sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject sentry git commit: SENTRY-2015 - Refactor Command implementations - Reviewed by Sergio Pena
Date Wed, 25 Oct 2017 08:28:05 GMT
Repository: sentry
Updated Branches:
  refs/heads/master 7dbadfe85 -> 6d44cfd9b


SENTRY-2015 - Refactor Command implementations
 - Reviewed by Sergio Pena


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/6d44cfd9
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/6d44cfd9
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/6d44cfd9

Branch: refs/heads/master
Commit: 6d44cfd9b5c8ec12fdf5310bb86cfa09e7b84562
Parents: 7dbadfe
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Oct 25 09:27:44 2017 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Oct 25 09:27:44 2017 +0100

----------------------------------------------------------------------
 .../tools/GenericPrivilegeConverter.java        |  13 ++-
 .../db/generic/tools/SentryShellGeneric.java    |  58 +++++-----
 .../tools/command/AddRoleToGroupCmd.java        |  46 --------
 .../db/generic/tools/command/Command.java       |  27 -----
 .../db/generic/tools/command/CreateRoleCmd.java |  39 -------
 .../tools/command/DeleteRoleFromGroupCmd.java   |  46 --------
 .../db/generic/tools/command/DropRoleCmd.java   |  39 -------
 .../tools/command/GenericShellCommand.java      | 112 +++++++++++++++++++
 .../tools/command/GrantPrivilegeToRoleCmd.java  |  47 --------
 .../tools/command/ListPrivilegesByRoleCmd.java  |  54 ---------
 .../db/generic/tools/command/ListRolesCmd.java  |  53 ---------
 .../command/RevokePrivilegeFromRoleCmd.java     |  47 --------
 .../command/TSentryPrivilegeConverter.java      |   3 +-
 .../provider/db/tools/SentryShellHive.java      |  42 +++----
 .../sentry/provider/db/tools/ShellCommand.java  |  44 ++++++++
 .../provider/db/tools/command/hive/Command.java |  27 -----
 .../db/tools/command/hive/CommandUtil.java      |   2 +-
 .../db/tools/command/hive/CreateRoleCmd.java    |  37 ------
 .../db/tools/command/hive/DropRoleCmd.java      |  37 ------
 .../command/hive/GrantPrivilegeToRoleCmd.java   |  43 -------
 .../command/hive/GrantRoleToGroupsCmd.java      |  44 --------
 .../db/tools/command/hive/HiveShellCommand.java | 108 ++++++++++++++++++
 .../tools/command/hive/ListPrivilegesCmd.java   |  49 --------
 .../db/tools/command/hive/ListRolesCmd.java     |  51 ---------
 .../hive/RevokePrivilegeFromRoleCmd.java        |  44 --------
 .../command/hive/RevokeRoleFromGroupsCmd.java   |  43 -------
 26 files changed, 324 insertions(+), 831 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/GenericPrivilegeConverter.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/GenericPrivilegeConverter.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/GenericPrivilegeConverter.java
index 526a521..51d6df9 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/GenericPrivilegeConverter.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/GenericPrivilegeConverter.java
@@ -29,6 +29,7 @@ import java.util.LinkedList;
 import java.util.List;
 
 import org.apache.sentry.core.common.Authorizable;
+import org.apache.sentry.core.common.exception.SentryUserException;
 import org.apache.sentry.core.common.utils.KeyValue;
 import org.apache.sentry.core.common.utils.PolicyFileConstants;
 import org.apache.sentry.core.common.utils.SentryConstants;
@@ -70,7 +71,7 @@ public class GenericPrivilegeConverter implements TSentryPrivilegeConverter {
     this.validate = validate;
   }
 
-  public TSentryPrivilege fromString(String privilegeStr) throws Exception {
+  public TSentryPrivilege fromString(String privilegeStr) throws SentryUserException {
     privilegeStr = parsePrivilegeString(privilegeStr);
     if (validate) {
       validatePrivilegeHierarchy(privilegeStr);
@@ -145,7 +146,7 @@ public class GenericPrivilegeConverter implements TSentryPrivilegeConverter {
     return privilegeStr;
   }
 
