sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sra...@apache.org
Subject [1/2] SENTRY-359: Support Sentry service API to retrieve applicable privileges for a given authorizable object (Prasad Mujumdar via Arun and Sravya)
Date Wed, 17 Sep 2014 23:01:11 GMT
Repository: incubator-sentry
Updated Branches:
  refs/heads/master d1d2fd3dc -> fa5f81c77


http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fa5f81c7/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TListSentryPrivilegesByAuthResponse.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TListSentryPrivilegesByAuthResponse.java b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TListSentryPrivilegesByAuthResponse.java
new file mode 100644
index 0000000..6fe5a7e
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TListSentryPrivilegesByAuthResponse.java
@@ -0,0 +1,558 @@
+/**
+ * Autogenerated by Thrift Compiler (0.9.0)
+ *
+ * DO NOT EDIT UNLESS YOU ARE SURE THAT YOU KNOW WHAT YOU ARE DOING
+ *  @generated
+ */
+package org.apache.sentry.provider.db.service.thrift;
+
+import org.apache.commons.lang.builder.HashCodeBuilder;
+import org.apache.thrift.scheme.IScheme;
+import org.apache.thrift.scheme.SchemeFactory;
+import org.apache.thrift.scheme.StandardScheme;
+
+import org.apache.thrift.scheme.TupleScheme;
+import org.apache.thrift.protocol.TTupleProtocol;
+import org.apache.thrift.protocol.TProtocolException;
+import org.apache.thrift.EncodingUtils;
+import org.apache.thrift.TException;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.EnumMap;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.EnumSet;
+import java.util.Collections;
+import java.util.BitSet;
+import java.nio.ByteBuffer;
+import java.util.Arrays;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class TListSentryPrivilegesByAuthResponse implements org.apache.thrift.TBase<TListSentryPrivilegesByAuthResponse, TListSentryPrivilegesByAuthResponse._Fields>, java.io.Serializable, Cloneable {
+  private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("TListSentryPrivilegesByAuthResponse");
+
+  private static final org.apache.thrift.protocol.TField STATUS_FIELD_DESC = new org.apache.thrift.protocol.TField("status", org.apache.thrift.protocol.TType.STRUCT, (short)1);
+  private static final org.apache.thrift.protocol.TField PRIVILEGES_MAP_BY_AUTH_FIELD_DESC = new org.apache.thrift.protocol.TField("privilegesMapByAuth", org.apache.thrift.protocol.TType.MAP, (short)2);
+
+  private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+  static {
+    schemes.put(StandardScheme.class, new TListSentryPrivilegesByAuthResponseStandardSchemeFactory());
+    schemes.put(TupleScheme.class, new TListSentryPrivilegesByAuthResponseTupleSchemeFactory());
+  }
+
+  private org.apache.sentry.service.thrift.TSentryResponseStatus status; // required
+  private Map<TSentryAuthorizable,TSentryPrivilegeMap> privilegesMapByAuth; // required
+
+  /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+  public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+    STATUS((short)1, "status"),
+    PRIVILEGES_MAP_BY_AUTH((short)2, "privilegesMapByAuth");
+
+    private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+    static {
+      for (_Fields field : EnumSet.allOf(_Fields.class)) {
+        byName.put(field.getFieldName(), field);
+      }
+    }
+
+    /**
+     * Find the _Fields constant that matches fieldId, or null if its not found.
+     */
+    public static _Fields findByThriftId(int fieldId) {
+      switch(fieldId) {
+        case 1: // STATUS
+          return STATUS;
+        case 2: // PRIVILEGES_MAP_BY_AUTH
+          return PRIVILEGES_MAP_BY_AUTH;
+        default:
+          return null;
+      }
+    }
+
+    /**
+     * Find the _Fields constant that matches fieldId, throwing an exception
+     * if it is not found.
+     */
+    public static _Fields findByThriftIdOrThrow(int fieldId) {
+      _Fields fields = findByThriftId(fieldId);
+      if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+      return fields;
+    }
+
+    /**
+     * Find the _Fields constant that matches name, or null if its not found.
+     */
+    public static _Fields findByName(String name) {
+      return byName.get(name);
+    }
+
+    private final short _thriftId;
+    private final String _fieldName;
+
+    _Fields(short thriftId, String fieldName) {
+      _thriftId = thriftId;
+      _fieldName = fieldName;
+    }
+
+    public short getThriftFieldId() {
+      return _thriftId;
+    }
+
+    public String getFieldName() {
+      return _fieldName;
+    }
+  }
+
+  // isset id assignments
+  public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+  static {
+    Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+    tmpMap.put(_Fields.STATUS, new org.apache.thrift.meta_data.FieldMetaData("status", org.apache.thrift.TFieldRequirementType.REQUIRED, 
+        new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, org.apache.sentry.service.thrift.TSentryResponseStatus.class)));
+    tmpMap.put(_Fields.PRIVILEGES_MAP_BY_AUTH, new org.apache.thrift.meta_data.FieldMetaData("privilegesMapByAuth", org.apache.thrift.TFieldRequirementType.REQUIRED, 
+        new org.apache.thrift.meta_data.MapMetaData(org.apache.thrift.protocol.TType.MAP, 
+            new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, TSentryAuthorizable.class), 
+            new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, TSentryPrivilegeMap.class))));
+    metaDataMap = Collections.unmodifiableMap(tmpMap);
+    org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(TListSentryPrivilegesByAuthResponse.class, metaDataMap);
+  }
+
+  public TListSentryPrivilegesByAuthResponse() {
+  }
+
+  public TListSentryPrivilegesByAuthResponse(
+    org.apache.sentry.service.thrift.TSentryResponseStatus status,
+    Map<TSentryAuthorizable,TSentryPrivilegeMap> privilegesMapByAuth)
+  {
+    this();
+    this.status = status;
+    this.privilegesMapByAuth = privilegesMapByAuth;
+  }
+
+  /**
+   * Performs a deep copy on <i>other</i>.
+   */
+  public TListSentryPrivilegesByAuthResponse(TListSentryPrivilegesByAuthResponse other) {
+    if (other.isSetStatus()) {
+      this.status = new org.apache.sentry.service.thrift.TSentryResponseStatus(other.status);
+    }
+    if (other.isSetPrivilegesMapByAuth()) {
+      Map<TSentryAuthorizable,TSentryPrivilegeMap> __this__privilegesMapByAuth = new HashMap<TSentryAuthorizable,TSentryPrivilegeMap>();
+      for (Map.Entry<TSentryAuthorizable, TSentryPrivilegeMap> other_element : other.privilegesMapByAuth.entrySet()) {
+
+        TSentryAuthorizable other_element_key = other_element.getKey();
+        TSentryPrivilegeMap other_element_value = other_element.getValue();
+
+        TSentryAuthorizable __this__privilegesMapByAuth_copy_key = new TSentryAuthorizable(other_element_key);
+
+        TSentryPrivilegeMap __this__privilegesMapByAuth_copy_value = new TSentryPrivilegeMap(other_element_value);
+
+        __this__privilegesMapByAuth.put(__this__privilegesMapByAuth_copy_key, __this__privilegesMapByAuth_copy_value);
+      }
+      this.privilegesMapByAuth = __this__privilegesMapByAuth;
+    }
+  }
+
+  public TListSentryPrivilegesByAuthResponse deepCopy() {
+    return new TListSentryPrivilegesByAuthResponse(this);
+  }
+
+  @Override
+  public void clear() {
+    this.status = null;
+    this.privilegesMapByAuth = null;
+  }
+
+  public org.apache.sentry.service.thrift.TSentryResponseStatus getStatus() {
+    return this.status;
+  }
+
+  public void setStatus(org.apache.sentry.service.thrift.TSentryResponseStatus status) {
+    this.status = status;
+  }
+
+  public void unsetStatus() {
+    this.status = null;
+  }
+
+  /** Returns true if field status is set (has been assigned a value) and false otherwise */
+  public boolean isSetStatus() {
+    return this.status != null;
+  }
+
+  public void setStatusIsSet(boolean value) {
+    if (!value) {
+      this.status = null;
+    }
+  }
+
+  public int getPrivilegesMapByAuthSize() {
+    return (this.privilegesMapByAuth == null) ? 0 : this.privilegesMapByAuth.size();
+  }
+
+  public void putToPrivilegesMapByAuth(TSentryAuthorizable key, TSentryPrivilegeMap val) {
+    if (this.privilegesMapByAuth == null) {
+      this.privilegesMapByAuth = new HashMap<TSentryAuthorizable,TSentryPrivilegeMap>();
+    }
+    this.privilegesMapByAuth.put(key, val);
+  }
+
+  public Map<TSentryAuthorizable,TSentryPrivilegeMap> getPrivilegesMapByAuth() {
+    return this.privilegesMapByAuth;
+  }
+
+  public void setPrivilegesMapByAuth(Map<TSentryAuthorizable,TSentryPrivilegeMap> privilegesMapByAuth) {
+    this.privilegesMapByAuth = privilegesMapByAuth;
+  }
+
+  public void unsetPrivilegesMapByAuth() {
+    this.privilegesMapByAuth = null;
+  }
+
+  /** Returns true if field privilegesMapByAuth is set (has been assigned a value) and false otherwise */
+  public boolean isSetPrivilegesMapByAuth() {
+    return this.privilegesMapByAuth != null;
+  }
+
+  public void setPrivilegesMapByAuthIsSet(boolean value) {
+    if (!value) {
+      this.privilegesMapByAuth = null;
+    }
+  }
+
+  public void setFieldValue(_Fields field, Object value) {
+    switch (field) {
+    case STATUS:
+      if (value == null) {
+        unsetStatus();
+      } else {
+        setStatus((org.apache.sentry.service.thrift.TSentryResponseStatus)value);
+      }
+      break;
+
+    case PRIVILEGES_MAP_BY_AUTH:
+      if (value == null) {
+        unsetPrivilegesMapByAuth();
+      } else {
+        setPrivilegesMapByAuth((Map<TSentryAuthorizable,TSentryPrivilegeMap>)value);
+      }
+      break;
+
+    }
+  }
+
+  public Object getFieldValue(_Fields field) {
+    switch (field) {
+    case STATUS:
+      return getStatus();
+
+    case PRIVILEGES_MAP_BY_AUTH:
+      return getPrivilegesMapByAuth();
+
+    }
+    throw new IllegalStateException();
+  }
+
+  /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+  public boolean isSet(_Fields field) {
+    if (field == null) {
+      throw new IllegalArgumentException();
+    }
+
+    switch (field) {
+    case STATUS:
+      return isSetStatus();
+    case PRIVILEGES_MAP_BY_AUTH:
+      return isSetPrivilegesMapByAuth();
+    }
+    throw new IllegalStateException();
+  }
+
+  @Override
+  public boolean equals(Object that) {
+    if (that == null)
+      return false;
+    if (that instanceof TListSentryPrivilegesByAuthResponse)
