege4.setGrantOption(TSentryGrantOption.FALSE);
     boolean isGrantOptionException = false;
     try {
-      sentryStore.alterSentryRoleGrantPrivilege(roleName, privilege4);
+      sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege4);
     } catch (SentryGrantDeniedException e) {
       isGrantOptionException = true;
       System.err.println(e.getMessage());
@@ -400,12 +390,11 @@ public class TestSentryStore {
     privilege5.setDbName(db);
     privilege5.setTableName(table);
     privilege5.setAction(AccessConstants.INSERT);
-    privilege5.setGrantorPrincipal(grantor);
     privilege5.setCreateTime(System.currentTimeMillis());
     privilege5.setGrantOption(TSentryGrantOption.FALSE);
     isGrantOptionException = false;
     try {
-      sentryStore.alterSentryRoleGrantPrivilege(roleName, privilege5);
+      sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege5);
     } catch (SentryGrantDeniedException e) {
       isGrantOptionException = true;
       System.err.println(e.getMessage());
@@ -425,7 +414,7 @@ public class TestSentryStore {
     String[] groups = {"group0","group1","group2"};
     for (int i = 0; i < users.length; i++) {
       addGroupsToUser(users[i], groups[i]);
-      sentryStore.createSentryRole(roles[i], grantor);
+      sentryStore.createSentryRole(roles[i]);
       Set<TSentryGroup> tGroups = Sets.newHashSet();
       TSentryGroup tGroup = new TSentryGroup(groups[i]);
       tGroups.add(tGroup);
@@ -444,10 +433,9 @@ public class TestSentryStore {
     privilege1.setServerName(server);
     privilege1.setDbName(db);
     privilege1.setAction(AccessConstants.SELECT);
-    privilege1.setGrantorPrincipal(grantor);
     privilege1.setCreateTime(System.currentTimeMillis());
     privilege1.setGrantOption(TSentryGrantOption.TRUE);
-    sentryStore.alterSentryRoleGrantPrivilege(roleName, privilege1);
+    sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege1);
     MSentryRole role = sentryStore.getMSentryRoleByName(roleName);
     Set<MSentryPrivilege> privileges = role.getPrivileges();
     assertEquals(privileges.toString(), 1, privileges.size());
@@ -461,10 +449,9 @@ public class TestSentryStore {
     privilege2.setDbName(db);
     privilege2.setTableName(table);
     privilege2.setAction(AccessConstants.ALL);
-    privilege2.setGrantorPrincipal(grantor);
     privilege2.setCreateTime(System.currentTimeMillis());
     privilege2.setGrantOption(TSentryGrantOption.FALSE);
-    sentryStore.alterSentryRoleGrantPrivilege(roleName, privilege2);
+    sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege2);
 
     // 4. g1 grant select on table tb1 to role2, no grant option
     roleName = roles[2];
@@ -475,19 +462,17 @@ public class TestSentryStore {
     privilege3.setDbName(db);
     privilege3.setTableName(table);
     privilege3.setAction(AccessConstants.SELECT);
-    privilege3.setGrantorPrincipal(grantor);
     privilege3.setCreateTime(System.currentTimeMillis());
     privilege3.setGrantOption(TSentryGrantOption.FALSE);
-    sentryStore.alterSentryRoleGrantPrivilege(roleName, privilege3);
+    sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege3);
 