-  private void validatePrivilegeHierarchy(String privilegeStr) throws Exception {
+  private void validatePrivilegeHierarchy(String privilegeStr) throws SentryUserException {
     List<PrivilegeValidator> validators = getPrivilegeValidators();
     PrivilegeValidatorContext context = new PrivilegeValidatorContext(null, privilegeStr);
     for (PrivilegeValidator validator : validators) {
@@ -157,7 +158,7 @@ public class GenericPrivilegeConverter implements TSentryPrivilegeConverter {
     }
   }
 
-  private List<PrivilegeValidator> getPrivilegeValidators() throws Exception {
+  private List<PrivilegeValidator> getPrivilegeValidators() throws SentryUserException {
     if (AuthorizationComponent.KAFKA.equals(component)) {
       return KafkaPrivilegeModel.getInstance().getPrivilegeValidators();
     } else if ("SOLR".equals(component)) {
@@ -166,10 +167,10 @@ public class GenericPrivilegeConverter implements TSentryPrivilegeConverter {
       return SqoopPrivilegeModel.getInstance().getPrivilegeValidators(service);
     }
 
-    throw new Exception("Invalid component specified for GenericPrivilegeCoverter: " + component);
+    throw new SentryUserException("Invalid component specified for GenericPrivilegeCoverter: " + component);
   }
 
-  private Authorizable getAuthorizable(KeyValue keyValue) throws Exception {
+  private Authorizable getAuthorizable(KeyValue keyValue) throws SentryUserException {
     if (AuthorizationComponent.KAFKA.equals(component)) {
       return KafkaModelAuthorizables.from(keyValue);
     } else if ("SOLR".equals(component)) {
@@ -178,7 +179,7 @@ public class GenericPrivilegeConverter implements TSentryPrivilegeConverter {
       return SqoopModelAuthorizables.from(keyValue);
     }
 
-    throw new Exception("Invalid component specified for GenericPrivilegeCoverter: " + component);
+    throw new SentryUserException("Invalid component specified for GenericPrivilegeCoverter: " + component);
   }
 
 }

http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellGeneric.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellGeneric.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellGeneric.java
index 25c8003..49f18c8 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellGeneric.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellGeneric.java
@@ -18,6 +18,8 @@
 
 package org.apache.sentry.provider.db.generic.tools;
 
+import java.util.List;
+
 import org.apache.commons.lang.StringUtils;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.fs.Path;
@@ -25,16 +27,10 @@ import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.sentry.provider.common.AuthorizationComponent;
 import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient;
 import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClientFactory;
-import org.apache.sentry.provider.db.generic.tools.command.AddRoleToGroupCmd;
-import org.apache.sentry.provider.db.generic.tools.command.Command;
-import org.apache.sentry.provider.db.generic.tools.command.CreateRoleCmd;
-import org.apache.sentry.provider.db.generic.tools.command.DeleteRoleFromGroupCmd;
-import org.apache.sentry.provider.db.generic.tools.command.DropRoleCmd;
-import org.apache.sentry.provider.db.generic.tools.command.GrantPrivilegeToRoleCmd;
-import org.apache.sentry.provider.db.generic.tools.command.ListPrivilegesByRoleCmd;
-import org.apache.sentry.provider.db.generic.tools.command.ListRolesCmd;
-import org.apache.sentry.provider.db.generic.tools.command.RevokePrivilegeFromRoleCmd;
+import org.apache.sentry.provider.db.generic.tools.command.GenericShellCommand;
+import org.apache.sentry.provider.db.generic.tools.command.TSentryPrivilegeConverter;
 import org.apache.sentry.provider.db.tools.SentryShellCommon;
+import org.apache.sentry.provider.db.tools.ShellCommand;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -53,7 +49,6 @@ public class SentryShellGeneric extends SentryShellCommon {
 
   @Override
   public void run() throws Exception {
-    Command command = null;
     String component = getComponent();
     Configuration conf = getSentryConf();
 
