sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sra...@apache.org
Subject [1/2] incubator-sentry git commit: SENTRY-993: list_sentry_privileges_by_authorizable() gone in API v2 ( Hao Hao, Reviewed by: Colin Ma and Lenni Kuff)
Date Thu, 11 Feb 2016 00:06:03 GMT
Repository: incubator-sentry
Updated Branches:
  refs/heads/master 8a669304b -> 5c2597de0


http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/5c2597de/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/generic/service/thrift/TListSentryPrivilegesByAuthResponse.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/generic/service/thrift/TListSentryPrivilegesByAuthResponse.java b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/generic/service/thrift/TListSentryPrivilegesByAuthResponse.java
new file mode 100644
index 0000000..e1b8a78
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/generic/service/thrift/TListSentryPrivilegesByAuthResponse.java
@@ -0,0 +1,565 @@
+/**
+ * Autogenerated by Thrift Compiler (0.9.0)
+ *
+ * DO NOT EDIT UNLESS YOU ARE SURE THAT YOU KNOW WHAT YOU ARE DOING
+ *  @generated
+ */
+package org.apache.sentry.provider.db.generic.service.thrift;
+
+import org.apache.commons.lang.builder.HashCodeBuilder;
+import org.apache.thrift.scheme.IScheme;
+import org.apache.thrift.scheme.SchemeFactory;
+import org.apache.thrift.scheme.StandardScheme;
+
+import org.apache.thrift.scheme.TupleScheme;
+import org.apache.thrift.protocol.TTupleProtocol;
+import org.apache.thrift.protocol.TProtocolException;
+import org.apache.thrift.EncodingUtils;
+import org.apache.thrift.TException;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.EnumMap;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.EnumSet;
+import java.util.Collections;
+import java.util.BitSet;
+import java.nio.ByteBuffer;
+import java.util.Arrays;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class TListSentryPrivilegesByAuthResponse implements org.apache.thrift.TBase<TListSentryPrivilegesByAuthResponse, TListSentryPrivilegesByAuthResponse._Fields>, java.io.Serializable, Cloneable {
+  private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("TListSentryPrivilegesByAuthResponse");
+
+  private static final org.apache.thrift.protocol.TField STATUS_FIELD_DESC = new org.apache.thrift.protocol.TField("status", org.apache.thrift.protocol.TType.STRUCT, (short)1);
+  private static final org.apache.thrift.protocol.TField PRIVILEGES_MAP_BY_AUTH_FIELD_DESC = new org.apache.thrift.protocol.TField("privilegesMapByAuth", org.apache.thrift.protocol.TType.MAP, (short)2);
+
+  private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+  static {
+    schemes.put(StandardScheme.class, new TListSentryPrivilegesByAuthResponseStandardSchemeFactory());
+    schemes.put(TupleScheme.class, new TListSentryPrivilegesByAuthResponseTupleSchemeFactory());
+  }
+
+  private org.apache.sentry.service.thrift.TSentryResponseStatus status; // required
+  private Map<String,TSentryPrivilegeMap> privilegesMapByAuth; // optional
+
+  /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+  public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+    STATUS((short)1, "status"),
+    PRIVILEGES_MAP_BY_AUTH((short)2, "privilegesMapByAuth");
+
+    private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+    static {
+      for (_Fields field : EnumSet.allOf(_Fields.class)) {
+        byName.put(field.getFieldName(), field);
+      }
+    }
+
+    /**
+     * Find the _Fields constant that matches fieldId, or null if its not found.
+     */
+    public static _Fields findByThriftId(int fieldId) {
+      switch(fieldId) {
+        case 1: // STATUS
+          return STATUS;
+        case 2: // PRIVILEGES_MAP_BY_AUTH
+          return PRIVILEGES_MAP_BY_AUTH;
+        default:
+          return null;
+      }
+    }
+
+    /**
+     * Find the _Fields constant that matches fieldId, throwing an exception
+     * if it is not found.
+     */
+    public static _Fields findByThriftIdOrThrow(int fieldId) {
+      _Fields fields = findByThriftId(fieldId);
+      if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+      return fields;
+    }
+
+    /**
+     * Find the _Fields constant that matches name, or null if its not found.
+     */
+    public static _Fields findByName(String name) {
+      return byName.get(name);
+    }
+
+    private final short _thriftId;
+    private final String _fieldName;
+
+    _Fields(short thriftId, String fieldName) {
+      _thriftId = thriftId;
+      _fieldName = fieldName;
+    }
+
+    public short getThriftFieldId() {
+      return _thriftId;
+    }
+
+    public String getFieldName() {
+      return _fieldName;
+    }
+  }
+
+  // isset id assignments
+  private _Fields optionals[] = {_Fields.PRIVILEGES_MAP_BY_AUTH};
+  public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+  static {
+    Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+    tmpMap.put(_Fields.STATUS, new org.apache.thrift.meta_data.FieldMetaData("status", org.apache.thrift.TFieldRequirementType.REQUIRED,
+        new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, org.apache.sentry.service.thrift.TSentryResponseStatus.class)));
+    tmpMap.put(_Fields.PRIVILEGES_MAP_BY_AUTH, new org.apache.thrift.meta_data.FieldMetaData("privilegesMapByAuth", org.apache.thrift.TFieldRequirementType.OPTIONAL,
+        new org.apache.thrift.meta_data.MapMetaData(org.apache.thrift.protocol.TType.MAP,
+            new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING),
+            new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, TSentryPrivilegeMap.class))));
+    metaDataMap = Collections.unmodifiableMap(tmpMap);
+    org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(TListSentryPrivilegesByAuthResponse.class, metaDataMap);
+  }
+
+  public TListSentryPrivilegesByAuthResponse() {
+  }
+
+  public TListSentryPrivilegesByAuthResponse(
+    org.apache.sentry.service.thrift.TSentryResponseStatus status)
+  {
+    this();
+    this.status = status;
+  }
+
+  /**
+   * Performs a deep copy on <i>other</i>.
+   */
+  public TListSentryPrivilegesByAuthResponse(TListSentryPrivilegesByAuthResponse other) {
+    if (other.isSetStatus()) {
+      this.status = new org.apache.sentry.service.thrift.TSentryResponseStatus(other.status);
+    }
+    if (other.isSetPrivilegesMapByAuth()) {
+      Map<String,TSentryPrivilegeMap> __this__privilegesMapByAuth = new HashMap<String,TSentryPrivilegeMap>();
+      for (Map.Entry<String, TSentryPrivilegeMap> other_element : other.privilegesMapByAuth.entrySet()) {
+
+        String other_element_key = other_element.getKey();
+        TSentryPrivilegeMap other_element_value = other_element.getValue();
+
+        String __this__privilegesMapByAuth_copy_key = other_element_key;
+
+        TSentryPrivilegeMap __this__privilegesMapByAuth_copy_value = new TSentryPrivilegeMap(other_element_value);
+
+        __this__privilegesMapByAuth.put(__this__privilegesMapByAuth_copy_key, __this__privilegesMapByAuth_copy_value);
+      }
+      this.privilegesMapByAuth = __this__privilegesMapByAuth;
+    }
+  }
+
+  public TListSentryPrivilegesByAuthResponse deepCopy() {
+    return new TListSentryPrivilegesByAuthResponse(this);
+  }
+
+  @Override
+  public void clear() {
+    this.status = null;
+    this.privilegesMapByAuth = null;
+  }
+
+  public org.apache.sentry.service.thrift.TSentryResponseStatus getStatus() {
+    return this.status;
+  }
+
+  public void setStatus(org.apache.sentry.service.thrift.TSentryResponseStatus status) {
+    this.status = status;
+  }
+
+  public void unsetStatus() {
+    this.status = null;
+  }
+
+  /** Returns true if field status is set (has been assigned a value) and false otherwise */
+  public boolean isSetStatus() {
+    return this.status != null;
+  }
+
+  public void setStatusIsSet(boolean value) {
+    if (!value) {
+      this.status = null;
+    }
+  }
+
+  public int getPrivilegesMapByAuthSize() {
+    return (this.privilegesMapByAuth == null) ? 0 : this.privilegesMapByAuth.size();
+  }
+
+  public void putToPrivilegesMapByAuth(String key, TSentryPrivilegeMap val) {
+    if (this.privilegesMapByAuth == null) {
+      this.privilegesMapByAuth = new HashMap<String,TSentryPrivilegeMap>();
+    }
+    this.privilegesMapByAuth.put(key, val);
+  }
+
+  public Map<String,TSentryPrivilegeMap> getPrivilegesMapByAuth() {
+    return this.privilegesMapByAuth;
+  }
+
+  public void setPrivilegesMapByAuth(Map<String,TSentryPrivilegeMap> privilegesMapByAuth) {
+    this.privilegesMapByAuth = privilegesMapByAuth;
+  }
+
+  public void unsetPrivilegesMapByAuth() {
+    this.privilegesMapByAuth = null;
+  }
+
+  /** Returns true if field privilegesMapByAuth is set (has been assigned a value) and false otherwise */
+  public boolean isSetPrivilegesMapByAuth() {
+    return this.privilegesMapByAuth != null;
+  }
+
+  public void setPrivilegesMapByAuthIsSet(boolean value) {
+    if (!value) {
+      this.privilegesMapByAuth = null;
+    }
+  }
+
+  public void setFieldValue(_Fields field, Object value) {
+    switch (field) {
+    case STATUS:
+      if (value == null) {
+        unsetStatus();
+      } else {
+        setStatus((org.apache.sentry.service.thrift.TSentryResponseStatus)value);
+      }
+      break;
+
+    case PRIVILEGES_MAP_BY_AUTH:
+      if (value == null) {
+        unsetPrivilegesMapByAuth();
+      } else {
+        setPrivilegesMapByAuth((Map<String,TSentryPrivilegeMap>)value);
+      }
+      break;
+
+    }
+  }
+
+  public Object getFieldValue(_Fields field) {
+    switch (field) {
+    case STATUS:
+      return getStatus();
+
+    case PRIVILEGES_MAP_BY_AUTH:
+      return getPrivilegesMapByAuth();
+
+    }
+    throw new IllegalStateException();
+  }
+
+  /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+  public boolean isSet(_Fields field) {
+    if (field == null) {
+      throw new IllegalArgumentException();
+    }
+
+    switch (field) {
+    case STATUS:
+      return isSetStatus();
+    case PRIVILEGES_MAP_BY_AUTH:
+      return isSetPrivilegesMapByAuth();
+    }
+    throw new IllegalStateException();
+  }
+
+  @Override
+  public boolean equals(Object that) {
+    if (that == null)
+      return false;
+    if (that instanceof TListSentryPrivilegesByAuthResponse)
+      return this.equals((TListSentryPrivilegesByAuthResponse)that);
+    return false;