+      return this.equals((TListSentryPrivilegesByAuthResponse)that);
+    return false;
+  }
+
+  public boolean equals(TListSentryPrivilegesByAuthResponse that) {
+    if (that == null)
+      return false;
+
+    boolean this_present_status = true && this.isSetStatus();
+    boolean that_present_status = true && that.isSetStatus();
+    if (this_present_status || that_present_status) {
+      if (!(this_present_status && that_present_status))
+        return false;
+      if (!this.status.equals(that.status))
+        return false;
+    }
+
+    boolean this_present_privilegesMapByAuth = true && this.isSetPrivilegesMapByAuth();
+    boolean that_present_privilegesMapByAuth = true && that.isSetPrivilegesMapByAuth();
+    if (this_present_privilegesMapByAuth || that_present_privilegesMapByAuth) {
+      if (!(this_present_privilegesMapByAuth && that_present_privilegesMapByAuth))
+        return false;
+      if (!this.privilegesMapByAuth.equals(that.privilegesMapByAuth))
+        return false;
+    }
+
+    return true;
+  }
+
+  @Override
+  public int hashCode() {
+    HashCodeBuilder builder = new HashCodeBuilder();
+
+    boolean present_status = true && (isSetStatus());
+    builder.append(present_status);
+    if (present_status)
+      builder.append(status);
+
+    boolean present_privilegesMapByAuth = true && (isSetPrivilegesMapByAuth());
+    builder.append(present_privilegesMapByAuth);
+    if (present_privilegesMapByAuth)
+      builder.append(privilegesMapByAuth);
+
+    return builder.toHashCode();
+  }
+
+  public int compareTo(TListSentryPrivilegesByAuthResponse other) {
+    if (!getClass().equals(other.getClass())) {
+      return getClass().getName().compareTo(other.getClass().getName());
+    }
+
+    int lastComparison = 0;
+    TListSentryPrivilegesByAuthResponse typedOther = (TListSentryPrivilegesByAuthResponse)other;
+
+    lastComparison = Boolean.valueOf(isSetStatus()).compareTo(typedOther.isSetStatus());
+    if (lastComparison != 0) {
+      return lastComparison;
+    }
+    if (isSetStatus()) {
+      lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.status, typedOther.status);
+      if (lastComparison != 0) {
+        return lastComparison;
+      }
+    }
+    lastComparison = Boolean.valueOf(isSetPrivilegesMapByAuth()).compareTo(typedOther.isSetPrivilegesMapByAuth());
+    if (lastComparison != 0) {
+      return lastComparison;
+    }
+    if (isSetPrivilegesMapByAuth()) {
+      lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.privilegesMapByAuth, typedOther.privilegesMapByAuth);
+      if (lastComparison != 0) {
+        return lastComparison;
+      }
+    }
+    return 0;
+  }
+
+  public _Fields fieldForId(int fieldId) {
+    return _Fields.findByThriftId(fieldId);
+  }
+
+  public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+    schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+  }
+
+  public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+    schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+  }
+
+  @Override
+  public String toString() {
+    StringBuilder sb = new StringBuilder("TListSentryPrivilegesByAuthResponse(");
+    boolean first = true;
+
+    sb.append("status:");
+    if (this.status == null) {
+      sb.append("null");
+    } else {
+      sb.append(this.status);
+    }
+    first = false;
+    if (!first) sb.append(", ");
+    sb.append("privilegesMapByAuth:");
+    if (this.privilegesMapByAuth == null) {
+      sb.append("null");
+    } else {
+      sb.append(this.privilegesMapByAuth);
+    }
+    first = false;
+    sb.append(")");
+    return sb.toString();
+  }
+
+  public void validate() throws org.apache.thrift.TException {
+    // check for required fields
+    if (!isSetStatus()) {
+      throw new org.apache.thrift.protocol.TProtocolException("Required field 'status' is unset! Struct:" + toString());
+    }
+
+    if (!isSetPrivilegesMapByAuth()) {
+      throw new org.apache.thrift.protocol.TProtocolException("Required field 'privilegesMapByAuth' is unset! Struct:" + toString());
+    }
+
+    // check for sub-struct validity
+    if (status != null) {
+      status.validate();
+    }
+  }
+
+  private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+    try {
+      write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+    } catch (org.apache.thrift.TException te) {
+      throw new java.io.IOException(te);
+    }
+  }
+
+  private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+    try {
+      read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+    } catch (org.apache.thrift.TException te) {
+      throw new java.io.IOException(te);
+    }
+  }
+
+  private static class TListSentryPrivilegesByAuthResponseStandardSchemeFactory implements SchemeFactory {
+    public TListSentryPrivilegesByAuthResponseStandardScheme getScheme() {
+      return new TListSentryPrivilegesByAuthResponseStandardScheme();
+    }
+  }
+
+  private static class TListSentryPrivilegesByAuthResponseStandardScheme extends StandardScheme<TListSentryPrivilegesByAuthResponse> {
+
+    public void read(org.apache.thrift.protocol.TProtocol iprot, TListSentryPrivilegesByAuthResponse struct) throws org.apache.thrift.TException {
+      org.apache.thrift.protocol.TField schemeField;
+      iprot.readStructBegin();
+      while (true)
+      {
+        schemeField = iprot.readFieldBegin();
+        if (schemeField.type == org.apache.thrift.protocol.TType.STOP) { 
+          break;
+        }
+        switch (schemeField.id) {
+          case 1: // STATUS
+            if (schemeField.type == org.apache.thrift.protocol.TType.STRUCT) {
+              struct.status = new org.apache.sentry.service.thrift.TSentryResponseStatus();
+              struct.status.read(iprot);
+              struct.setStatusIsSet(true);
+            } else { 
+              org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+            }
+            break;
+          case 2: // PRIVILEGES_MAP_BY_AUTH
+            if (schemeField.type == org.apache.thrift.protocol.TType.MAP) {
+              {
+                org.apache.thrift.protocol.TMap _map98 = iprot.readMapBegin();
+                struct.privilegesMapByAuth = new HashMap<TSentryAuthorizable,TSentryPrivilegeMap>(2*_map98.size);
+                for (int _i99 = 0; _i99 < _map98.size; ++_i99)
+                {
+                  TSentryAuthorizable _key100; // required
+                  TSentryPrivilegeMap _val101; // required
+                  _key100 = new TSentryAuthorizable();
+                  _key100.read(iprot);
+                  _val101 = new TSentryPrivilegeMap();
+                  _val101.read(iprot);
+                  struct.privilegesMapByAuth.put(_key100, _val101);
+                }
+                iprot.readMapEnd();
+              }
+              struct.setPrivilegesMapByAuthIsSet(true);
+            } else { 
+              org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+            }
+            break;
+          default:
+            org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+        }
+        iprot.readFieldEnd();
+      }
+      iprot.readStructEnd();
+      struct.validate();
+    }
+
+    public void write(org.apache.thrift.protocol.TProtocol oprot, TListSentryPrivilegesByAuthResponse struct) throws org.apache.thrift.TException {
+      struct.validate();
+
+      oprot.writeStructBegin(STRUCT_DESC);
+      if (struct.status != null) {
+        oprot.writeFieldBegin(STATUS_FIELD_DESC);
+        struct.status.write(oprot);
+        oprot.writeFieldEnd();
+      }
+      if (struct.privilegesMapByAuth != null) {
+        oprot.writeFieldBegin(PRIVILEGES_MAP_BY_AUTH_FIELD_DESC);
+        {
+          oprot.writeMapBegin(new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRUCT, org.apache.thrift.protocol.TType.STRUCT, struct.privilegesMapByAuth.size()));
+          for (Map.Entry<TSentryAuthorizable, TSentryPrivilegeMap> _iter102 : struct.privilegesMapByAuth.entrySet())
+          {
+            _iter102.getKey().write(oprot);
+            _iter102.getValue().write(oprot);
+          }
+          oprot.writeMapEnd();
+        }
+        oprot.writeFieldEnd();
+      }
+      oprot.writeFieldStop();
+      oprot.writeStructEnd();
+    }
+
+  }
+
+  private static class TListSentryPrivilegesByAuthResponseTupleSchemeFactory implements SchemeFactory {
+    public TListSentryPrivilegesByAuthResponseTupleScheme getScheme() {
+      return new TListSentryPrivilegesByAuthResponseTupleScheme();
+    }
+  }
+
+  private static class TListSentryPrivilegesByAuthResponseTupleScheme extends TupleScheme<TListSentryPrivilegesByAuthResponse> {
+
+    @Override
+    public void write(org.apache.thrift.protocol.TProtocol prot, TListSentryPrivilegesByAuthResponse struct) throws org.apache.thrift.TException {
+      TTupleProtocol oprot = (TTupleProtocol) prot;
+      struct.status.write(oprot);
+      {
+        oprot.writeI32(struct.privilegesMapByAuth.size());
+        for (Map.Entry<TSentryAuthorizable, TSentryPrivilegeMap> _iter103 : struct.privilegesMapByAuth.entrySet())
+        {
+          _iter103.getKey().write(oprot);
+          _iter103.getValue().write(oprot);
+        }
+      }
+    }
+
+    @Override
+    public void read(org.apache.thrift.protocol.TProtocol prot, TListSentryPrivilegesByAuthResponse struct) throws org.apache.thrift.TException {
+      TTupleProtocol iprot = (TTupleProtocol) prot;
+      struct.status = new org.apache.sentry.service.thrift.TSentryResponseStatus();
+      struct.status.read(iprot);
+      struct.setStatusIsSet(true);
+      {
+        org.apache.thrift.protocol.TMap _map104 = new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRUCT, org.apache.thrift.protocol.TType.STRUCT, iprot.readI32());
+        struct.privilegesMapByAuth = new HashMap<TSentryAuthorizable,TSentryPrivilegeMap>(2*_map104.size);
+        for (int _i105 = 0; _i105 < _map104.size; ++_i105)
+        {
+          TSentryAuthorizable _key106; // required
+          TSentryPrivilegeMap _val107; // required
+          _key106 = new TSentryAuthorizable();
+          _key106.read(iprot);
+          _val107 = new TSentryPrivilegeMap();
+          _val107.read(iprot);
+          struct.privilegesMapByAuth.put(_key106, _val107);
+        }
+      }
+      struct.setPrivilegesMapByAuthIsSet(true);
+    }
+  }
+
+}
+