@@ -62,36 +57,37 @@ public class SentryShellGeneric extends SentryShellCommon {
                 SentryGenericServiceClientFactory.create(conf)) {
       UserGroupInformation ugi = UserGroupInformation.getLoginUser();
       String requestorName = ugi.getShortUserName();
+      TSentryPrivilegeConverter converter = new GenericPrivilegeConverter(component, service);
+      ShellCommand command = new GenericShellCommand(client, component, service, converter);
+
+      // check the requestor name
+      if (StringUtils.isEmpty(requestorName)) {
+        // The exception message will be recorded in log file.
+        throw new Exception("The requestor name is empty.");
+      }
 
       if (isCreateRole) {
-        command = new CreateRoleCmd(roleName, component);
+        command.createRole(requestorName, roleName);
       } else if (isDropRole) {
-        command = new DropRoleCmd(roleName, component);
+        command.dropRole(requestorName, roleName);
       } else if (isAddRoleGroup) {
-        command = new AddRoleToGroupCmd(roleName, groupName, component);
+        command.grantRoleToGroups(requestorName, roleName, groupName);
       } else if (isDeleteRoleGroup) {
-        command = new DeleteRoleFromGroupCmd(roleName, groupName, component);
+        command.revokeRoleFromGroups(requestorName, roleName, groupName);
       } else if (isGrantPrivilegeRole) {
-        command = new GrantPrivilegeToRoleCmd(roleName, component,
-                privilegeStr, new GenericPrivilegeConverter(component, service));
+        command.grantPrivilegeToRole(requestorName, roleName, privilegeStr);
       } else if (isRevokePrivilegeRole) {
-        command = new RevokePrivilegeFromRoleCmd(roleName, component,
-                privilegeStr, new GenericPrivilegeConverter(component, service));
+        command.revokePrivilegeFromRole(requestorName, roleName, privilegeStr);
       } else if (isListRole) {
-        command = new ListRolesCmd(groupName, component);
+        List<String> roles = command.listRoles(requestorName, roleName, groupName);
+        for (String role : roles) {
+          System.out.println(role);
+        }
       } else if (isListPrivilege) {
-        command = new ListPrivilegesByRoleCmd(roleName, component,
-                service, new GenericPrivilegeConverter(component, service));
-      }
-
-      // check the requestor name
-      if (StringUtils.isEmpty(requestorName)) {
-        // The exception message will be recorded in log file.
-        throw new Exception("The requestor name is empty.");
-      }
-
-      if (command != null) {
-        command.execute(client, requestorName);
+        List<String> privileges = command.listPrivileges(requestorName, roleName);
+        for (String privilege : privileges) {
+          System.out.println(privilege);
+        }
       }
     }
   }