     // 5. user1 has role1, no grant option,
     // revoke from role2 will throw no grant exception
     roleName = roles[2];
     grantor = users[1];
-    privilege3.setGrantorPrincipal(grantor);
     boolean isGrantOptionException = false;
     try {
-      sentryStore.alterSentryRoleRevokePrivilege(roleName, privilege3);
+      sentryStore.alterSentryRoleRevokePrivilege(grantor, roleName, privilege3);
     } catch (SentryGrantDeniedException e) {
       isGrantOptionException = true;
       System.err.println(e.getMessage());
@@ -498,9 +483,8 @@ public class TestSentryStore {
     // revoke all from role1 will throw no grant exception
     roleName = roles[1];
     grantor = users[0];
-    privilege2.setGrantorPrincipal(grantor);
     try {
-      sentryStore.alterSentryRoleRevokePrivilege(roleName, privilege2);
+      sentryStore.alterSentryRoleRevokePrivilege(grantor, roleName, privilege2);
     } catch (SentryGrantDeniedException e) {
       isGrantOptionException = true;
       System.err.println(e.getMessage());
@@ -511,8 +495,7 @@ public class TestSentryStore {
     // revoke select from role2
     roleName = roles[2];
     grantor = users[0];
-    privilege3.setGrantorPrincipal(grantor);
-    sentryStore.alterSentryRoleRevokePrivilege(roleName, privilege3);
+    sentryStore.alterSentryRoleRevokePrivilege(grantor, roleName, privilege3);
     role = sentryStore.getMSentryRoleByName(roleName);
     privileges = role.getPrivileges();
     assertEquals(0, privileges.size());
@@ -528,7 +511,7 @@ public class TestSentryStore {
     String[] groups = {"group0"};
     for (int i = 0; i < users.length; i++) {
       addGroupsToUser(users[i], groups[i]);
-      sentryStore.createSentryRole(roles[i], grantor);
+      sentryStore.createSentryRole(roles[i]);
       Set<TSentryGroup> tGroups = Sets.newHashSet();
       TSentryGroup tGroup = new TSentryGroup(groups[i]);
       tGroups.add(tGroup);
@@ -548,22 +531,21 @@ public class TestSentryStore {
     privilege.setDbName(db);
     privilege.setTableName(table);
     privilege.setAction(AccessConstants.SELECT);
-    privilege.setGrantorPrincipal(grantor);
     privilege.setCreateTime(System.currentTimeMillis());
     privilege.setGrantOption(TSentryGrantOption.TRUE);
-    sentryStore.alterSentryRoleGrantPrivilege(roleName, privilege);
+    sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege);
 
     // 3. g1 grant select on table tb1 to role0, no grant option
     roleName = roles[0];
     grantor = "g1";
     privilege.setGrantOption(TSentryGrantOption.FALSE);
-    sentryStore.alterSentryRoleGrantPrivilege(roleName, privilege);
+    sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName, privilege);
 
     // 4. g1 revoke all privilege from role0
     roleName = roles[0];
     grantor = "g1";
     privilege.setGrantOption(TSentryGrantOption.UNSET);
-    sentryStore.alterSentryRoleRevokePrivilege(roleName, privilege);
+    sentryStore.alterSentryRoleRevokePrivilege(grantor, roleName, privilege);
     MSentryRole role = sentryStore.getMSentryRoleByName(roleName);
     Set<MSentryPrivilege> privileges = role.getPrivileges();
     assertEquals(privileges.toString(), 0, privileges.size());
@@ -574,26 +556,24 @@ public class TestSentryStore {
     String roleName1 = "list-privs-r1", roleName2 = "list-privs-r2";
     String groupName1 = "list-privs-g1", groupName2 = "list-privs-g2";
     String grantor = "g1";
-    long seqId = sentryStore.createSentryRole(roleName1, grantor).getSequenceId();
-    assertEquals(seqId + 1, sentryStore.createSentryRole(roleName2, grantor).getSequenceId());
+    long seqId = sentryStore.createSentryRole(roleName1).getSequenceId();
+    assertEquals(seqId + 1, sentryStore.createSentryRole(roleName2).getSequenceId());
     TSentryPrivilege privilege1 = new TSentryPrivilege();
     privilege1.setPrivilegeScope("TABLE");
     privilege1.setServerName("server1");
     privilege1.setDbName("db1");
     privilege1.setTableName("tbl1");
     privilege1.setAction("SELECT");
-    privilege1.setGrantorPrincipal(grantor);
     privilege1.setCreateTime(System.currentTimeMillis());
-    assertEquals(seqId + 2, sentryStore.alterSentryRoleGrantPrivilege(roleName1, privilege1)
+    assertEquals(seqId + 2, sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName1, privilege1)
         .getSequenceId());
-    assertEquals(seqId + 3, sentryStore.alterSentryRoleGrantPrivilege(roleName2, privilege1)
+    assertEquals(seqId + 3, sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName2, privilege1)
         .getSequenceId());
     TSentryPrivilege privilege2 = new TSentryPrivilege();
     privilege2.setPrivilegeScope("SERVER");
     privilege2.setServerName("server1");
-    privilege2.setGrantorPrincipal(grantor);
     privilege2.setCreateTime(System.currentTimeMillis());
-    assertEquals(seqId + 4, sentryStore.alterSentryRoleGrantPrivilege(roleName2, privilege2)
+    assertEquals(seqId + 4, sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName2, privilege2)
         .getSequenceId());
     Set<TSentryGroup> groups = Sets.newHashSet();
     TSentryGroup group = new TSentryGroup();
@@ -681,9 +661,9 @@ public class TestSentryStore {
     String group1 = "group1", group2 = "group2";
     String grantor = "g1";
 