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fa5f81c7/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryPrivilegeMap.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryPrivilegeMap.java b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryPrivilegeMap.java
new file mode 100644
index 0000000..50b4979
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryPrivilegeMap.java
@@ -0,0 +1,486 @@
+/**
+ * Autogenerated by Thrift Compiler (0.9.0)
+ *
+ * DO NOT EDIT UNLESS YOU ARE SURE THAT YOU KNOW WHAT YOU ARE DOING
+ *  @generated
+ */
+package org.apache.sentry.provider.db.service.thrift;
+
+import org.apache.commons.lang.builder.HashCodeBuilder;
+import org.apache.thrift.scheme.IScheme;
+import org.apache.thrift.scheme.SchemeFactory;
+import org.apache.thrift.scheme.StandardScheme;
+
+import org.apache.thrift.scheme.TupleScheme;
+import org.apache.thrift.protocol.TTupleProtocol;
+import org.apache.thrift.protocol.TProtocolException;
+import org.apache.thrift.EncodingUtils;
+import org.apache.thrift.TException;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.EnumMap;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.EnumSet;
+import java.util.Collections;
+import java.util.BitSet;
+import java.nio.ByteBuffer;
+import java.util.Arrays;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class TSentryPrivilegeMap implements org.apache.thrift.TBase<TSentryPrivilegeMap, TSentryPrivilegeMap._Fields>, java.io.Serializable, Cloneable {
+  private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("TSentryPrivilegeMap");
+
+  private static final org.apache.thrift.protocol.TField PRIVILEGE_MAP_FIELD_DESC = new org.apache.thrift.protocol.TField("privilegeMap", org.apache.thrift.protocol.TType.MAP, (short)1);
+
+  private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+  static {
+    schemes.put(StandardScheme.class, new TSentryPrivilegeMapStandardSchemeFactory());
+    schemes.put(TupleScheme.class, new TSentryPrivilegeMapTupleSchemeFactory());
+  }
+
+  private Map<String,Set<TSentryPrivilege>> privilegeMap; // required
+
+  /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+  public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+    PRIVILEGE_MAP((short)1, "privilegeMap");
+
+    private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+    static {
+      for (_Fields field : EnumSet.allOf(_Fields.class)) {
+        byName.put(field.getFieldName(), field);
+      }
+    }
+
+    /**
+     * Find the _Fields constant that matches fieldId, or null if its not found.
+     */
+    public static _Fields findByThriftId(int fieldId) {
+      switch(fieldId) {
+        case 1: // PRIVILEGE_MAP
+          return PRIVILEGE_MAP;
+        default:
+          return null;
+      }
+    }
+
+    /**
+     * Find the _Fields constant that matches fieldId, throwing an exception
+     * if it is not found.
+     */
+    public static _Fields findByThriftIdOrThrow(int fieldId) {
+      _Fields fields = findByThriftId(fieldId);
+      if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+      return fields;
+    }
+
+    /**
+     * Find the _Fields constant that matches name, or null if its not found.
+     */
+    public static _Fields findByName(String name) {
+      return byName.get(name);
+    }
+
+    private final short _thriftId;
+    private final String _fieldName;
+
+    _Fields(short thriftId, String fieldName) {
+      _thriftId = thriftId;
+      _fieldName = fieldName;
+    }
+
+    public short getThriftFieldId() {
+      return _thriftId;
+    }
+
+    public String getFieldName() {
+      return _fieldName;
+    }
+  }
+
+  // isset id assignments
+  public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+  static {
+    Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+    tmpMap.put(_Fields.PRIVILEGE_MAP, new org.apache.thrift.meta_data.FieldMetaData("privilegeMap", org.apache.thrift.TFieldRequirementType.REQUIRED, 
+        new org.apache.thrift.meta_data.MapMetaData(org.apache.thrift.protocol.TType.MAP, 
+            new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING), 
+            new org.apache.thrift.meta_data.SetMetaData(org.apache.thrift.protocol.TType.SET, 
+                new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, TSentryPrivilege.class)))));
+    metaDataMap = Collections.unmodifiableMap(tmpMap);
+    org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(TSentryPrivilegeMap.class, metaDataMap);
+  }
+
+  public TSentryPrivilegeMap() {
+  }
+
+  public TSentryPrivilegeMap(
+    Map<String,Set<TSentryPrivilege>> privilegeMap)
+  {
+    this();
+    this.privilegeMap = privilegeMap;
+  }
+
+  /**
+   * Performs a deep copy on <i>other</i>.
+   */
+  public TSentryPrivilegeMap(TSentryPrivilegeMap other) {
+    if (other.isSetPrivilegeMap()) {
+      Map<String,Set<TSentryPrivilege>> __this__privilegeMap = new HashMap<String,Set<TSentryPrivilege>>();
+      for (Map.Entry<String, Set<TSentryPrivilege>> other_element : other.privilegeMap.entrySet()) {
+
+        String other_element_key = other_element.getKey();
+        Set<TSentryPrivilege> other_element_value = other_element.getValue();
+
+        String __this__privilegeMap_copy_key = other_element_key;
+
+        Set<TSentryPrivilege> __this__privilegeMap_copy_value = new HashSet<TSentryPrivilege>();
+        for (TSentryPrivilege other_element_value_element : other_element_value) {
+          __this__privilegeMap_copy_value.add(new TSentryPrivilege(other_element_value_element));
+        }
+
+        __this__privilegeMap.put(__this__privilegeMap_copy_key, __this__privilegeMap_copy_value);
+      }
+      this.privilegeMap = __this__privilegeMap;
+    }
+  }
+
+  public TSentryPrivilegeMap deepCopy() {
+    return new TSentryPrivilegeMap(this);
+  }
+
+  @Override
+  public void clear() {
+    this.privilegeMap = null;
+  }
+
+  public int getPrivilegeMapSize() {
+    return (this.privilegeMap == null) ? 0 : this.privilegeMap.size();
+  }
+
+  public void putToPrivilegeMap(String key, Set<TSentryPrivilege> val) {
+    if (this.privilegeMap == null) {
+      this.privilegeMap = new HashMap<String,Set<TSentryPrivilege>>();
+    }
+    this.privilegeMap.put(key, val);
+  }
+
+  public Map<String,Set<TSentryPrivilege>> getPrivilegeMap() {
+    return this.privilegeMap;
+  }
+
+  public void setPrivilegeMap(Map<String,Set<TSentryPrivilege>> privilegeMap) {
+    this.privilegeMap = privilegeMap;
+  }
+
+  public void unsetPrivilegeMap() {
+    this.privilegeMap = null;
+  }
+
+  /** Returns true if field privilegeMap is set (has been assigned a value) and false otherwise */
+  public boolean isSetPrivilegeMap() {
+    return this.privilegeMap != null;
+  }
+
+  public void setPrivilegeMapIsSet(boolean value) {
+    if (!value) {
+      this.privilegeMap = null;
+    }
+  }
+
+  public void setFieldValue(_Fields field, Object value) {
+    switch (field) {
+    case PRIVILEGE_MAP:
+      if (value == null) {
+        unsetPrivilegeMap();
+      } else {
+        setPrivilegeMap((Map<String,Set<TSentryPrivilege>>)value);
+      }
+      break;
+
+    }
+  }
+
+  public Object getFieldValue(_Fields field) {
+    switch (field) {
+    case PRIVILEGE_MAP:
+      return getPrivilegeMap();
+
+    }
+    throw new IllegalStateException();
+  }
+
+  /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+  public boolean isSet(_Fields field) {
+    if (field == null) {
+      throw new IllegalArgumentException();
+    }
+
+    switch (field) {
+    case PRIVILEGE_MAP:
+      return isSetPrivilegeMap();
+    }
+    throw new IllegalStateException();
+  }
+
+  @Override
+  public boolean equals(Object that) {
+    if (that == null)
+      return false;
+    if (that instanceof TSentryPrivilegeMap)
+      return this.equals((TSentryPrivilegeMap)that);
+    return false;
+  }
+
+  public boolean equals(TSentryPrivilegeMap that) {
+    if (that == null)
+      return false;
+
+    boolean this_present_privilegeMap = true && this.isSetPrivilegeMap();
+    boolean that_present_privilegeMap = true && that.isSetPrivilegeMap();
+    if (this_present_privilegeMap || that_present_privilegeMap) {
+      if (!(this_present_privilegeMap && that_present_privilegeMap))
+        return false;
+      if (!this.privilegeMap.equals(that.privilegeMap))