+  }
+
+  public boolean equals(TListSentryPrivilegesByAuthResponse that) {
+    if (that == null)
+      return false;
+
+    boolean this_present_status = true && this.isSetStatus();
+    boolean that_present_status = true && that.isSetStatus();
+    if (this_present_status || that_present_status) {
+      if (!(this_present_status && that_present_status))
+        return false;
+      if (!this.status.equals(that.status))
+        return false;
+    }
+
+    boolean this_present_privilegesMapByAuth = true && this.isSetPrivilegesMapByAuth();
+    boolean that_present_privilegesMapByAuth = true && that.isSetPrivilegesMapByAuth();
+    if (this_present_privilegesMapByAuth || that_present_privilegesMapByAuth) {
+      if (!(this_present_privilegesMapByAuth && that_present_privilegesMapByAuth))
+        return false;
+      if (!this.privilegesMapByAuth.equals(that.privilegesMapByAuth))
+        return false;
+    }
+
+    return true;
+  }
+
+  @Override
+  public int hashCode() {
+    HashCodeBuilder builder = new HashCodeBuilder();
+
+    boolean present_status = true && (isSetStatus());
+    builder.append(present_status);
+    if (present_status)
+      builder.append(status);
+
+    boolean present_privilegesMapByAuth = true && (isSetPrivilegesMapByAuth());
+    builder.append(present_privilegesMapByAuth);
+    if (present_privilegesMapByAuth)
+      builder.append(privilegesMapByAuth);
+
+    return builder.toHashCode();
+  }
+
+  public int compareTo(TListSentryPrivilegesByAuthResponse other) {
+    if (!getClass().equals(other.getClass())) {
+      return getClass().getName().compareTo(other.getClass().getName());
+    }
+
+    int lastComparison = 0;
+    TListSentryPrivilegesByAuthResponse typedOther = (TListSentryPrivilegesByAuthResponse)other;
+
+    lastComparison = Boolean.valueOf(isSetStatus()).compareTo(typedOther.isSetStatus());
+    if (lastComparison != 0) {
+      return lastComparison;
+    }
+    if (isSetStatus()) {
+      lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.status, typedOther.status);
+      if (lastComparison != 0) {
+        return lastComparison;
+      }
+    }
+    lastComparison = Boolean.valueOf(isSetPrivilegesMapByAuth()).compareTo(typedOther.isSetPrivilegesMapByAuth());
+    if (lastComparison != 0) {
+      return lastComparison;
+    }
+    if (isSetPrivilegesMapByAuth()) {
+      lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.privilegesMapByAuth, typedOther.privilegesMapByAuth);
+      if (lastComparison != 0) {
+        return lastComparison;
+      }
+    }
+    return 0;
+  }
+
+  public _Fields fieldForId(int fieldId) {
+    return _Fields.findByThriftId(fieldId);
+  }
+
+  public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+    schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+  }
+
+  public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+    schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+  }
+
+  @Override
+  public String toString() {
+    StringBuilder sb = new StringBuilder("TListSentryPrivilegesByAuthResponse(");
+    boolean first = true;
+
+    sb.append("status:");
+    if (this.status == null) {
+      sb.append("null");
+    } else {
+      sb.append(this.status);
+    }
+    first = false;
+    if (isSetPrivilegesMapByAuth()) {
+      if (!first) sb.append(", ");
+      sb.append("privilegesMapByAuth:");
+      if (this.privilegesMapByAuth == null) {
+        sb.append("null");
+      } else {
+        sb.append(this.privilegesMapByAuth);
+      }
+      first = false;
+    }
+    sb.append(")");
+    return sb.toString();
+  }
+
+  public void validate() throws org.apache.thrift.TException {
+    // check for required fields
+    if (!isSetStatus()) {
+      throw new org.apache.thrift.protocol.TProtocolException("Required field 'status' is unset! Struct:" + toString());
+    }
+
+    // check for sub-struct validity
+    if (status != null) {
+      status.validate();
+    }
+  }
+
+  private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+    try {
+      write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+    } catch (org.apache.thrift.TException te) {
+      throw new java.io.IOException(te);
+    }
+  }
+
+  private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+    try {
+      read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+    } catch (org.apache.thrift.TException te) {
+      throw new java.io.IOException(te);
+    }
+  }
+
+  private static class TListSentryPrivilegesByAuthResponseStandardSchemeFactory implements SchemeFactory {
+    public TListSentryPrivilegesByAuthResponseStandardScheme getScheme() {
+      return new TListSentryPrivilegesByAuthResponseStandardScheme();
+    }
+  }
+
+  private static class TListSentryPrivilegesByAuthResponseStandardScheme extends StandardScheme<TListSentryPrivilegesByAuthResponse> {
+
+    public void read(org.apache.thrift.protocol.TProtocol iprot, TListSentryPrivilegesByAuthResponse struct) throws org.apache.thrift.TException {
+      org.apache.thrift.protocol.TField schemeField;
+      iprot.readStructBegin();
+      while (true)
+      {
+        schemeField = iprot.readFieldBegin();
+        if (schemeField.type == org.apache.thrift.protocol.TType.STOP) {
+          break;
+        }
+        switch (schemeField.id) {
+          case 1: // STATUS
+            if (schemeField.type == org.apache.thrift.protocol.TType.STRUCT) {
+              struct.status = new org.apache.sentry.service.thrift.TSentryResponseStatus();
+              struct.status.read(iprot);
+              struct.setStatusIsSet(true);
+            } else {
+              org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+            }
+            break;
+          case 2: // PRIVILEGES_MAP_BY_AUTH
+            if (schemeField.type == org.apache.thrift.protocol.TType.MAP) {
+              {
+                org.apache.thrift.protocol.TMap _map138 = iprot.readMapBegin();
+                struct.privilegesMapByAuth = new HashMap<String,TSentryPrivilegeMap>(2*_map138.size);
+                for (int _i139 = 0; _i139 < _map138.size; ++_i139)
+                {
+                  String _key140; // required
+                  TSentryPrivilegeMap _val141; // required
+                  _key140 = iprot.readString();
+                  _val141 = new TSentryPrivilegeMap();
+                  _val141.read(iprot);
+                  struct.privilegesMapByAuth.put(_key140, _val141);
+                }
+                iprot.readMapEnd();
+              }
+              struct.setPrivilegesMapByAuthIsSet(true);
+            } else {
+              org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+            }
+            break;
+          default:
+            org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+        }
+        iprot.readFieldEnd();
+      }
+      iprot.readStructEnd();
+      struct.validate();
+    }
+
+    public void write(org.apache.thrift.protocol.TProtocol oprot, TListSentryPrivilegesByAuthResponse struct) throws org.apache.thrift.TException {
+      struct.validate();
+
+      oprot.writeStructBegin(STRUCT_DESC);
+      if (struct.status != null) {
+        oprot.writeFieldBegin(STATUS_FIELD_DESC);
+        struct.status.write(oprot);
+        oprot.writeFieldEnd();
+      }
+      if (struct.privilegesMapByAuth != null) {
+        if (struct.isSetPrivilegesMapByAuth()) {
+          oprot.writeFieldBegin(PRIVILEGES_MAP_BY_AUTH_FIELD_DESC);
+          {
+            oprot.writeMapBegin(new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.STRUCT, struct.privilegesMapByAuth.size()));
+            for (Map.Entry<String, TSentryPrivilegeMap> _iter142 : struct.privilegesMapByAuth.entrySet())
+            {
+              oprot.writeString(_iter142.getKey());
+              _iter142.getValue().write(oprot);
+            }
+            oprot.writeMapEnd();
+          }
+          oprot.writeFieldEnd();
+        }
+      }
+      oprot.writeFieldStop();
+      oprot.writeStructEnd();
+    }
+
+  }
+
+  private static class TListSentryPrivilegesByAuthResponseTupleSchemeFactory implements SchemeFactory {
+    public TListSentryPrivilegesByAuthResponseTupleScheme getScheme() {
+      return new TListSentryPrivilegesByAuthResponseTupleScheme();
+    }
+  }
+
+  private static class TListSentryPrivilegesByAuthResponseTupleScheme extends TupleScheme<TListSentryPrivilegesByAuthResponse> {
+
+    @Override
+    public void write(org.apache.thrift.protocol.TProtocol prot, TListSentryPrivilegesByAuthResponse struct) throws org.apache.thrift.TException {
+      TTupleProtocol oprot = (TTupleProtocol) prot;
+      struct.status.write(oprot);
+      BitSet optionals = new BitSet();
+      if (struct.isSetPrivilegesMapByAuth()) {
+        optionals.set(0);
+      }
+      oprot.writeBitSet(optionals, 1);
+      if (struct.isSetPrivilegesMapByAuth()) {
+        {
+          oprot.writeI32(struct.privilegesMapByAuth.size());
+          for (Map.Entry<String, TSentryPrivilegeMap> _iter143 : struct.privilegesMapByAuth.entrySet())
+          {
+            oprot.writeString(_iter143.getKey());
+            _iter143.getValue().write(oprot);
+          }
+        }
+      }
+    }
+
+    @Override
+    public void read(org.apache.thrift.protocol.TProtocol prot, TListSentryPrivilegesByAuthResponse struct) throws org.apache.thrift.TException {
+      TTupleProtocol iprot = (TTupleProtocol) prot;
+      struct.status = new org.apache.sentry.service.thrift.TSentryResponseStatus();
+      struct.status.read(iprot);
+      struct.setStatusIsSet(true);
+      BitSet incoming = iprot.readBitSet(1);
+      if (incoming.get(0)) {
+        {
+          org.apache.thrift.protocol.TMap _map144 = new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.STRUCT, iprot.readI32());
+          struct.privilegesMapByAuth = new HashMap<String,TSentryPrivilegeMap>(2*_map144.size);
+          for (int _i145 = 0; _i145 < _map144.size; ++_i145)
+          {
+            String _key146; // required
+            TSentryPrivilegeMap _val147; // required
+            _key146 = iprot.readString();
+            _val147 = new TSentryPrivilegeMap();
+            _val147.read(iprot);
+            struct.privilegesMapByAuth.put(_key146, _val147);
+          }
+        }
+        struct.setPrivilegesMapByAuthIsSet(true);
+      }
+    }
+  }
+
+}
+