http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/AddRoleToGroupCmd.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/AddRoleToGroupCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/AddRoleToGroupCmd.java
deleted file mode 100644
index a45d7e4..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/AddRoleToGroupCmd.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.generic.tools.command;
-
-import com.google.common.collect.Sets;
-import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient;
-import org.apache.sentry.provider.db.tools.SentryShellCommon;
-
-import java.util.Set;
-
-/**
- * Command for adding groups to a role.
- */
-public class AddRoleToGroupCmd implements Command {
-
-  private String roleName;
-  private String groups;
-  private String component;
-
-  public AddRoleToGroupCmd(String roleName, String groups, String component) {
-    this.roleName = roleName;
-    this.groups = groups;
-    this.component = component;
-  }
-
-  @Override
-  public void execute(SentryGenericServiceClient client, String requestorName) throws Exception {
-    Set<String> groupSet = Sets.newHashSet(groups.split(SentryShellCommon.GROUP_SPLIT_CHAR));
-    client.addRoleToGroups(requestorName, roleName, component, groupSet);
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/Command.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/Command.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/Command.java
deleted file mode 100644
index e824fb3..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/Command.java
+++ /dev/null
@@ -1,27 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.generic.tools.command;
-
-import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient;
-
-/**
- * The interface for all admin commands, eg, CreateRoleCmd.
- */
-public interface Command {
-  void execute(SentryGenericServiceClient client, String requestorName) throws Exception;
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/CreateRoleCmd.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/CreateRoleCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/CreateRoleCmd.java
deleted file mode 100644
index da60a64..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/CreateRoleCmd.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.generic.tools.command;
-
-import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient;
-
-/**
- * The class for admin command to create role.
- */
-public class CreateRoleCmd implements Command {
-
-  private String roleName;
-  private String component;
-
-  public CreateRoleCmd(String roleName, String component) {
-    this.roleName = roleName;
-    this.component = component;
-  }
-
-  @Override
-  public void execute(SentryGenericServiceClient client, String requestorName) throws Exception {
-    client.createRole(requestorName, roleName, component);
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/DeleteRoleFromGroupCmd.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/DeleteRoleFromGroupCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/DeleteRoleFromGroupCmd.java
deleted file mode 100644
index 95f39ea..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/DeleteRoleFromGroupCmd.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.generic.tools.command;
-
-import com.google.common.collect.Sets;
-import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient;
-import org.apache.sentry.provider.db.tools.SentryShellCommon;
-
-import java.util.Set;
-
-/**
- * Command for deleting groups from a role.
- */
-public class DeleteRoleFromGroupCmd implements Command {
-
-  private String roleName;
-  private String groups;
-  private String component;
-
-  public DeleteRoleFromGroupCmd(String roleName, String groups, String component) {
-    this.groups = groups;
-    this.roleName = roleName;
-    this.component = component;
-  }
-
-  @Override
-  public void execute(SentryGenericServiceClient client, String requestorName) throws Exception {
-    Set<String> groupSet = Sets.newHashSet(groups.split(SentryShellCommon.GROUP_SPLIT_CHAR));
-    client.deleteRoleToGroups(requestorName, roleName, component, groupSet);
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/DropRoleCmd.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/DropRoleCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/DropRoleCmd.java
deleted file mode 100644
index ac2a328..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/DropRoleCmd.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.generic.tools.command;
-
-import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient;
-
-/**
- * The class for admin command to drop role.
- */
-public class DropRoleCmd implements Command {
-
-  private String roleName;
-  private String component;
-
-  public DropRoleCmd(String roleName, String component) {
-    this.roleName = roleName;
-    this.component = component;
-  }
-
-  @Override
-  public void execute(SentryGenericServiceClient client, String requestorName) throws Exception {
-    client.dropRole(requestorName, roleName, component);
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/GenericShellCommand.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/GenericShellCommand.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/GenericShellCommand.java
new file mode 100644
index 0000000..5a3baad
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/GenericShellCommand.java
@@ -0,0 +1,112 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.provider.db.generic.tools.command;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Set;
+
+import org.apache.commons.lang.StringUtils;
+import org.apache.sentry.core.common.exception.SentryUserException;
+import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient;
+import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege;
+import org.apache.sentry.provider.db.generic.service.thrift.TSentryRole;
+import org.apache.sentry.provider.db.tools.SentryShellCommon;
+import org.apache.sentry.provider.db.tools.ShellCommand;
+
+import com.google.common.collect.Sets;
+
+/**
+ * The ShellCommand implementation for the Generic clients
+ */
+public class GenericShellCommand implements ShellCommand {
+
+  private final SentryGenericServiceClient client;
+  private final String component;
+  private final TSentryPrivilegeConverter converter;
+  private final String serviceName;
+
+  public GenericShellCommand(SentryGenericServiceClient client, String component, String serviceName,
+                             TSentryPrivilegeConverter converter) {
+    this.client = client;
+    this.component = component;
+    this.serviceName = serviceName;
+    this.converter = converter;
+  }
+
+  public void createRole(String requestorName, String roleName) throws SentryUserException {
+    client.createRole(requestorName, roleName, component);
+  }
+
+  public void dropRole(String requestorName, String roleName) throws SentryUserException {
+    client.dropRole(requestorName, roleName, component);
+  }
+
+  public void grantPrivilegeToRole(String requestorName, String roleName, String privilege) throws SentryUserException {
+    TSentryPrivilege sentryPrivilege = converter.fromString(privilege);
+    client.grantPrivilege(requestorName, roleName, component, sentryPrivilege);
+  }
+
+  public void grantRoleToGroups(String requestorName, String roleName, String groups) throws SentryUserException {
+    Set<String> groupSet = Sets.newHashSet(groups.split(SentryShellCommon.GROUP_SPLIT_CHAR));
+    client.addRoleToGroups(requestorName, roleName, component, groupSet);
+  }
+
+  public void revokePrivilegeFromRole(String requestorName, String roleName, String privilege) throws SentryUserException {
+    TSentryPrivilege sentryPrivilege = converter.fromString(privilege);
+    client.revokePrivilege(requestorName, roleName, component, sentryPrivilege);
+  }
+
+  public void revokeRoleFromGroups(String requestorName, String roleName, String groups) throws SentryUserException {
+    Set<String> groupSet = Sets.newHashSet(groups.split(SentryShellCommon.GROUP_SPLIT_CHAR));
+    client.deleteRoleToGroups(requestorName, roleName, component, groupSet);
+  }
+
+  public List<String> listRoles(String requestorName, String roleName, String group) throws SentryUserException {
+    Set<TSentryRole> roles;
+    if (StringUtils.isEmpty(group)) {
+      roles = client.listAllRoles(requestorName, component);
+    } else {
+      roles = client.listRolesByGroupName(requestorName, group, component);
+    }
+
+    List<String> result = new ArrayList<>();
+    if (roles != null) {
+      for (TSentryRole role : roles) {
+        result.add(role.getRoleName());
+      }
+    }
+
+    return result;
+  }
+
+  public List<String> listPrivileges(String requestorName, String roleName) throws SentryUserException {
+    Set<TSentryPrivilege> privileges = client
+        .listPrivilegesByRoleName(requestorName, roleName, component, serviceName);
+
+    List<String> result = new ArrayList<>();
+    if (privileges != null) {
+      for (TSentryPrivilege privilege : privileges) {
+        String privilegeStr = converter.toString(privilege);
+        result.add(privilegeStr);
+      }
+    }
+
+    return result;
+  }
+}