+        return false;
+    }
+
+    return true;
+  }
+
+  @Override
+  public int hashCode() {
+    HashCodeBuilder builder = new HashCodeBuilder();
+
+    boolean present_privilegeMap = true && (isSetPrivilegeMap());
+    builder.append(present_privilegeMap);
+    if (present_privilegeMap)
+      builder.append(privilegeMap);
+
+    return builder.toHashCode();
+  }
+
+  public int compareTo(TSentryPrivilegeMap other) {
+    if (!getClass().equals(other.getClass())) {
+      return getClass().getName().compareTo(other.getClass().getName());
+    }
+
+    int lastComparison = 0;
+    TSentryPrivilegeMap typedOther = (TSentryPrivilegeMap)other;
+
+    lastComparison = Boolean.valueOf(isSetPrivilegeMap()).compareTo(typedOther.isSetPrivilegeMap());
+    if (lastComparison != 0) {
+      return lastComparison;
+    }
+    if (isSetPrivilegeMap()) {
+      lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.privilegeMap, typedOther.privilegeMap);
+      if (lastComparison != 0) {
+        return lastComparison;
+      }
+    }
+    return 0;
+  }
+
+  public _Fields fieldForId(int fieldId) {
+    return _Fields.findByThriftId(fieldId);
+  }
+
+  public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+    schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+  }
+
+  public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+    schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+  }
+
+  @Override
+  public String toString() {
+    StringBuilder sb = new StringBuilder("TSentryPrivilegeMap(");
+    boolean first = true;
+
+    sb.append("privilegeMap:");
+    if (this.privilegeMap == null) {
+      sb.append("null");
+    } else {
+      sb.append(this.privilegeMap);
+    }
+    first = false;
+    sb.append(")");
+    return sb.toString();
+  }
+
+  public void validate() throws org.apache.thrift.TException {
+    // check for required fields
+    if (!isSetPrivilegeMap()) {
+      throw new org.apache.thrift.protocol.TProtocolException("Required field 'privilegeMap' is unset! Struct:" + toString());
+    }
+
+    // check for sub-struct validity
+  }
+
+  private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+    try {
+      write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+    } catch (org.apache.thrift.TException te) {
+      throw new java.io.IOException(te);
+    }
+  }
+
+  private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+    try {
+      read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+    } catch (org.apache.thrift.TException te) {
+      throw new java.io.IOException(te);
+    }
+  }
+
+  private static class TSentryPrivilegeMapStandardSchemeFactory implements SchemeFactory {
+    public TSentryPrivilegeMapStandardScheme getScheme() {
+      return new TSentryPrivilegeMapStandardScheme();
+    }
+  }
+
+  private static class TSentryPrivilegeMapStandardScheme extends StandardScheme<TSentryPrivilegeMap> {
+
+    public void read(org.apache.thrift.protocol.TProtocol iprot, TSentryPrivilegeMap struct) throws org.apache.thrift.TException {
+      org.apache.thrift.protocol.TField schemeField;
+      iprot.readStructBegin();
+      while (true)
+      {
+        schemeField = iprot.readFieldBegin();
+        if (schemeField.type == org.apache.thrift.protocol.TType.STOP) { 
+          break;
+        }
+        switch (schemeField.id) {
+          case 1: // PRIVILEGE_MAP
+            if (schemeField.type == org.apache.thrift.protocol.TType.MAP) {
+              {
+                org.apache.thrift.protocol.TMap _map64 = iprot.readMapBegin();
+                struct.privilegeMap = new HashMap<String,Set<TSentryPrivilege>>(2*_map64.size);
+                for (int _i65 = 0; _i65 < _map64.size; ++_i65)
+                {
+                  String _key66; // required
+                  Set<TSentryPrivilege> _val67; // required
+                  _key66 = iprot.readString();
+                  {
+                    org.apache.thrift.protocol.TSet _set68 = iprot.readSetBegin();
+                    _val67 = new HashSet<TSentryPrivilege>(2*_set68.size);
+                    for (int _i69 = 0; _i69 < _set68.size; ++_i69)
+                    {
+                      TSentryPrivilege _elem70; // required
+                      _elem70 = new TSentryPrivilege();
+                      _elem70.read(iprot);
+                      _val67.add(_elem70);
+                    }
+                    iprot.readSetEnd();
+                  }
+                  struct.privilegeMap.put(_key66, _val67);
+                }
+                iprot.readMapEnd();
+              }
+              struct.setPrivilegeMapIsSet(true);
+            } else { 
+              org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+            }
+            break;
+          default:
+            org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+        }
+        iprot.readFieldEnd();
+      }
+      iprot.readStructEnd();
+      struct.validate();
+    }
+
+    public void write(org.apache.thrift.protocol.TProtocol oprot, TSentryPrivilegeMap struct) throws org.apache.thrift.TException {
+      struct.validate();
+
+      oprot.writeStructBegin(STRUCT_DESC);
+      if (struct.privilegeMap != null) {
+        oprot.writeFieldBegin(PRIVILEGE_MAP_FIELD_DESC);
+        {
+          oprot.writeMapBegin(new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.SET, struct.privilegeMap.size()));
+          for (Map.Entry<String, Set<TSentryPrivilege>> _iter71 : struct.privilegeMap.entrySet())
+          {
+            oprot.writeString(_iter71.getKey());
+            {
+              oprot.writeSetBegin(new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRUCT, _iter71.getValue().size()));
+              for (TSentryPrivilege _iter72 : _iter71.getValue())
+              {
+                _iter72.write(oprot);
+              }
+              oprot.writeSetEnd();
+            }
+          }
+          oprot.writeMapEnd();
+        }
+        oprot.writeFieldEnd();
+      }
+      oprot.writeFieldStop();
+      oprot.writeStructEnd();
+    }
+
+  }
+
+  private static class TSentryPrivilegeMapTupleSchemeFactory implements SchemeFactory {
+    public TSentryPrivilegeMapTupleScheme getScheme() {
+      return new TSentryPrivilegeMapTupleScheme();
+    }
+  }
+
+  private static class TSentryPrivilegeMapTupleScheme extends TupleScheme<TSentryPrivilegeMap> {
+
+    @Override
+    public void write(org.apache.thrift.protocol.TProtocol prot, TSentryPrivilegeMap struct) throws org.apache.thrift.TException {
+      TTupleProtocol oprot = (TTupleProtocol) prot;
+      {
+        oprot.writeI32(struct.privilegeMap.size());
+        for (Map.Entry<String, Set<TSentryPrivilege>> _iter73 : struct.privilegeMap.entrySet())
+        {
+          oprot.writeString(_iter73.getKey());
+          {
+            oprot.writeI32(_iter73.getValue().size());
+            for (TSentryPrivilege _iter74 : _iter73.getValue())
+            {
+              _iter74.write(oprot);
+            }
+          }
+        }
+      }
+    }
+
+    @Override
+    public void read(org.apache.thrift.protocol.TProtocol prot, TSentryPrivilegeMap struct) throws org.apache.thrift.TException {
+      TTupleProtocol iprot = (TTupleProtocol) prot;
+      {
+        org.apache.thrift.protocol.TMap _map75 = new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.SET, iprot.readI32());
+        struct.privilegeMap = new HashMap<String,Set<TSentryPrivilege>>(2*_map75.size);
+        for (int _i76 = 0; _i76 < _map75.size; ++_i76)
+        {
+          String _key77; // required
+          Set<TSentryPrivilege> _val78; // required
+          _key77 = iprot.readString();
+          {
+            org.apache.thrift.protocol.TSet _set79 = new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRUCT, iprot.readI32());
+            _val78 = new HashSet<TSentryPrivilege>(2*_set79.size);
+            for (int _i80 = 0; _i80 < _set79.size; ++_i80)
+            {
+              TSentryPrivilege _elem81; // required
+              _elem81 = new TSentryPrivilege();
+              _elem81.read(iprot);
+              _val78.add(_elem81);
+            }
+          }
+          struct.privilegeMap.put(_key77, _val78);
+        }
+      }
+      struct.setPrivilegeMapIsSet(true);
+    }
+  }
+
+}
+