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/5c2597de/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/generic/service/thrift/TSentryPrivilegeMap.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/generic/service/thrift/TSentryPrivilegeMap.java b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/generic/service/thrift/TSentryPrivilegeMap.java
new file mode 100644
index 0000000..97b96ef
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/generic/service/thrift/TSentryPrivilegeMap.java
@@ -0,0 +1,486 @@
+/**
+ * Autogenerated by Thrift Compiler (0.9.0)
+ *
+ * DO NOT EDIT UNLESS YOU ARE SURE THAT YOU KNOW WHAT YOU ARE DOING
+ *  @generated
+ */
+package org.apache.sentry.provider.db.generic.service.thrift;
+
+import org.apache.commons.lang.builder.HashCodeBuilder;
+import org.apache.thrift.scheme.IScheme;
+import org.apache.thrift.scheme.SchemeFactory;
+import org.apache.thrift.scheme.StandardScheme;
+
+import org.apache.thrift.scheme.TupleScheme;
+import org.apache.thrift.protocol.TTupleProtocol;
+import org.apache.thrift.protocol.TProtocolException;
+import org.apache.thrift.EncodingUtils;
+import org.apache.thrift.TException;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.EnumMap;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.EnumSet;
+import java.util.Collections;
+import java.util.BitSet;
+import java.nio.ByteBuffer;
+import java.util.Arrays;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class TSentryPrivilegeMap implements org.apache.thrift.TBase<TSentryPrivilegeMap, TSentryPrivilegeMap._Fields>, java.io.Serializable, Cloneable {
+  private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("TSentryPrivilegeMap");
+
+  private static final org.apache.thrift.protocol.TField PRIVILEGE_MAP_FIELD_DESC = new org.apache.thrift.protocol.TField("privilegeMap", org.apache.thrift.protocol.TType.MAP, (short)1);
+
+  private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+  static {
+    schemes.put(StandardScheme.class, new TSentryPrivilegeMapStandardSchemeFactory());
+    schemes.put(TupleScheme.class, new TSentryPrivilegeMapTupleSchemeFactory());
+  }
+
+  private Map<String,Set<TSentryPrivilege>> privilegeMap; // required
+
+  /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+  public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+    PRIVILEGE_MAP((short)1, "privilegeMap");
+
+    private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+    static {
+      for (_Fields field : EnumSet.allOf(_Fields.class)) {
+        byName.put(field.getFieldName(), field);
+      }
+    }
+
+    /**
+     * Find the _Fields constant that matches fieldId, or null if its not found.
+     */
+    public static _Fields findByThriftId(int fieldId) {
+      switch(fieldId) {
+        case 1: // PRIVILEGE_MAP
+          return PRIVILEGE_MAP;
+        default:
+          return null;
+      }
+    }
+
+    /**
+     * Find the _Fields constant that matches fieldId, throwing an exception
+     * if it is not found.
+     */
+    public static _Fields findByThriftIdOrThrow(int fieldId) {
+      _Fields fields = findByThriftId(fieldId);
+      if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+      return fields;
+    }
+
+    /**
+     * Find the _Fields constant that matches name, or null if its not found.
+     */
+    public static _Fields findByName(String name) {
+      return byName.get(name);
+    }
+
+    private final short _thriftId;
+    private final String _fieldName;
+
+    _Fields(short thriftId, String fieldName) {
+      _thriftId = thriftId;
+      _fieldName = fieldName;
+    }
+
+    public short getThriftFieldId() {
+      return _thriftId;
+    }
+
+    public String getFieldName() {
+      return _fieldName;
+    }
+  }
+
+  // isset id assignments
+  public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+  static {
+    Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+    tmpMap.put(_Fields.PRIVILEGE_MAP, new org.apache.thrift.meta_data.FieldMetaData("privilegeMap", org.apache.thrift.TFieldRequirementType.REQUIRED,
+        new org.apache.thrift.meta_data.MapMetaData(org.apache.thrift.protocol.TType.MAP,
+            new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING),
+            new org.apache.thrift.meta_data.SetMetaData(org.apache.thrift.protocol.TType.SET,
+                new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, TSentryPrivilege.class)))));
+    metaDataMap = Collections.unmodifiableMap(tmpMap);
+    org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(TSentryPrivilegeMap.class, metaDataMap);
+  }
+
+  public TSentryPrivilegeMap() {
+  }
+
+  public TSentryPrivilegeMap(
+    Map<String,Set<TSentryPrivilege>> privilegeMap)
+  {
+    this();
+    this.privilegeMap = privilegeMap;
+  }
+
+  /**
+   * Performs a deep copy on <i>other</i>.
+   */
+  public TSentryPrivilegeMap(TSentryPrivilegeMap other) {
+    if (other.isSetPrivilegeMap()) {
+      Map<String,Set<TSentryPrivilege>> __this__privilegeMap = new HashMap<String,Set<TSentryPrivilege>>();
+      for (Map.Entry<String, Set<TSentryPrivilege>> other_element : other.privilegeMap.entrySet()) {
+
+        String other_element_key = other_element.getKey();
+        Set<TSentryPrivilege> other_element_value = other_element.getValue();
+
+        String __this__privilegeMap_copy_key = other_element_key;
+
+        Set<TSentryPrivilege> __this__privilegeMap_copy_value = new HashSet<TSentryPrivilege>();
+        for (TSentryPrivilege other_element_value_element : other_element_value) {
+          __this__privilegeMap_copy_value.add(new TSentryPrivilege(other_element_value_element));
+        }
+
+        __this__privilegeMap.put(__this__privilegeMap_copy_key, __this__privilegeMap_copy_value);
+      }
+      this.privilegeMap = __this__privilegeMap;
+    }
+  }
+
+  public TSentryPrivilegeMap deepCopy() {
+    return new TSentryPrivilegeMap(this);
+  }
+
+  @Override
+  public void clear() {
+    this.privilegeMap = null;
+  }
+
+  public int getPrivilegeMapSize() {
+    return (this.privilegeMap == null) ? 0 : this.privilegeMap.size();
+  }
+
+  public void putToPrivilegeMap(String key, Set<TSentryPrivilege> val) {
+    if (this.privilegeMap == null) {
+      this.privilegeMap = new HashMap<String,Set<TSentryPrivilege>>();
+    }
+    this.privilegeMap.put(key, val);
+  }
+
+  public Map<String,Set<TSentryPrivilege>> getPrivilegeMap() {
+    return this.privilegeMap;
+  }
+
+  public void setPrivilegeMap(Map<String,Set<TSentryPrivilege>> privilegeMap) {
+    this.privilegeMap = privilegeMap;
+  }
+
+  public void unsetPrivilegeMap() {
+    this.privilegeMap = null;
+  }
+
+  /** Returns true if field privilegeMap is set (has been assigned a value) and false otherwise */
+  public boolean isSetPrivilegeMap() {
+    return this.privilegeMap != null;
+  }
+
+  public void setPrivilegeMapIsSet(boolean value) {
+    if (!value) {
+      this.privilegeMap = null;
+    }
+  }
+
+  public void setFieldValue(_Fields field, Object value) {
+    switch (field) {
+    case PRIVILEGE_MAP:
+      if (value == null) {
+        unsetPrivilegeMap();
+      } else {
+        setPrivilegeMap((Map<String,Set<TSentryPrivilege>>)value);
+      }
+      break;
+
+    }
+  }
+
+  public Object getFieldValue(_Fields field) {
+    switch (field) {
+    case PRIVILEGE_MAP:
+      return getPrivilegeMap();
+
+    }
+    throw new IllegalStateException();
+  }
+
+  /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+  public boolean isSet(_Fields field) {
+    if (field == null) {
+      throw new IllegalArgumentException();
+    }
+
+    switch (field) {
+    case PRIVILEGE_MAP:
+      return isSetPrivilegeMap();
+    }
+    throw new IllegalStateException();
+  }
+
+  @Override
+  public boolean equals(Object that) {
+    if (that == null)
+      return false;
+    if (that instanceof TSentryPrivilegeMap)
+      return this.equals((TSentryPrivilegeMap)that);
+    return false;
+  }
+
+  public boolean equals(TSentryPrivilegeMap that) {
+    if (that == null)
+      return false;
+
+    boolean this_present_privilegeMap = true && this.isSetPrivilegeMap();
+    boolean that_present_privilegeMap = true && that.isSetPrivilegeMap();
+    if (this_present_privilegeMap || that_present_privilegeMap) {
+      if (!(this_present_privilegeMap && that_present_privilegeMap))
+        return false;