-    sentryStore.createSentryRole(roleName1, grantor);
-    sentryStore.createSentryRole(roleName2, grantor);
-    sentryStore.createSentryRole(roleName3, grantor);
+    sentryStore.createSentryRole(roleName1);
+    sentryStore.createSentryRole(roleName2);
+    sentryStore.createSentryRole(roleName3);
 
     sentryStore.alterSentryRoleAddGroups(grantor, roleName1, Sets.newHashSet(new TSentryGroup(group1)));
     sentryStore.alterSentryRoleAddGroups(grantor, roleName2, Sets.newHashSet(new TSentryGroup(group2)));
@@ -707,16 +687,15 @@ public class TestSentryStore {
   public void testDropDbObject() throws Exception {
     String roleName1 = "list-privs-r1", roleName2 = "list-privs-r2", roleName3 = "list-privs-r3";
     String grantor = "g1";
-    sentryStore.createSentryRole(roleName1, grantor);
-    sentryStore.createSentryRole(roleName2, grantor);
-    sentryStore.createSentryRole(roleName3, grantor);
+    sentryStore.createSentryRole(roleName1);
+    sentryStore.createSentryRole(roleName2);
+    sentryStore.createSentryRole(roleName3);
 
     TSentryPrivilege privilege_tbl1 = new TSentryPrivilege();
     privilege_tbl1.setPrivilegeScope("TABLE");
     privilege_tbl1.setServerName("server1");
     privilege_tbl1.setDbName("db1");
     privilege_tbl1.setTableName("tbl1");
-    privilege_tbl1.setGrantorPrincipal(grantor);
     privilege_tbl1.setCreateTime(System.currentTimeMillis());
 
     TSentryPrivilege privilege1 = new TSentryPrivilege(privilege_tbl1);
@@ -730,7 +709,6 @@ public class TestSentryStore {
     TSentryPrivilege privilege_server = new TSentryPrivilege();
     privilege_server.setPrivilegeScope("SERVER");
     privilege_server.setServerName("server1");
-    privilege_server.setGrantorPrincipal(grantor);
     privilege_server.setCreateTime(System.currentTimeMillis());
 
     TSentryPrivilege privilege_tbl2 = new TSentryPrivilege();
@@ -738,7 +716,6 @@ public class TestSentryStore {
     privilege_tbl2.setServerName("server1");
     privilege_tbl2.setDbName("db1");
     privilege_tbl2.setTableName("tbl2");
-    privilege_tbl2.setGrantorPrincipal(grantor);
     privilege_tbl2.setCreateTime(System.currentTimeMillis());
 
     TSentryPrivilege privilege2_3 = new TSentryPrivilege(privilege_tbl2);
@@ -747,14 +724,14 @@ public class TestSentryStore {
     TSentryPrivilege privilege3_2 = new TSentryPrivilege(privilege_tbl2);
     privilege3_2.setAction("INSERT");
 
-    sentryStore.alterSentryRoleGrantPrivilege(roleName1, privilege1);
+    sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName1, privilege1);
 
-    sentryStore.alterSentryRoleGrantPrivilege(roleName2, privilege2_1);
-    sentryStore.alterSentryRoleGrantPrivilege(roleName2, privilege_server);
-    sentryStore.alterSentryRoleGrantPrivilege(roleName2, privilege2_3);
+    sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName2, privilege2_1);
+    sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName2, privilege_server);
+    sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName2, privilege2_3);
 
-    sentryStore.alterSentryRoleGrantPrivilege(roleName3, privilege3_1);
-    sentryStore.alterSentryRoleGrantPrivilege(roleName3, privilege3_2);
+    sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName3, privilege3_1);
+    sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName3, privilege3_2);
 
     sentryStore.dropPrivilege(toTSentryAuthorizable(privilege_tbl1));
     assertEquals(0, sentryStore.getAllTSentryPrivilegesByRoleName(roleName1)
@@ -777,14 +754,13 @@ public class TestSentryStore {
   public void testDropOverlappedPrivileges() throws Exception {
     String roleName1 = "list-privs-r1";
     String grantor = "g1";
-    sentryStore.createSentryRole(roleName1, grantor);
+    sentryStore.createSentryRole(roleName1);
 