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fa5f81c7/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
index 869b8e3..1bf3faf 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
@@ -31,6 +31,7 @@ import java.util.Properties;
 import java.util.Set;
 import java.util.UUID;
 
+import javax.jdo.FetchGroup;
 import javax.jdo.JDODataStoreException;
 import javax.jdo.JDOHelper;
 import javax.jdo.PersistenceManager;
@@ -59,6 +60,7 @@ import org.apache.sentry.provider.db.service.thrift.TSentryAuthorizable;
 import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption;
 import org.apache.sentry.provider.db.service.thrift.TSentryGroup;
 import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
+import org.apache.sentry.provider.db.service.thrift.TSentryPrivilegeMap;
 import org.apache.sentry.provider.db.service.thrift.TSentryRole;
 import org.apache.sentry.service.thrift.ServiceConstants.PrivilegeScope;
 import org.apache.sentry.service.thrift.ServiceConstants.ServerConfig;
@@ -68,10 +70,9 @@ import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Joiner;
 import com.google.common.base.Preconditions;
 import com.google.common.base.Strings;
-import com.google.common.collect.HashMultimap;
 import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.Lists;
-import com.google.common.collect.SetMultimap;
+import com.google.common.collect.Maps;
 import com.google.common.collect.Sets;
 
 /**
@@ -281,7 +282,12 @@ public class SentryStore {
       // first do grant check
       grantOptionCheck(pm, grantorPrincipal, privilege);
 
-      alterSentryRoleGrantPrivilegeCore(pm, roleName, privilege);
+      MSentryPrivilege mPrivilege =
+          alterSentryRoleGrantPrivilegeCore(pm, roleName, privilege);
+      // capture the new privilege
+      if (mPrivilege != null) {
+        convertToTSentryPrivilege(mPrivilege, privilege);
+      }
       CommitContext commit = commitUpdateTransaction(pm);
       rollbackTransaction = false;
       return commit;
@@ -292,9 +298,10 @@ public class SentryStore {
     }
   }
 
-  private void alterSentryRoleGrantPrivilegeCore(PersistenceManager pm,
+  private MSentryPrivilege alterSentryRoleGrantPrivilegeCore(PersistenceManager pm,
       String roleName, TSentryPrivilege privilege)
       throws SentryNoSuchObjectException, SentryInvalidInputException {
+    MSentryPrivilege mPrivilege = null;
     MSentryRole mRole = getMSentryRole(pm, roleName);
     if (mRole == null) {
       throw new SentryNoSuchObjectException("Role: " + roleName);
@@ -324,12 +331,12 @@ public class SentryStore {
           tAll.setAction(AccessConstants.ALL);
           MSentryPrivilege mAll = getMSentryPrivilege(tAll, pm);
           if ((mAll != null) && (mRole.getPrivileges().contains(mAll))) {
-            return;
+            return null;
           }
         }
       }
 
-      MSentryPrivilege mPrivilege = getMSentryPrivilege(privilege, pm);
+      mPrivilege = getMSentryPrivilege(privilege, pm);
       if (mPrivilege == null) {
         mPrivilege = convertToMSentryPrivilege(privilege);
       }
@@ -337,7 +344,7 @@ public class SentryStore {
       pm.makePersistent(mRole);
       pm.makePersistent(mPrivilege);
     }
-    return;
+    return mPrivilege;
   }
 
   public CommitContext alterSentryRoleRevokePrivilege(String grantorPrincipal, String roleName,
@@ -754,6 +761,93 @@ public class SentryStore {
     }
   }
 