+      if (!this.privilegeMap.equals(that.privilegeMap))
+        return false;
+    }
+
+    return true;
+  }
+
+  @Override
+  public int hashCode() {
+    HashCodeBuilder builder = new HashCodeBuilder();
+
+    boolean present_privilegeMap = true && (isSetPrivilegeMap());
+    builder.append(present_privilegeMap);
+    if (present_privilegeMap)
+      builder.append(privilegeMap);
+
+    return builder.toHashCode();
+  }
+
+  public int compareTo(TSentryPrivilegeMap other) {
+    if (!getClass().equals(other.getClass())) {
+      return getClass().getName().compareTo(other.getClass().getName());
+    }
+
+    int lastComparison = 0;
+    TSentryPrivilegeMap typedOther = (TSentryPrivilegeMap)other;
+
+    lastComparison = Boolean.valueOf(isSetPrivilegeMap()).compareTo(typedOther.isSetPrivilegeMap());
+    if (lastComparison != 0) {
+      return lastComparison;
+    }
+    if (isSetPrivilegeMap()) {
+      lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.privilegeMap, typedOther.privilegeMap);
+      if (lastComparison != 0) {
+        return lastComparison;
+      }
+    }
+    return 0;
+  }
+
+  public _Fields fieldForId(int fieldId) {
+    return _Fields.findByThriftId(fieldId);
+  }
+
+  public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+    schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+  }
+
+  public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+    schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+  }
+
+  @Override
+  public String toString() {
+    StringBuilder sb = new StringBuilder("TSentryPrivilegeMap(");
+    boolean first = true;
+
+    sb.append("privilegeMap:");
+    if (this.privilegeMap == null) {
+      sb.append("null");
+    } else {
+      sb.append(this.privilegeMap);
+    }
+    first = false;
+    sb.append(")");
+    return sb.toString();
+  }
+
+  public void validate() throws org.apache.thrift.TException {
+    // check for required fields
+    if (!isSetPrivilegeMap()) {
+      throw new org.apache.thrift.protocol.TProtocolException("Required field 'privilegeMap' is unset! Struct:" + toString());
+    }
+
+    // check for sub-struct validity
+  }
+
+  private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+    try {
+      write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+    } catch (org.apache.thrift.TException te) {
+      throw new java.io.IOException(te);
+    }
+  }
+
+  private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+    try {
+      read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+    } catch (org.apache.thrift.TException te) {
+      throw new java.io.IOException(te);
+    }
+  }
+
+  private static class TSentryPrivilegeMapStandardSchemeFactory implements SchemeFactory {
+    public TSentryPrivilegeMapStandardScheme getScheme() {
+      return new TSentryPrivilegeMapStandardScheme();
+    }
+  }
+
+  private static class TSentryPrivilegeMapStandardScheme extends StandardScheme<TSentryPrivilegeMap> {
+
+    public void read(org.apache.thrift.protocol.TProtocol iprot, TSentryPrivilegeMap struct) throws org.apache.thrift.TException {
+      org.apache.thrift.protocol.TField schemeField;
+      iprot.readStructBegin();
+      while (true)
+      {
+        schemeField = iprot.readFieldBegin();
+        if (schemeField.type == org.apache.thrift.protocol.TType.STOP) {
+          break;
+        }
+        switch (schemeField.id) {
+          case 1: // PRIVILEGE_MAP
+            if (schemeField.type == org.apache.thrift.protocol.TType.MAP) {
+              {
+                org.apache.thrift.protocol.TMap _map104 = iprot.readMapBegin();
+                struct.privilegeMap = new HashMap<String,Set<TSentryPrivilege>>(2*_map104.size);
+                for (int _i105 = 0; _i105 < _map104.size; ++_i105)
+                {
+                  String _key106; // required
+                  Set<TSentryPrivilege> _val107; // required
+                  _key106 = iprot.readString();
+                  {
+                    org.apache.thrift.protocol.TSet _set108 = iprot.readSetBegin();
+                    _val107 = new HashSet<TSentryPrivilege>(2*_set108.size);
+                    for (int _i109 = 0; _i109 < _set108.size; ++_i109)
+                    {
+                      TSentryPrivilege _elem110; // required
+                      _elem110 = new TSentryPrivilege();
+                      _elem110.read(iprot);
+                      _val107.add(_elem110);
+                    }
+                    iprot.readSetEnd();
+                  }
+                  struct.privilegeMap.put(_key106, _val107);
+                }
+                iprot.readMapEnd();
+              }
+              struct.setPrivilegeMapIsSet(true);
+            } else {
+              org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+            }
+            break;
+          default:
+            org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+        }
+        iprot.readFieldEnd();
+      }
+      iprot.readStructEnd();
+      struct.validate();
+    }
+
+    public void write(org.apache.thrift.protocol.TProtocol oprot, TSentryPrivilegeMap struct) throws org.apache.thrift.TException {
+      struct.validate();
+
+      oprot.writeStructBegin(STRUCT_DESC);
+      if (struct.privilegeMap != null) {
+        oprot.writeFieldBegin(PRIVILEGE_MAP_FIELD_DESC);
+        {
+          oprot.writeMapBegin(new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.SET, struct.privilegeMap.size()));
+          for (Map.Entry<String, Set<TSentryPrivilege>> _iter111 : struct.privilegeMap.entrySet())
+          {
+            oprot.writeString(_iter111.getKey());
+            {
+              oprot.writeSetBegin(new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRUCT, _iter111.getValue().size()));
+              for (TSentryPrivilege _iter112 : _iter111.getValue())
+              {
+                _iter112.write(oprot);
+              }
+              oprot.writeSetEnd();
+            }
+          }
+          oprot.writeMapEnd();
+        }
+        oprot.writeFieldEnd();
+      }
+      oprot.writeFieldStop();
+      oprot.writeStructEnd();
+    }
+
+  }
+
+  private static class TSentryPrivilegeMapTupleSchemeFactory implements SchemeFactory {
+    public TSentryPrivilegeMapTupleScheme getScheme() {
+      return new TSentryPrivilegeMapTupleScheme();
+    }
+  }
+
+  private static class TSentryPrivilegeMapTupleScheme extends TupleScheme<TSentryPrivilegeMap> {
+
+    @Override
+    public void write(org.apache.thrift.protocol.TProtocol prot, TSentryPrivilegeMap struct) throws org.apache.thrift.TException {
+      TTupleProtocol oprot = (TTupleProtocol) prot;
+      {
+        oprot.writeI32(struct.privilegeMap.size());
+        for (Map.Entry<String, Set<TSentryPrivilege>> _iter113 : struct.privilegeMap.entrySet())
+        {
+          oprot.writeString(_iter113.getKey());
+          {
+            oprot.writeI32(_iter113.getValue().size());
+            for (TSentryPrivilege _iter114 : _iter113.getValue())
+            {
+              _iter114.write(oprot);
+            }
+          }
+        }
+      }
+    }
+
+    @Override
+    public void read(org.apache.thrift.protocol.TProtocol prot, TSentryPrivilegeMap struct) throws org.apache.thrift.TException {
+      TTupleProtocol iprot = (TTupleProtocol) prot;
+      {
+        org.apache.thrift.protocol.TMap _map115 = new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.SET, iprot.readI32());
+        struct.privilegeMap = new HashMap<String,Set<TSentryPrivilege>>(2*_map115.size);
+        for (int _i116 = 0; _i116 < _map115.size; ++_i116)
+        {
+          String _key117; // required
+          Set<TSentryPrivilege> _val118; // required
+          _key117 = iprot.readString();
+          {
+            org.apache.thrift.protocol.TSet _set119 = new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRUCT, iprot.readI32());
+            _val118 = new HashSet<TSentryPrivilege>(2*_set119.size);
+            for (int _i120 = 0; _i120 < _set119.size; ++_i120)
+            {
+              TSentryPrivilege _elem121; // required
+              _elem121 = new TSentryPrivilege();
+              _elem121.read(iprot);
+              _val118.add(_elem121);
+            }
+          }
+          struct.privilegeMap.put(_key117, _val118);
+        }
+      }
+      struct.setPrivilegeMapIsSet(true);
+    }
+  }
+
+}
+