     TSentryPrivilege privilege_tbl1 = new TSentryPrivilege();
     privilege_tbl1.setPrivilegeScope("TABLE");
     privilege_tbl1.setServerName("server1");
     privilege_tbl1.setDbName("db1");
     privilege_tbl1.setTableName("tbl1");
-    privilege_tbl1.setGrantorPrincipal(grantor);
     privilege_tbl1.setCreateTime(System.currentTimeMillis());
 
     TSentryPrivilege privilege_tbl1_insert = new TSentryPrivilege(
@@ -794,8 +770,8 @@ public class TestSentryStore {
     TSentryPrivilege privilege_tbl1_all = new TSentryPrivilege(privilege_tbl1);
     privilege_tbl1_all.setAction("*");
 
-    sentryStore.alterSentryRoleGrantPrivilege(roleName1, privilege_tbl1_insert);
-    sentryStore.alterSentryRoleGrantPrivilege(roleName1, privilege_tbl1_all);
+    sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName1, privilege_tbl1_insert);
+    sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName1, privilege_tbl1_all);
 
     sentryStore.dropPrivilege(toTSentryAuthorizable(privilege_tbl1));
     assertEquals(0, sentryStore.getAllTSentryPrivilegesByRoleName(roleName1)
@@ -823,16 +799,15 @@ public class TestSentryStore {
     String grantor = "g1";
     String table1 = "tbl1", table2 = "tbl2";
 
-    sentryStore.createSentryRole(roleName1, grantor);
-    sentryStore.createSentryRole(roleName2, grantor);
-    sentryStore.createSentryRole(roleName3, grantor);
+    sentryStore.createSentryRole(roleName1);
+    sentryStore.createSentryRole(roleName2);
+    sentryStore.createSentryRole(roleName3);
 
     TSentryPrivilege privilege_tbl1 = new TSentryPrivilege();
     privilege_tbl1.setPrivilegeScope("TABLE");
     privilege_tbl1.setServerName("server1");
     privilege_tbl1.setDbName("db1");
     privilege_tbl1.setTableName(table1);
-    privilege_tbl1.setGrantorPrincipal(grantor);
     privilege_tbl1.setCreateTime(System.currentTimeMillis());
 
     TSentryPrivilege privilege_tbl1_insert = new TSentryPrivilege(
@@ -846,14 +821,14 @@ public class TestSentryStore {
     TSentryPrivilege privilege_tbl1_all = new TSentryPrivilege(privilege_tbl1);
     privilege_tbl1_all.setAction(AccessConstants.ALL);
 
-    sentryStore.alterSentryRoleGrantPrivilege(roleName1, privilege_tbl1_insert);
-    sentryStore.alterSentryRoleGrantPrivilege(roleName2, privilege_tbl1_select);
-    sentryStore.alterSentryRoleGrantPrivilege(roleName3, privilege_tbl1_all);
+    sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName1, privilege_tbl1_insert);
+    sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName2, privilege_tbl1_select);
+    sentryStore.alterSentryRoleGrantPrivilege(grantor, roleName3, privilege_tbl1_all);
 
     TSentryAuthorizable oldTable = toTSentryAuthorizable(privilege_tbl1);
     TSentryAuthorizable newTable = toTSentryAuthorizable(privilege_tbl1);
     newTable.setTable(table2);
-    sentryStore.renamePrivilege(oldTable, newTable, System.getProperty("user.name"));
+    sentryStore.renamePrivilege(oldTable, newTable);
 
     for (String roleName : Sets.newHashSet(roleName1, roleName2, roleName3)) {
       Set<TSentryPrivilege> privilegeSet = sentryStore
@@ -861,8 +836,6 @@ public class TestSentryStore {
       assertEquals(1, privilegeSet.size());
       for (TSentryPrivilege privilege : privilegeSet) {
         assertTrue(table2.equalsIgnoreCase(privilege.getTableName()));
-        assertEquals(System.getProperty("user.name"),
-            privilege.getGrantorPrincipal());
       }
     }
   }


Mime
View raw message