+  List<MSentryPrivilege> getMSentryPrivilegesByAuth(Set<String> roleNames, TSentryAuthorizable authHierarchy) {
+    boolean rollbackTransaction = true;
+    PersistenceManager pm = null;
+    try {
+      pm = openTransaction();
+      Query query = pm.newQuery(MSentryPrivilege.class);
+      StringBuilder filters = new StringBuilder();
+      if ((roleNames.size() == 0)||(roleNames == null)) {
+        filters.append(" !roles.isEmpty() ");
+      } else {
+        query.declareVariables("org.apache.sentry.provider.db.service.model.MSentryRole role");
+        List<String> rolesFiler = new LinkedList<String>();
+        for (String rName : roleNames) {
+          rolesFiler.add("role.roleName == \"" + rName.trim().toLowerCase() + "\"");
+        }
+        filters.append("roles.contains(role) "
+          + "&& (" + Joiner.on(" || ").join(rolesFiler) + ") ");
+      }
+      if ((authHierarchy.getServer() != null)) {
+        filters.append("&& serverName == \"" +
+            authHierarchy.getServer().toLowerCase() + "\"");
+        if (authHierarchy.getDb() != null) {
+          filters.append(" && (dbName == \"" +
+              authHierarchy.getDb().toLowerCase() + "\") && (URI == \"__NULL__\")");
+          if (authHierarchy.getTable() != null) {
+            filters.append(" && (tableName == \"" +
+                authHierarchy.getTable().toLowerCase() + "\")");
+          } else {
+            filters.append(" && (tableName == \"__NULL__\")");
+          }
+        } else if (authHierarchy.getUri() != null) {
+          filters.append(" && (URI != \"__NULL__\") && (\"" + authHierarchy.getUri() +
+              "\".startsWith(URI)) && (dbName == \"__NULL__\")");
+        } else {
+          filters.append(" && (dbName == \"__NULL__\") && (URI == \"__NULL__\")");
+        }
+      } else {
+        // if no server, then return empty resultset
+        return new ArrayList<MSentryPrivilege>();
+      }
+      FetchGroup grp = pm.getFetchGroup(
+          org.apache.sentry.provider.db.service.model.MSentryPrivilege.class,
+          "fetchRole");
+      grp.addMember("roles");
+      pm.getFetchPlan().addGroup("fetchRole");
+      query.setFilter(filters.toString());
+      List<MSentryPrivilege> privileges = (List<MSentryPrivilege>) query.execute();
+      rollbackTransaction = false;
+      commitTransaction(pm);
+      return privileges;
+    } finally {
+      if (rollbackTransaction) {
+        rollbackTransaction(pm);
+      }
+    }
+  }
+
+  public TSentryPrivilegeMap listSentryPrivilegesByAuthorizable(
+      Set<String> groups, TSentryActiveRoleSet activeRoles,
+      TSentryAuthorizable authHierarchy)
+      throws SentryInvalidInputException {
+    Map<String, Set<TSentryPrivilege>> resultPrivilegeMap = Maps.newTreeMap();
+    Set<String> roles = Sets.newHashSet();
+    if (groups != null && !groups.isEmpty()) {
+      roles = getRolesToQuery(groups, new TSentryActiveRoleSet(true, null));
+    }
+    if (activeRoles != null && !activeRoles.isAll()) {
+      roles.addAll(activeRoles.getRoles());
+    }
+
+    List<MSentryPrivilege> mSentryPrivileges = getMSentryPrivilegesByAuth(roles,
+        authHierarchy);
+    for (MSentryPrivilege priv : mSentryPrivileges) {
+      for (MSentryRole role : priv.getRoles()) {
+        TSentryPrivilege tPriv = convertToTSentryPrivilege(priv);
+        if (resultPrivilegeMap.containsKey(role.getRoleName())) {
+          resultPrivilegeMap.get(role.getRoleName()).add(tPriv);
+        } else {
+          Set<TSentryPrivilege> tPrivSet = Sets.newTreeSet();
+          tPrivSet.add(tPriv);
+          resultPrivilegeMap.put(role.getRoleName(), tPrivSet);
+        }
+      }
+    }
+    return new TSentryPrivilegeMap(resultPrivilegeMap);
+  }
+
   private Set<MSentryPrivilege> getMSentryPrivilegesByRoleName(String roleName)
       throws SentryNoSuchObjectException {
     MSentryRole mSentryRole = getMSentryRoleByName(roleName);
@@ -1017,6 +1111,12 @@ public class SentryStore {
 
   private TSentryPrivilege convertToTSentryPrivilege(MSentryPrivilege mSentryPrivilege) {
     TSentryPrivilege privilege = new TSentryPrivilege();
+    convertToTSentryPrivilege(mSentryPrivilege, privilege);
+    return privilege;
+  }
+
+  private void convertToTSentryPrivilege(MSentryPrivilege mSentryPrivilege,
+      TSentryPrivilege privilege) {
     privilege.setCreateTime(mSentryPrivilege.getCreateTime());
     privilege.setAction(fromNULLCol(mSentryPrivilege.getAction()));
     privilege.setPrivilegeScope(mSentryPrivilege.getPrivilegeScope());
@@ -1029,7 +1129,6 @@ public class SentryStore {
     } else {
       privilege.setGrantOption(TSentryGrantOption.UNSET);
     }
-    return privilege;
   }
 
   /**

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fa5f81c7/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
index 5d97dc1..0668912 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
@@ -53,6 +53,7 @@ import org.apache.thrift.transport.TTransportException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Preconditions;
 import com.google.common.collect.Lists;
 import com.google.common.collect.Sets;
@@ -276,17 +277,17 @@ public class SentryPolicyServiceClient {
     return listRolesByGroupName(requestorUserName, AccessConstants.ALL);
   }
 
-  public void grantURIPrivilege(String requestorUserName,
+  public TSentryPrivilege grantURIPrivilege(String requestorUserName,
       String roleName, String server, String uri)
   throws SentryUserException {
-    grantPrivilege(requestorUserName, roleName,
+    return grantPrivilege(requestorUserName, roleName,
         PrivilegeScope.URI, server, uri, null, null, AccessConstants.ALL);
   }
 
-  public void grantURIPrivilege(String requestorUserName,
+  public TSentryPrivilege grantURIPrivilege(String requestorUserName,
       String roleName, String server, String uri, Boolean grantOption)
   throws SentryUserException {
-    grantPrivilege(requestorUserName, roleName,
+    return grantPrivilege(requestorUserName, roleName,
         PrivilegeScope.URI, server, uri, null, null, AccessConstants.ALL, grantOption);
   }
 
@@ -297,43 +298,44 @@ public class SentryPolicyServiceClient {
         PrivilegeScope.SERVER, server, null, null, null, action);
   }
 
-  public void grantServerPrivilege(String requestorUserName,
+  public TSentryPrivilege grantServerPrivilege(String requestorUserName,
       String roleName, String server, String action, Boolean grantOption)
   throws SentryUserException {
-    grantPrivilege(requestorUserName, roleName,
+    return grantPrivilege(requestorUserName, roleName,
         PrivilegeScope.SERVER, server, null, null, null, action, grantOption);
   }
 
-  public void grantDatabasePrivilege(String requestorUserName,
+  public TSentryPrivilege grantDatabasePrivilege(String requestorUserName,
       String roleName, String server, String db, String action)
   throws SentryUserException {
-    grantPrivilege(requestorUserName, roleName,
+    return grantPrivilege(requestorUserName, roleName,
         PrivilegeScope.DATABASE, server, null, db, null, action);
   }
 
-  public void grantDatabasePrivilege(String requestorUserName,
+  public TSentryPrivilege grantDatabasePrivilege(String requestorUserName,
       String roleName, String server, String db, String action, Boolean grantOption)
   throws SentryUserException {
-    grantPrivilege(requestorUserName, roleName,
+    return grantPrivilege(requestorUserName, roleName,
         PrivilegeScope.DATABASE, server, null, db, null, action, grantOption);
   }
 
-  public void grantTablePrivilege(String requestorUserName,
+  public TSentryPrivilege grantTablePrivilege(String requestorUserName,
       String roleName, String server, String db, String table, String action)
   throws SentryUserException {
-    grantPrivilege(requestorUserName, roleName, PrivilegeScope.TABLE, server,
-        null,
-        db, table, action);
+    return grantPrivilege(requestorUserName, roleName, PrivilegeScope.TABLE,
+        server, null, db, table, action);
   }
 
-  public void grantTablePrivilege(String requestorUserName,
+  public TSentryPrivilege grantTablePrivilege(String requestorUserName,
       String roleName, String server, String db, String table, String action, Boolean grantOption)
   throws SentryUserException {
-    grantPrivilege(requestorUserName, roleName, PrivilegeScope.TABLE, server,
+    return grantPrivilege(requestorUserName, roleName, PrivilegeScope.TABLE,
+        server,
         null, db, table, action, grantOption);
   }
 
-  private TSentryAuthorizable setupSentryAuthorizable(
+  @VisibleForTesting
+  public static TSentryAuthorizable setupSentryAuthorizable(
       List<? extends Authorizable> authorizable) {
     TSentryAuthorizable tSentryAuthorizable = new TSentryAuthorizable();
 
@@ -355,14 +357,15 @@ public class SentryPolicyServiceClient {
     return tSentryAuthorizable;
   }
 
-  private void grantPrivilege(String requestorUserName, String roleName,
+  private TSentryPrivilege grantPrivilege(String requestorUserName,
+      String roleName,
       PrivilegeScope scope, String serverName, String uri, String db,
       String table, String action)  throws SentryUserException {
-    grantPrivilege(requestorUserName, roleName, scope, serverName, uri,
+    return grantPrivilege(requestorUserName, roleName, scope, serverName, uri,
     db, table, action, false);
   }
 