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/5c2597de/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/DelegateSentryStore.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/DelegateSentryStore.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/DelegateSentryStore.java
index e1c15fa..4c5ceca 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/DelegateSentryStore.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/DelegateSentryStore.java
@@ -140,6 +140,11 @@ public class DelegateSentryStore implements SentryStoreLayer {
   }
 
   @Override
+  public Set<String> getAllRoleNames() {
+    return delegate.getAllRoleNames();
+  }
+
+  @Override
   public CommitContext alterRoleAddGroups(String component, String role,
       Set<String> groups, String requestor) throws SentryNoSuchObjectException {
     return delegate.alterSentryRoleAddGroups(requestor, role, toTSentryGroups(groups));
@@ -418,6 +423,41 @@ public class DelegateSentryStore implements SentryStoreLayer {
   }
 
   @Override
+  public Set<MSentryGMPrivilege> getPrivilegesByAuthorizable(String component, String service,
+      Set<String> validActiveRoles, List<? extends Authorizable> authorizables)
+      throws SentryUserException {
+
+    Preconditions.checkNotNull(component);
+    Preconditions.checkNotNull(service);
+
+    component = toTrimedLower(component);
+    service = toTrimedLower(service);
+
+    Set<MSentryGMPrivilege> privileges = Sets.newHashSet();
+    PersistenceManager pm = null;
+    try {
+      pm = openTransaction();
+
+      if (validActiveRoles == null || validActiveRoles.size() == 0) {
+        return privileges;
+      }
+
+      Set<MSentryRole> mRoles = Sets.newHashSet();
+      for (String role : validActiveRoles) {
+        MSentryRole mRole = getRole(role, pm);
+        if (mRole != null) {
+          mRoles.add(mRole);
+        }
+      }
+      //get the privileges
+      privileges.addAll(privilegeOperator.getPrivilegesByAuthorizable(component, service, mRoles, authorizables, pm));
+    } finally {
+      commitTransaction(pm);
+    }
+    return privileges;
+  }
+
+   @Override
   public void close() {
     delegate.stop();
   }

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/5c2597de/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeOperatePersistence.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeOperatePersistence.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeOperatePersistence.java
index c3b0be8..21e51cd 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeOperatePersistence.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/PrivilegeOperatePersistence.java
@@ -363,6 +363,20 @@ public class PrivilegeOperatePersistence {
     return privileges;
   }
 
+  public Set<MSentryGMPrivilege> getPrivilegesByAuthorizable(String component,
+      String service, Set<MSentryRole> roles,
+      List<? extends Authorizable> authorizables, PersistenceManager pm) {
+
+    Set<MSentryGMPrivilege> privilegeGraph = Sets.newHashSet();
+
+    if (roles == null || roles.isEmpty()) {
+      return privilegeGraph;
+    }
+
+    MSentryGMPrivilege parentPrivilege = new MSentryGMPrivilege(component, service, authorizables, null, null);
+    privilegeGraph.addAll(populateIncludePrivileges(roles, parentPrivilege, pm));
+    return privilegeGraph;
+  }
 
   public void renamePrivilege(String component, String service,
       List<? extends Authorizable> oldAuthorizables, List<? extends Authorizable> newAuthorizables,

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/5c2597de/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/SentryStoreLayer.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/SentryStoreLayer.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/SentryStoreLayer.java
index f6d73e7..49a78ef 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/SentryStoreLayer.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/persistent/SentryStoreLayer.java
@@ -24,6 +24,7 @@ import org.apache.sentry.SentryUserException;
 import org.apache.sentry.core.common.Authorizable;
 import org.apache.sentry.provider.db.SentryAlreadyExistsException;
 import org.apache.sentry.provider.db.SentryNoSuchObjectException;
+import org.apache.sentry.provider.db.service.model.MSentryGMPrivilege;
 import org.apache.sentry.provider.db.service.persistent.CommitContext;
 
 /**
@@ -164,9 +165,31 @@ public interface SentryStoreLayer {
    * @throws SentryUserException
    */
 
-  Set<PrivilegeObject> getPrivilegesByProvider(String component, String service,Set<String> roles,
+  Set<PrivilegeObject> getPrivilegesByProvider(String component, String service, Set<String> roles,
        Set<String> groups, List<? extends Authorizable> authorizables)
        throws SentryUserException;
+
+  /**
+   * Get all roles name.
+   *
+   * @returns The set of roles name,
+   */
+  Set<String> getAllRoleNames();
+
+  /**
+   * Get sentry privileges based on valid active roles and the authorize objects.
+   *
+   * @param component: The request respond to which component
+   * @param service: The name of service
+   * @param validActiveRoles: The valid active roles
+   * @param authorizables: The list of authorize objects
+   * @returns The set of MSentryGMPrivilege
+   * @throws SentryUserException
+   */
+  Set<MSentryGMPrivilege> getPrivilegesByAuthorizable(String component, String service,
+      Set<String> validActiveRoles, List<? extends Authorizable> authorizables)
+      throws SentryUserException;
+
   /**
    * close sentryStore
    */

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/5c2597de/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericPolicyProcessor.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericPolicyProcessor.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericPolicyProcessor.java
index 78d3847..d07331e 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericPolicyProcessor.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericPolicyProcessor.java
@@ -23,12 +23,15 @@ import static org.apache.sentry.policy.common.PolicyConstants.KV_JOINER;
 import java.lang.reflect.Constructor;
 import java.util.HashSet;
 import java.util.List;
+import java.util.Map;
 import java.util.Set;
 
 import org.apache.hadoop.conf.Configuration;
 import org.apache.sentry.SentryUserException;
 import org.apache.sentry.core.common.Authorizable;
 import org.apache.sentry.core.model.db.AccessConstants;
+import org.apache.sentry.policy.common.KeyValue;
+import org.apache.sentry.policy.common.PolicyConstants;
 import org.apache.sentry.provider.common.AuthorizationComponent;
 import org.apache.sentry.provider.db.SentryAccessDeniedException;
 import org.apache.sentry.provider.db.SentryAlreadyExistsException;
@@ -40,6 +43,8 @@ import org.apache.sentry.provider.db.generic.service.persistent.PrivilegeObject.
 import org.apache.sentry.provider.db.generic.service.persistent.SentryStoreLayer;
 import org.apache.sentry.provider.db.log.entity.JsonLogEntityFactory;
 import org.apache.sentry.provider.db.log.util.Constants;
+import org.apache.sentry.provider.db.service.model.MSentryGMPrivilege;
+import org.apache.sentry.provider.db.service.model.MSentryRole;
 import org.apache.sentry.provider.db.service.persistent.CommitContext;
 import org.apache.sentry.provider.db.service.thrift.PolicyStoreConstants;
 import org.apache.sentry.provider.db.service.thrift.SentryConfigurationException;
@@ -58,6 +63,7 @@ import com.google.common.base.Splitter;
 import com.google.common.base.Strings;
 import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.Lists;
+import com.google.common.collect.Maps;
 import com.google.common.collect.Sets;
 
 public class SentryGenericPolicyProcessor implements SentryGenericPolicyService.Iface {
@@ -70,6 +76,7 @@ public class SentryGenericPolicyProcessor implements SentryGenericPolicyService.
   private final NotificationHandlerInvoker handerInvoker;
 
   public static final String SENTRY_GENERIC_SERVICE_NAME = "SentryGenericPolicyService";
+  private static final String ACCESS_DENIAL_MESSAGE = "Access denied to ";
 
   public SentryGenericPolicyProcessor(Configuration conf) throws Exception {
     this.store = createStore(conf);
@@ -94,7 +101,7 @@ public class SentryGenericPolicyProcessor implements SentryGenericPolicyService.
       String msg = "User: " + requestorUser + " is part of " + requestorGroups +
           " which does not, intersect admin groups " + adminGroups;
       LOGGER.warn(msg);
-      throw new SentryAccessDeniedException("Access denied to " + requestorUser);
+      throw new SentryAccessDeniedException(ACCESS_DENIAL_MESSAGE + requestorUser);
     }
   }
 
@@ -130,8 +137,7 @@ public class SentryGenericPolicyProcessor implements SentryGenericPolicyService.
 
   public static SentryStoreLayer createStore(Configuration conf) throws SentryConfigurationException {
     SentryStoreLayer storeLayer = null;
-    String Store = conf.get(PolicyStoreConstants.SENTRY_GENERIC_POLICY_STORE,
-        PolicyStoreConstants.SENTRY_GENERIC_POLICY_STORE_DEFAULT);
+    String Store = conf.get(PolicyStoreConstants.SENTRY_GENERIC_POLICY_STORE, PolicyStoreConstants.SENTRY_GENERIC_POLICY_STORE_DEFAULT);
 
     if (Strings.isNullOrEmpty(Store)) {
       throw new SentryConfigurationException("the parameter configuration for sentry.generic.policy.store can't be empty");
@@ -245,6 +251,22 @@ public class SentryGenericPolicyProcessor implements SentryGenericPolicyService.
     return tAuthorizables;
   }
 
+  private String fromAuthorizableToStr(List<? extends Authorizable> authorizables) {
+    if (authorizables != null && !authorizables.isEmpty()) {
+      List<String> privileges = Lists.newArrayList();
+
+      for (Authorizable authorizable : authorizables) {
+
+        privileges.add(PolicyConstants.KV_JOINER.join(authorizable.getTypeName(),
+            authorizable.getName()));
+      }
+
+      return PolicyConstants.AUTHORIZABLE_JOINER.join(privileges);
+    } else {
+      return "";
+    }
+  }
+
   private List<? extends Authorizable> toAuthorizables(List<TAuthorizable> tAuthorizables) {
     List<Authorizable> authorizables = Lists.newArrayList();
     if (tAuthorizables == null) {
@@ -265,6 +287,75 @@ public class SentryGenericPolicyProcessor implements SentryGenericPolicyService.
     return authorizables;
   }
 
+  private List<? extends Authorizable> toAuthorizables(String privilegeStr) {
+    List<Authorizable> authorizables = Lists.newArrayList();
+    if (privilegeStr == null) {
+      return authorizables;
+    }
+
+    for (String authorizable : PolicyConstants.AUTHORIZABLE_SPLITTER.split(privilegeStr)) {
+      KeyValue tempKV = new KeyValue(authorizable);
+      final String key = tempKV.getKey();
+      final String value = tempKV.getValue();
+
+      authorizables.add(new Authorizable() {
+        @Override
+        public String getTypeName() {
+          return key;
+        }
+
+        @Override
+        public String getName() {
+          return value;
+        }
+      });
+    }
+
+    return authorizables;
+  }
+
+  // Construct the role to set of privileges mapping based on the
+  // MSentryGMPrivilege information.
+  private TSentryPrivilegeMap toTSentryPrivilegeMap(Set<MSentryGMPrivilege> mPrivileges) {
+
+    // Mapping of <Role, Set<Privilege>>.
+    Map<String, Set<TSentryPrivilege>> tPrivilegeMap = Maps.newTreeMap();
+
+    for (MSentryGMPrivilege mPrivilege : mPrivileges) {
+      for (MSentryRole role : mPrivilege.getRoles()) {
+
+        TSentryPrivilege tPrivilege = toTSentryPrivilege(mPrivilege);
+
+        if (tPrivilegeMap.containsKey(role.getRoleName())) {
+          tPrivilegeMap.get(role.getRoleName()).add(tPrivilege);
+        } else {
+          Set<TSentryPrivilege> tPrivilegeSet = Sets.newTreeSet();
+          tPrivilegeSet.add(tPrivilege);
+          tPrivilegeMap.put(role.getRoleName(), tPrivilegeSet);
+        }
+      }
+    }
+
+    return new TSentryPrivilegeMap(tPrivilegeMap);
+  }
+
+  // Construct TSentryPrivilege based on MSentryGMPrivilege information.
+  private TSentryPrivilege toTSentryPrivilege(MSentryGMPrivilege mPrivilege) {
+
+    TSentryPrivilege tPrivilege = new TSentryPrivilege(mPrivilege.getComponentName(),
+    mPrivilege.getServiceName(), fromAuthorizable(mPrivilege.getAuthorizables()), mPrivilege.getAction());
+
+    if (mPrivilege.getGrantOption() == null) {
+      tPrivilege.setGrantOption(TSentryGrantOption.UNSET);
+    } else if (mPrivilege.getGrantOption()) {
+      tPrivilege.setGrantOption(TSentryGrantOption.TRUE);
+    } else {
+      tPrivilege.setGrantOption(TSentryGrantOption.FALSE);
+    }
+
+    return tPrivilege;
+  }
+
   private Set<String> buildPermissions(Set<PrivilegeObject> privileges) {
     Set<String> permissions = Sets.newHashSet();
     for (PrivilegeObject privilege : privileges) {
@@ -353,9 +444,7 @@ public class SentryGenericPolicyProcessor implements SentryGenericPolicyService.
       @Override
       public Response<Void> handle() throws Exception {
         validateClientVersion(request.getProtocol_version());
-        CommitContext context = store.alterRoleGrantPrivilege(request.getComponent(), request.getRoleName(),
-                                           toPrivilegeObject(request.getPrivilege()),
-                                           request.getRequestorUserName());
+        CommitContext context = store.alterRoleGrantPrivilege(request.getComponent(), request.getRoleName(), toPrivilegeObject(request.getPrivilege()), request.getRequestorUserName());
        return new Response<Void>(Status.OK(), context);
       }
     });
@@ -383,9 +472,7 @@ public class SentryGenericPolicyProcessor implements SentryGenericPolicyService.
       @Override
       public Response<Void> handle() throws Exception {
         validateClientVersion(request.getProtocol_version());
-        CommitContext context = store.alterRoleRevokePrivilege(request.getComponent(), request.getRoleName(),
-                                           toPrivilegeObject(request.getPrivilege()),
-                                           request.getRequestorUserName());
+        CommitContext context = store.alterRoleRevokePrivilege(request.getComponent(), request.getRoleName(), toPrivilegeObject(request.getPrivilege()), request.getRequestorUserName());
        return new Response<Void>(Status.OK(), context);
       }
     });
@@ -415,9 +502,7 @@ public class SentryGenericPolicyProcessor implements SentryGenericPolicyService.
         validateClientVersion(request.getProtocol_version());
         authorize(request.getRequestorUserName(),
             getRequestorGroups(conf, request.getRequestorUserName()));
-        CommitContext context = store.alterRoleAddGroups(
-            request.getComponent(), request.getRoleName(), request.getGroups(),
-            request.getRequestorUserName());
+        CommitContext context = store.alterRoleAddGroups(request.getComponent(), request.getRoleName(), request.getGroups(), request.getRequestorUserName());
         return new Response<Void>(Status.OK(), context);
       }
     });
@@ -447,9 +532,7 @@ public class SentryGenericPolicyProcessor implements SentryGenericPolicyService.
         validateClientVersion(request.getProtocol_version());
         authorize(request.getRequestorUserName(),
             getRequestorGroups(conf, request.getRequestorUserName()));
-        CommitContext context = store.alterRoleDeleteGroups(
-            request.getComponent(), request.getRoleName(), request.getGroups(),
-            request.getRequestorUserName());
+        CommitContext context = store.alterRoleDeleteGroups(request.getComponent(), request.getRoleName(), request.getGroups(), request.getRequestorUserName());
         return new Response<Void>(Status.OK(), context);
       }
     });
@@ -483,7 +566,7 @@ public class SentryGenericPolicyProcessor implements SentryGenericPolicyService.
           //Only admin users can list all roles in the system ( groupname = null)
           //Non admin users are only allowed to list only groups which they belong to
           if(!admin && (request.getGroupName() == null || !groups.contains(request.getGroupName()))) {
-            throw new SentryAccessDeniedException("Access denied to " + request.getRequestorUserName());
+            throw new SentryAccessDeniedException(ACCESS_DENIAL_MESSAGE + request.getRequestorUserName());
           }
           groups.clear();
           groups.add(request.getGroupName());
@@ -515,14 +598,13 @@ public class SentryGenericPolicyProcessor implements SentryGenericPolicyService.
         if (!inAdminGroups(groups)) {
           Set<String> roleNamesForGroups = toTrimedLower(store.getRolesByGroups(request.getComponent(), groups));
           if (!roleNamesForGroups.contains(toTrimedLower(request.getRoleName()))) {
-            throw new SentryAccessDeniedException("Access denied to " + request.getRequestorUserName());
+            throw new SentryAccessDeniedException(ACCESS_DENIAL_MESSAGE + request.getRequestorUserName());
           }
         }
         Set<PrivilegeObject> privileges = store.getPrivilegesByProvider(request.getComponent(),
                                                                         request.getServiceName(),
                                                                         Sets.newHashSet(request.getRoleName()),
-                                                                        null,
-                                                                        toAuthorizables(request.getAuthorizables()));
+                                                                        null, toAuthorizables(request.getAuthorizables()));
         Set<TSentryPrivilege> tSentryPrivileges = Sets.newHashSet();
         for (PrivilegeObject privilege : privileges) {
           tSentryPrivileges.add(fromPrivilegeObject(privilege));
@@ -547,9 +629,9 @@ public class SentryGenericPolicyProcessor implements SentryGenericPolicyService.
         Set<String> roleNamesForGroups = store.getRolesByGroups(request.getComponent(), request.getGroups());
         Set<String> rolesToQuery = request.getRoleSet().isAll() ? roleNamesForGroups : Sets.intersection(activeRoleNames, roleNamesForGroups);
         Set<PrivilegeObject> privileges = store.getPrivilegesByProvider(request.getComponent(),
-                                                                       request.getServiceName(),
-                                                                       rolesToQuery, null,
-                                                                       toAuthorizables(request.getAuthorizables()));
+                                                                        request.getServiceName(),
+                                                                        rolesToQuery, null,
+                                                                        toAuthorizables(request.getAuthorizables()));
         return new Response<Set<String>>(Status.OK(), buildPermissions(privileges));
       }
     });
@@ -560,6 +642,97 @@ public class SentryGenericPolicyProcessor implements SentryGenericPolicyService.
   }
 