-  private void grantPrivilege(String requestorUserName,
+  private TSentryPrivilege grantPrivilege(String requestorUserName,
       String roleName, PrivilegeScope scope, String serverName, String uri, String db, String table, String action, Boolean grantOption)
   throws SentryUserException {
     TAlterSentryRoleGrantPrivilegeRequest request = new TAlterSentryRoleGrantPrivilegeRequest();
@@ -382,6 +385,7 @@ public class SentryPolicyServiceClient {
     try {
       TAlterSentryRoleGrantPrivilegeResponse response = client.alter_sentry_role_grant_privilege(request);
       Status.throwIfNotOk(response.getStatus());
+      return response.getPrivilege();
     } catch (TException e) {
       throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
     }
@@ -569,6 +573,33 @@ TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName,
     }
   }
 
+  public synchronized Map<TSentryAuthorizable, TSentryPrivilegeMap> listPrivilegsbyAuthorizable(
+      Set<List<? extends Authorizable>> authorizables, Set<String> groups, ActiveRoleSet roleSet)
+      throws SentryUserException {
+    Set<TSentryAuthorizable> authSet = Sets.newTreeSet();
+
+    for (List<? extends Authorizable> authorizableHierarchy : authorizables) {
+      authSet.add(setupSentryAuthorizable(authorizableHierarchy));
+    }
+    TListSentryPrivilegesByAuthRequest request = new TListSentryPrivilegesByAuthRequest(
+        ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, authSet);
+    if (groups != null) {
+      request.setGroups(groups);
+    }
+    if (roleSet != null) {
+      request.setRoleSet(new TSentryActiveRoleSet(roleSet.isAll(), roleSet.getRoles()));
+    }
+
+    try {
+      TListSentryPrivilegesByAuthResponse response = client
+          .list_sentry_privileges_by_authorizable(request);
+      Status.throwIfNotOk(response.getStatus());
+      return response.getPrivilegesMapByAuth();
+    } catch (TException e) {
+      throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
+    }
+  }
+
   public void close() {
     if (transport != null) {
       transport.close();

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fa5f81c7/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
index b05d71b..e3cdfc2 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
@@ -22,6 +22,7 @@ import java.lang.reflect.Constructor;
 import java.lang.reflect.InvocationTargetException;
 import java.util.HashSet;
 import java.util.List;
+import java.util.Map;
 import java.util.Set;
 
 import org.apache.hadoop.conf.Configuration;
@@ -49,6 +50,7 @@ import com.google.common.base.Preconditions;
 import com.google.common.base.Splitter;
 import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.Lists;
+import com.google.common.collect.Maps;
 import com.google.common.collect.Sets;
 
 @SuppressWarnings("unused")
@@ -180,6 +182,7 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface {
       CommitContext commitContext = sentryStore.alterSentryRoleGrantPrivilege(request.getRequestorUserName(),
           request.getRoleName(), request.getPrivilege());
       response.setStatus(Status.OK());
+      response.setPrivilege(request.getPrivilege());
       notificationHandlerInvoker.alter_sentry_role_grant_privilege(commitContext,
           request, response);
     } catch (SentryNoSuchObjectException e) {
@@ -529,4 +532,26 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface {
     return response;
   }
 
+  @Override
+  public TListSentryPrivilegesByAuthResponse list_sentry_privileges_by_authorizable(
+      TListSentryPrivilegesByAuthRequest request) throws TException {
+    TListSentryPrivilegesByAuthResponse response = new TListSentryPrivilegesByAuthResponse();
+    Map<TSentryAuthorizable, TSentryPrivilegeMap> authRoleMap = Maps.newHashMap();
+    try {
+      for (TSentryAuthorizable authorizable : request.getAuthorizableSet()) {
+        authRoleMap.put(authorizable, sentryStore
+            .listSentryPrivilegesByAuthorizable(request.getGroups(),
+                request.getRoleSet(), authorizable));
+      }
+      response.setPrivilegesMapByAuth(authRoleMap);
+      response.setStatus(Status.OK());
+    } catch (Exception e) {
+      String msg = "Unknown error for request: " + request + ", message: "
+          + e.getMessage();
+      LOGGER.error(msg, e);
+      response.setStatus(Status.RuntimeError(msg, e));
+    }
+    return response;
+  }
+
 }

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fa5f81c7/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift b/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift
index d215ffe..d8357aa 100644
--- a/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift
+++ b/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift
@@ -108,6 +108,7 @@ struct TAlterSentryRoleGrantPrivilegeRequest {
 }
 struct TAlterSentryRoleGrantPrivilegeResponse {
 1: required sentry_common_service.TSentryResponseStatus status
+2: optional TSentryPrivilege privilege
 }
 
 # REVOKE ... ON ... FROM ROLE ...
@@ -198,6 +199,22 @@ struct TListSentryPrivilegesForProviderResponse {
 2: required set<string> privileges
 }
 
+# List role:set<privileges> for the given authorizable
+# Optionally use the set of groups to filter the roles
+struct TSentryPrivilegeMap {
+1: required map<string, set<TSentryPrivilege>> privilegeMap
+}
+struct TListSentryPrivilegesByAuthRequest {
+1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1,
+2: required set<TSentryAuthorizable> authorizableSet,
+3: optional set<string> groups,
+4: optional TSentryActiveRoleSet roleSet
+}
+struct TListSentryPrivilegesByAuthResponse {
+1: required sentry_common_service.TSentryResponseStatus status,
+2: required map<TSentryAuthorizable, TSentryPrivilegeMap> privilegesMapByAuth
+}
+
 service SentryPolicyService
 {
   TCreateSentryRoleResponse create_sentry_role(1:TCreateSentryRoleRequest request)
@@ -219,4 +236,6 @@ service SentryPolicyService
  TDropPrivilegesResponse drop_sentry_privilege(1:TDropPrivilegesRequest request);
 
  TRenamePrivilegesResponse rename_sentry_privilege(1:TRenamePrivilegesRequest request);
+
+ TListSentryPrivilegesByAuthResponse list_sentry_privileges_by_authorizable(1:TListSentryPrivilegesByAuthRequest request);
 }

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/fa5f81c7/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
index 5244094..38cb39b 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
@@ -21,12 +21,23 @@ package org.apache.sentry.provider.db.service.thrift;
 import static junit.framework.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
 
+import java.util.List;
+import java.util.Map;
 import java.util.Set;
+import java.util.TreeMap;
 
+import org.apache.sentry.core.common.ActiveRoleSet;
+import org.apache.sentry.core.common.Authorizable;
 import org.apache.sentry.core.model.db.AccessConstants;
+import org.apache.sentry.core.model.db.AccessURI;
+import org.apache.sentry.core.model.db.Database;
+import org.apache.sentry.core.model.db.Server;
+import org.apache.sentry.core.model.db.Table;
 import org.apache.sentry.service.thrift.SentryServiceIntegrationBase;
 import org.junit.Test;
 
+import com.google.common.collect.Lists;
+import com.google.common.collect.Maps;
 import com.google.common.collect.Sets;
 