   @Override
+  public TListSentryPrivilegesByAuthResponse list_sentry_privileges_by_authorizable(TListSentryPrivilegesByAuthRequest request) throws TException {
+
+    TListSentryPrivilegesByAuthResponse response = new TListSentryPrivilegesByAuthResponse();
+    Map<String, TSentryPrivilegeMap> authRoleMap = Maps.newHashMap();
+
+    // Group names are case sensitive.
+    Set<String> requestedGroups = request.getGroups();
+    String subject = request.getRequestorUserName();
+    TSentryActiveRoleSet activeRoleSet = request.getRoleSet();
+    Set<String> validActiveRoles = Sets.newHashSet();
+
+    try {
+      validateClientVersion(request.getProtocol_version());
+      Set<String> memberGroups = getRequestorGroups(conf, subject);
+
+      // Disallow non-admin users to lookup groups that
+      // they are not part of.
+      if(!inAdminGroups(memberGroups)) {
+
+        if (requestedGroups != null && !requestedGroups.isEmpty()) {
+          for (String requestedGroup : requestedGroups) {
+
+            // If user doesn't belong to one of the requested groups,
+            // then raise security exception.
+            if (!memberGroups.contains(requestedGroup)) {
+              throw new SentryAccessDeniedException(ACCESS_DENIAL_MESSAGE + subject);
+            }
+          }
+        } else {
+          // Non-admin's search is limited to its own groups.
+          requestedGroups = memberGroups;
+        }
+
+        // Disallow non-admin to lookup roles that they are not part of
+        if (activeRoleSet != null && !activeRoleSet.isAll()) {
+          Set<String> grantedRoles = toTrimedLower(store.getRolesByGroups(request.getComponent(), requestedGroups));
+          Set<String> activeRoleNames = toTrimedLower(activeRoleSet.getRoles());
+
+          for (String activeRole : activeRoleNames) {
+            if (!grantedRoles.contains(activeRole)) {
+              throw new SentryAccessDeniedException(ACCESS_DENIAL_MESSAGE
+              + subject);
+            }
+          }
+
+          // For non-admin, valid active roles are intersection of active roles and granted roles.
+          validActiveRoles.addAll(activeRoleSet.isAll() ? grantedRoles : Sets.intersection(activeRoleNames, grantedRoles));
+        }
+      } else {
+        Set<String> allRoles = toTrimedLower(store.getAllRoleNames());
+        Set<String> activeRoleNames = toTrimedLower(activeRoleSet.getRoles());
+
+        // For admin, if requestedGroups are empty, valid active roles are intersection of active roles and all roles.
+        // Otherwise, valid active roles are intersection of active roles and the roles of requestedGroups.
+        if (requestedGroups == null || requestedGroups.isEmpty()) {
+          validActiveRoles.addAll(activeRoleSet.isAll() ? allRoles : Sets.intersection(activeRoleNames, allRoles));
+        } else {
+          Set<String> requestedRoles = toTrimedLower(store.getRolesByGroups(request.getComponent(), requestedGroups));
+          validActiveRoles.addAll(activeRoleSet.isAll() ? allRoles : Sets.intersection(activeRoleNames, requestedRoles));
+        }
+      }
+
+      // If user is not part of any group.. return empty response
+      if (request.getAuthorizablesSet() != null) {
+        for (String authorizablesStr : request.getAuthorizablesSet()) {
+
+          List<? extends Authorizable> authorizables = toAuthorizables(authorizablesStr);
+          Set<MSentryGMPrivilege> sentryPrivileges = store.getPrivilegesByAuthorizable(request.getComponent(), request.getServiceName(), validActiveRoles, authorizables);
+          authRoleMap.put(fromAuthorizableToStr(authorizables), toTSentryPrivilegeMap(sentryPrivileges));
+        }
+      }
+
+      response.setPrivilegesMapByAuth(authRoleMap);
+      response.setStatus(Status.OK());
+    } catch (SentryAccessDeniedException e) {
+      LOGGER.error(e.getMessage(), e);
+      response.setStatus(Status.AccessDenied(e.getMessage(), e));
+    } catch (SentryThriftAPIMismatchException e) {
+      LOGGER.error(e.getMessage(), e);
+      response.setStatus(Status.THRIFT_VERSION_MISMATCH(e.getMessage(), e));
+    } catch (Exception e) {
+      String msg = "Unknown error for request: " + request + ", message: "
+      + e.getMessage();
+      LOGGER.error(msg, e);
+      response.setStatus(Status.RuntimeError(msg, e));
+    }
+
+    return response;
+  }
+
+  @Override
   public TDropPrivilegesResponse drop_sentry_privilege(
       final TDropPrivilegesRequest request) throws TException {
     Response<Void> respose = requestHandle(new RequestHandler<Void>() {

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/5c2597de/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientDefaultImpl.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientDefaultImpl.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientDefaultImpl.java
index ce57513..e52b6ef 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientDefaultImpl.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/service/thrift/SentryGenericServiceClientDefaultImpl.java
@@ -20,13 +20,11 @@ package org.apache.sentry.provider.db.generic.service.thrift;
 import java.io.IOException;
 import java.net.InetSocketAddress;
 import java.security.PrivilegedExceptionAction;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
+import java.util.*;
 
 import javax.security.auth.callback.CallbackHandler;
 
+import com.google.common.collect.Sets;
 import org.apache.hadoop.conf.Configuration;
 import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION;
 import org.apache.hadoop.net.NetUtils;
@@ -539,6 +537,64 @@ public class SentryGenericServiceClientDefaultImpl implements SentryGenericServi
     }
   }
 
+  private List<TAuthorizable> fromAuthorizable(List<? extends Authorizable> authorizables) {
+    List<TAuthorizable> tAuthorizables = Lists.newArrayList();
+    for (Authorizable authorizable : authorizables) {
+      tAuthorizables.add(new TAuthorizable(authorizable.getTypeName(), authorizable.getName()));
+    }
+    return tAuthorizables;
+  }
+
+  /**
+   * Get sentry privileges based on valid active roles and the authorize objects. Note that
+   * it is client responsibility to ensure the requestor username, etc. is not impersonated.
+   *
+   * @param component: The request respond to which component.
+   * @param serviceName: The name of service.
+   * @param requestorUserName: The requestor user name.
+   * @param authorizablesSet: The set of authorize objects. Represented as a string. e.g
+   *     resourceType1=resourceName1->resourceType2=resourceName2->resourceType3=resourceName3.
+   * @param groups: The requested groups.
+   * @param roleSet: The active roles set.
+   *
+   * @returns The mapping of authorize objects and TSentryPrivilegeMap(<role, set<privileges>).
+   * @throws SentryUserException
+   */
+  public Map<String, TSentryPrivilegeMap> listPrivilegsbyAuthorizable(String component,
+      String serviceName, String requestorUserName, Set<List<? extends Authorizable>> authorizablesSet,
+      Set<String> groups, ActiveRoleSet roleSet) throws SentryUserException {
+
+    Set<List<TAuthorizable>> authSet = Sets.newHashSet();
+    for (List<? extends Authorizable> authorizables : authorizablesSet) {
+      authSet.add(fromAuthorizable(authorizables));
+    }
+
+    TListSentryPrivilegesByAuthRequest request = new TListSentryPrivilegesByAuthRequest();
+
+    request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2);
+    request.setComponent(component);
+    request.setServiceName(serviceName);
+    request.setRequestorUserName(requestorUserName);
+
+    if (groups == null) {
+      request.setGroups(new HashSet<String>());
+    } else {
+      request.setGroups(groups);
+    }
+
+    if (roleSet != null) {
+      request.setRoleSet(new TSentryActiveRoleSet(roleSet.isAll(), roleSet.getRoles()));
+    }
+
+    try {
+      TListSentryPrivilegesByAuthResponse response = client.list_sentry_privileges_by_authorizable(request);
+      Status.throwIfNotOk(response.getStatus());
+      return response.getPrivilegesMapByAuth();
+    } catch (TException e) {
+      throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
+    }
+  }
+
   @Override
   public void close() {
     if (transport != null) {

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/5c2597de/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
index 521d945..6a4d50d 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
@@ -2069,6 +2069,29 @@ public class SentryStore {
     }
   }
 
+  // Get the all exist role names, will return an empty set
+  // if no role names exist.
+  public Set<String> getAllRoleNames() {
+
+    boolean rollbackTransaction = true;
+    PersistenceManager pm = null;
+
+    try {
+      pm = openTransaction();
+
+      Set<String> existRoleNames = getAllRoleNames(pm);
+
+      commitTransaction(pm);
+      rollbackTransaction = false;
+
+      return existRoleNames;
+    } finally {
+      if (rollbackTransaction) {
+        rollbackTransaction(pm);
+      }
+    }
+  }
+
   // get the all exist role names
   private Set<String> getAllRoleNames(PersistenceManager pm) {
     Query query = pm.newQuery(MSentryRole.class);

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/5c2597de/sentry-provider/sentry-provider-db/src/main/resources/sentry_generic_policy_service.thrift
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/sentry_generic_policy_service.thrift b/sentry-provider/sentry-provider-db/src/main/resources/sentry_generic_policy_service.thrift
index 91ff672..db107bf 100644
--- a/sentry-provider/sentry-provider-db/src/main/resources/sentry_generic_policy_service.thrift
+++ b/sentry-provider/sentry-provider-db/src/main/resources/sentry_generic_policy_service.thrift
@@ -195,6 +195,7 @@ struct TSentryActiveRoleSet {
 1: required bool all,
 2: required set<string> roles,
 }
+
 struct TListSentryPrivilegesForProviderRequest {
 1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V2,
 2: required string component, # The request is issued to which component
@@ -203,11 +204,56 @@ struct TListSentryPrivilegesForProviderRequest {
 5: required TSentryActiveRoleSet roleSet,
 6: optional list<TAuthorizable>  authorizables # authorizable hierarchys
 }
+
 struct TListSentryPrivilegesForProviderResponse {
 1: required TSentryResponseStatus status
 2: required set<string> privileges
 }
 
+# Map of role:set<privileges> for the given authorizable
+# Optionally use the set of groups to filter the roles
+struct TSentryPrivilegeMap {
+1: required map<string, set<TSentryPrivilege>> privilegeMap
+}
+
+struct TListSentryPrivilegesByAuthRequest {
+1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V2,
+
+# User on whose behalf the request is issued
+2: required string requestorUserName,
+
+# The request is issued to which component
+3: required string component,
+
+# The privilege belongs to which service
+4: required string serviceName,
+
+# The authorizable hierarchys, it is represented as a string. e.g
+# resourceType1=resourceName1->resourceType2=resourceName2->resourceType3=resourceName3
+5: required set<string> authorizablesSet,
+
+# The requested groups. For admin, the requested groups can be empty, if so it is
+# treated as a wildcard query. Otherwise, it is a query on this specifc groups.
+# For non-admin user, the requested groups must be the groups they are part of.
+6: optional set<string> groups,
+
+# The active role set.
+7: optional TSentryActiveRoleSet roleSet
+}
+
+struct TListSentryPrivilegesByAuthResponse {
+1: required sentry_common_service.TSentryResponseStatus status,
+
+# Will not be set in case of an error. Otherwise it will be a
+# <Authorizables, <Role, Set<Privileges>>> mapping. For non-admin
+# requestor, the roles are intersection of active roles and granted roles.
+# For admin requestor, the roles are filtered based on the active roles
+# and requested group from TListSentryPrivilegesByAuthRequest.
+# The authorizable hierarchys is represented as a string in the form
+# of the request.
+2: optional map<string, TSentryPrivilegeMap> privilegesMapByAuth
+}
+
 service SentryGenericPolicyService
 {
   TCreateSentryRoleResponse create_sentry_role(1:TCreateSentryRoleRequest request)
@@ -225,6 +271,8 @@ service SentryGenericPolicyService
 
   TListSentryPrivilegesForProviderResponse list_sentry_privileges_for_provider(1:TListSentryPrivilegesForProviderRequest request)
 
+  TListSentryPrivilegesByAuthResponse list_sentry_privileges_by_authorizable(1:TListSentryPrivilegesByAuthRequest request);
+
   TDropPrivilegesResponse drop_sentry_privilege(1:TDropPrivilegesRequest request);
 
   TRenamePrivilegesResponse rename_sentry_privilege(1:TRenamePrivilegesRequest request);

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/5c2597de/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestPrivilegeOperatePersistence.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestPrivilegeOperatePersistence.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestPrivilegeOperatePersistence.java
index 189eabb..6b3a5e2 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestPrivilegeOperatePersistence.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/persistent/TestPrivilegeOperatePersistence.java
@@ -952,4 +952,60 @@ public class TestPrivilegeOperatePersistence extends SentryStoreIntegrationBase
         sentryStore.getPrivilegesByProvider(SEARCH, service1, Sets.newHashSet(roleName1,roleName2),
             Sets.newHashSet(group), authorizables));
   }
+
+  @Test
+  public void testGetPrivilegesByAuthorizable() throws Exception {
+    String roleName1 = "r1";
+    String roleName2 = "r2";
+    String roleName3 = "r3";
+    String grantor = ADMIN_USER;
+
+    String service1 = "service1";
+
+    PrivilegeObject queryPrivilege1 = new Builder()
+    .setComponent(SEARCH)
+    .setAction(SearchConstants.QUERY)
+    .setService(service1)
+    .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME)))
+    .build();
+
+    PrivilegeObject updatePrivilege1 = new Builder()
+    .setComponent(SEARCH)
+    .setAction(SearchConstants.UPDATE)
+    .setService(service1)
+    .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME), new Field(FIELD_NAME)))
+    .build();
+
+    PrivilegeObject queryPrivilege2 = new Builder()
+    .setComponent(SEARCH)
+    .setAction(SearchConstants.QUERY)
+    .setService(service1)
+    .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME)))
+    .build();
+
+    PrivilegeObject updatePrivilege2 = new Builder()
+    .setComponent(SEARCH)
+    .setAction(SearchConstants.UPDATE)
+    .setService(service1)
+    .setAuthorizables(Arrays.asList(new Collection(COLLECTION_NAME), new Field(FIELD_NAME)))
+    .build();
+
+    sentryStore.createRole(SEARCH, roleName1, grantor);
+    sentryStore.createRole(SEARCH, roleName2, grantor);
+    sentryStore.createRole(SEARCH, roleName3, grantor);
+
+    sentryStore.alterRoleGrantPrivilege(SEARCH, roleName1, queryPrivilege1, grantor);
+    sentryStore.alterRoleGrantPrivilege(SEARCH, roleName1, updatePrivilege1, grantor);
+    sentryStore.alterRoleGrantPrivilege(SEARCH, roleName2, queryPrivilege2, grantor);
+    sentryStore.alterRoleGrantPrivilege(SEARCH, roleName3, updatePrivilege2, grantor);
+
+    assertEquals(0, sentryStore.getPrivilegesByAuthorizable(SEARCH, service1, null,
+        Arrays.asList(new Collection(COLLECTION_NAME), new Field(FIELD_NAME))).size());
+    assertEquals(2, sentryStore.getPrivilegesByAuthorizable(SEARCH, service1,
+        Sets.newHashSet(roleName1), null).size());
+    assertEquals(2, sentryStore.getPrivilegesByAuthorizable(SEARCH, service1,
+        Sets.newHashSet(roleName1,roleName2), null).size());
+    assertEquals(2, sentryStore.getPrivilegesByAuthorizable(SEARCH, service1,
+        Sets.newHashSet(roleName1,roleName2, roleName3), null).size());
+  }
 }

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/5c2597de/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java
index b86c6b2..6821cf9 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/generic/service/thrift/TestSentryGenericPolicyProcessor.java
@@ -25,11 +25,9 @@ import static org.mockito.Matchers.anyString;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
 
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Set;
-import java.util.UUID;
+import java.util.*;
 
+import com.google.common.collect.Lists;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.sentry.core.common.Authorizable;
 import org.apache.sentry.core.model.search.Collection;
@@ -43,7 +41,8 @@ import org.apache.sentry.provider.db.SentryNoSuchObjectException;
 import org.apache.sentry.provider.db.generic.service.persistent.PrivilegeObject;
 import org.apache.sentry.provider.db.generic.service.persistent.SentryStoreLayer;
 import org.apache.sentry.provider.db.generic.service.persistent.PrivilegeObject.Builder;
-import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericPolicyProcessor;
+import org.apache.sentry.provider.db.service.model.MSentryGMPrivilege;
+import org.apache.sentry.provider.db.service.model.MSentryRole;
 import org.apache.sentry.provider.db.service.persistent.CommitContext;
 import org.apache.sentry.provider.db.service.thrift.PolicyStoreConstants;
 import org.apache.sentry.provider.db.service.thrift.SentryConfigurationException;
@@ -254,6 +253,13 @@ public class TestSentryGenericPolicyProcessor {
                                    .setAction(SearchConstants.UPDATE)
                                    .build();
 
+    MSentryGMPrivilege mSentryGMPrivilege = new MSentryGMPrivilege("SOLR", "service1",
+    Arrays.asList(new Collection("c1"), new Field("f1")),
+    SearchConstants.QUERY, true);
+
+    MSentryRole role = new MSentryRole("r1", 290);
+    mSentryGMPrivilege.setRoles(Sets.newHashSet(role));
+
     when(mockStore.getRolesByGroups(anyString(), anySetOf(String.class)))
     .thenReturn(Sets.newHashSet(roleName));
 
@@ -264,6 +270,12 @@ public class TestSentryGenericPolicyProcessor {
     when(mockStore.getGroupsByRoles(anyString(), anySetOf(String.class)))
     .thenReturn(Sets.newHashSet(groupName));
 
+    when(mockStore.getPrivilegesByAuthorizable(anyString(), anyString(), anySetOf(String.class), anyListOf(Authorizable.class)))
+    .thenReturn(Sets.newHashSet(mSentryGMPrivilege));
+
+    when(mockStore.getAllRoleNames())
+    .thenReturn(Sets.newHashSet(roleName));
+
     TListSentryPrivilegesRequest request1 = new TListSentryPrivilegesRequest();
     request1.setRoleName(roleName);
     request1.setRequestorUserName(ADMIN_USER);
@@ -284,6 +296,18 @@ public class TestSentryGenericPolicyProcessor {
     TListSentryPrivilegesForProviderResponse response3 = processor.list_sentry_privileges_for_provider(request3);
     assertEquals(Status.OK, fromTSentryStatus(response3.getStatus()));
     assertEquals(2, response3.getPrivileges().size());
+
+    TListSentryPrivilegesByAuthRequest request4 = new TListSentryPrivilegesByAuthRequest();
+    request4.setGroups(Sets.newHashSet(groupName));
+    request4.setRoleSet(new TSentryActiveRoleSet(true, null));
+    request4.setRequestorUserName(ADMIN_USER);
+
+    Set<String> authorizablesSet = Sets.newHashSet("Collection=c1->Field=f1");
+    request4.setAuthorizablesSet(authorizablesSet);
+
+    TListSentryPrivilegesByAuthResponse response4 = processor.list_sentry_privileges_by_authorizable(request4);
+    assertEquals(Status.OK, fromTSentryStatus(response4.getStatus()));
+    assertEquals(1, response4.getPrivilegesMapByAuth().size());
   }
 
   @Test(expected=SentryConfigurationException.class)


Mime
View raw message