 
@@ -287,4 +298,216 @@ public class TestSentryServiceIntegration extends SentryServiceIntegrationBase {
     client.revokeTablePrivilege(requestorUserName, roleName, "server", "db1", "table1", "ALL", null);
     assertEquals(0, client.listAllPrivilegesByRoleName(requestorUserName, roleName).size());
   }
+
+  @Test
+  public void testListByAuthDB() throws Exception {
+    String requestorUserName = ADMIN_USER;
+    Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
+    String roleName1 = "role1";
+    String roleName2 = "role2";
+    Set<String> testRoleSet = Sets.newHashSet(roleName1, roleName2);
+    String group1 = "group1";
+    String group2 = "group2";
+    Set<String> testGroupSet = Sets.newHashSet(group1, group2);
+    String server = "server1";
+    String db = "testDB";
+    String db2 = "testDB2";
+    String tab = "testTab";
+    setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
+    writePolicyFile();
+
+    client.dropRoleIfExists(requestorUserName, roleName1);
+    client.createRole(requestorUserName, roleName1);
+    client.dropRoleIfExists(requestorUserName, roleName2);
+    client.createRole(requestorUserName, roleName2);
+
+    TSentryPrivilege role1db1 = client.grantDatabasePrivilege(
+        requestorUserName, roleName1, server, db, AccessConstants.SELECT);
+    client.grantTablePrivilege(requestorUserName, roleName1, server, db, tab,
+        AccessConstants.ALL);
+    client.grantTablePrivilege(requestorUserName, roleName1, server, db2, tab,
+        AccessConstants.SELECT);
+    client.grantURIPrivilege(requestorUserName, roleName1, server, "hdfs:///fooUri");
+    client.grantRoleToGroup(requestorUserName, group1, roleName1);
+
+    TSentryPrivilege role2db1 = client.grantDatabasePrivilege(
+        requestorUserName, roleName2, server, db,
+        AccessConstants.ALL);
+    client.grantDatabasePrivilege(requestorUserName, roleName2, server, db2,
+        AccessConstants.SELECT);
+    client.grantTablePrivilege(requestorUserName, roleName2, server, db2, tab,
+        AccessConstants.ALL);
+    client.grantRoleToGroup(requestorUserName, group2, roleName2);
+
+    // build expected output
+    TSentryPrivilegeMap db1RoleToPrivMap = new TSentryPrivilegeMap(
+        new TreeMap<String, Set<TSentryPrivilege>>());
+    db1RoleToPrivMap.getPrivilegeMap()
+        .put(roleName1, Sets.newHashSet(role1db1));
+    db1RoleToPrivMap.getPrivilegeMap()
+        .put(roleName2, Sets.newHashSet(role2db1));
+    Map<TSentryAuthorizable, TSentryPrivilegeMap> expectedResults = Maps
+        .newTreeMap();
+    List<? extends Authorizable> db1Authrizable = Lists.newArrayList(
+        new Server(server), new Database(db));
+    expectedResults.put(
+        SentryPolicyServiceClient.setupSentryAuthorizable(db1Authrizable),
+        db1RoleToPrivMap);
+
+    Set<List<? extends Authorizable>> authorizableSet = Sets.newHashSet();
+    authorizableSet.add(db1Authrizable);
+
+    // verify for null group and null roleset
+    Map<TSentryAuthorizable, TSentryPrivilegeMap> authPrivMap = client
+        .listPrivilegsbyAuthorizable(authorizableSet, null, null);
+    assertEquals(expectedResults, authPrivMap);
+
+    // verify for null group and specific roleset
+    authPrivMap = client.listPrivilegsbyAuthorizable(authorizableSet, null,
+        new ActiveRoleSet(testRoleSet));
+    assertEquals(expectedResults, authPrivMap);
+
+    // verify for null group and specific roleset
+    authPrivMap = client.listPrivilegsbyAuthorizable(authorizableSet, null,
+        ActiveRoleSet.ALL);
+    assertEquals(expectedResults, authPrivMap);
+
+    // verify for specific group and null roleset
+    authPrivMap = client.listPrivilegsbyAuthorizable(authorizableSet,
+        testGroupSet, null);
+    assertEquals(expectedResults, authPrivMap);
+
+    // verify for specific group and specific roleset
+    authPrivMap = client.listPrivilegsbyAuthorizable(authorizableSet,
+        testGroupSet, new ActiveRoleSet(testRoleSet));
+    assertEquals(expectedResults, authPrivMap);
+
+    // verify for specific group and ALL roleset
+    authPrivMap = client.listPrivilegsbyAuthorizable(authorizableSet,
+        testGroupSet, ActiveRoleSet.ALL);
+    assertEquals(expectedResults, authPrivMap);
+  }
+
+  @Test
+  public void testListByAuthTab() throws Exception {
+    String requestorUserName = ADMIN_USER;
+    Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
+    String roleName1 = "role1";
+    String roleName2 = "role2";
+    String server = "server1";
+    String db = "testDB";
+    String db2 = "testDB2";
+    String tab = "testTab";
+    setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
+    writePolicyFile();
+
+    client.dropRoleIfExists(requestorUserName, roleName1);
+    client.createRole(requestorUserName, roleName1);
+    client.dropRoleIfExists(requestorUserName, roleName2);
+    client.createRole(requestorUserName, roleName2);
+
+    client.grantDatabasePrivilege(
+        requestorUserName, roleName1, server, db, AccessConstants.SELECT);
+    client.grantTablePrivilege(requestorUserName, roleName1, server, db, tab,
+        AccessConstants.ALL);
+    TSentryPrivilege role1db2tab = client.grantTablePrivilege(
+        requestorUserName, roleName1, server, db2, tab,
+        AccessConstants.SELECT);
+
+    client.grantDatabasePrivilege(
+        requestorUserName, roleName2, server, db,
+        AccessConstants.ALL);
+    client.grantDatabasePrivilege(requestorUserName, roleName2, server, db2,
+        AccessConstants.SELECT);
+    TSentryPrivilege role2db2tab = client.grantTablePrivilege(
+        requestorUserName, roleName2, server, db2, tab,
+        AccessConstants.ALL);
+    client.grantURIPrivilege(requestorUserName, roleName1, server,
+        "hdfs:///fooUri");
+
+    // build expected output
+    TSentryPrivilegeMap db1RoleToPrivMap = new TSentryPrivilegeMap(
+        new TreeMap<String, Set<TSentryPrivilege>>());
+    db1RoleToPrivMap.getPrivilegeMap()
+.put(roleName1,
+        Sets.newHashSet(role1db2tab));
+    db1RoleToPrivMap.getPrivilegeMap()
+.put(roleName2,
+        Sets.newHashSet(role2db2tab));
+    Map<TSentryAuthorizable, TSentryPrivilegeMap> expectedResults = Maps
+        .newTreeMap();
+    List<? extends Authorizable> db2TabAuthrizable = Lists.newArrayList(
+        new Server(server), new Database(db2), new Table(tab));
+    expectedResults.put(
+        SentryPolicyServiceClient.setupSentryAuthorizable(db2TabAuthrizable),
+        db1RoleToPrivMap);
+
+    Set<List<? extends Authorizable>> authorizableSet = Sets.newHashSet();
+    authorizableSet.add(db2TabAuthrizable);
+    Map<TSentryAuthorizable, TSentryPrivilegeMap> authPrivMap = client
+        .listPrivilegsbyAuthorizable(authorizableSet, null, null);
+
+    assertEquals(expectedResults, authPrivMap);
+  }
+
+  @Test
+  public void testListByAuthUri() throws Exception {
+    String requestorUserName = ADMIN_USER;
+    Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
+    String roleName1 = "role1";
+    String roleName2 = "role2";
+    String server = "server1";
+    String db = "testDB";
+    String db2 = "testDB2";
+    String tab = "testTab";
+    String uri1 = "hdfs:///fooUri";
+    setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
+    writePolicyFile();
+
+    client.dropRoleIfExists(requestorUserName, roleName1);
+    client.createRole(requestorUserName, roleName1);
+    client.dropRoleIfExists(requestorUserName, roleName2);
+    client.createRole(requestorUserName, roleName2);
+
+    client.grantDatabasePrivilege(requestorUserName, roleName1, server, db,
+        AccessConstants.SELECT);
+    client.grantTablePrivilege(requestorUserName, roleName1, server, db, tab,
+        AccessConstants.ALL);
+    client.grantTablePrivilege(requestorUserName, roleName1, server, db2, tab,
+        AccessConstants.SELECT);
+    TSentryPrivilege role1uri1 = client.grantURIPrivilege(requestorUserName,
+        roleName1, server, uri1);
+
+    client.grantDatabasePrivilege(requestorUserName, roleName2, server, db,
+        AccessConstants.ALL);
+    client.grantDatabasePrivilege(requestorUserName, roleName2, server, db2,
+        AccessConstants.SELECT);
+    client.grantTablePrivilege(requestorUserName, roleName2, server, db2, tab,
+        AccessConstants.ALL);
+    TSentryPrivilege role2uri2 = client.grantURIPrivilege(requestorUserName,
+        roleName2, server, uri1);
+
+    // build expected output
+    TSentryPrivilegeMap db1RoleToPrivMap = new TSentryPrivilegeMap(
+        new TreeMap<String, Set<TSentryPrivilege>>());
+    db1RoleToPrivMap.getPrivilegeMap().put(roleName1,
+        Sets.newHashSet(role1uri1));
+    db1RoleToPrivMap.getPrivilegeMap().put(roleName2,
+        Sets.newHashSet(role2uri2));
+    Map<TSentryAuthorizable, TSentryPrivilegeMap> expectedResults = Maps
+        .newTreeMap();
+    List<? extends Authorizable> uri1Authrizable = Lists.newArrayList(
+        new Server(server), new AccessURI(uri1));
+    expectedResults.put(
+        SentryPolicyServiceClient.setupSentryAuthorizable(uri1Authrizable),
+        db1RoleToPrivMap);
+
+    Set<List<? extends Authorizable>> authorizableSet = Sets.newHashSet();
+    authorizableSet.add(uri1Authrizable);
+    Map<TSentryAuthorizable, TSentryPrivilegeMap> authPrivMap = client
+        .listPrivilegsbyAuthorizable(authorizableSet, null, null);
+
+    assertEquals(expectedResults, authPrivMap);
+  }
+
 }


Mime
View raw message