http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/GrantPrivilegeToRoleCmd.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/GrantPrivilegeToRoleCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/GrantPrivilegeToRoleCmd.java
deleted file mode 100644
index 634bb42..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/GrantPrivilegeToRoleCmd.java
+++ /dev/null
@@ -1,47 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.generic.tools.command;
-
-import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient;
-import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege;
-
-/**
- * The class for admin command to grant privilege to role.
- */
-public class GrantPrivilegeToRoleCmd implements Command {
-
-  private String roleName;
-  private String component;
-  private String privilegeStr;
-  private TSentryPrivilegeConverter converter;
-
-  public GrantPrivilegeToRoleCmd(String roleName, String component, String privilegeStr,
-      TSentryPrivilegeConverter converter) {
-    this.roleName = roleName;
-    this.component = component;
-    this.privilegeStr = privilegeStr;
-    this.converter = converter;
-  }
-
-  @Override
-  public void execute(SentryGenericServiceClient client, String requestorName) throws Exception {
-    TSentryPrivilege privilege = converter.fromString(privilegeStr);
-    client.grantPrivilege(requestorName, roleName, component, privilege);
-
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListPrivilegesByRoleCmd.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListPrivilegesByRoleCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListPrivilegesByRoleCmd.java
deleted file mode 100644
index ce6db3a..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListPrivilegesByRoleCmd.java
+++ /dev/null
@@ -1,54 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.generic.tools.command;
-
-import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient;
-import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege;
-
-import java.util.Set;
-
-/**
- * The class for admin command to list privileges by role.
- */
-public class ListPrivilegesByRoleCmd implements Command {
-
-  private String roleName;
-  private String component;
-  private String serviceName;
-  private TSentryPrivilegeConverter converter;
-
-  public ListPrivilegesByRoleCmd(String roleName, String component, String serviceName,
-      TSentryPrivilegeConverter converter) {
-    this.roleName = roleName;
-    this.component = component;
-    this.serviceName = serviceName;
-    this.converter = converter;
-  }
-
-  @Override
-  public void execute(SentryGenericServiceClient client, String requestorName) throws Exception {
-    Set<TSentryPrivilege> privileges = client
-            .listPrivilegesByRoleName(requestorName, roleName, component, serviceName);
-    if (privileges != null) {
-      for (TSentryPrivilege privilege : privileges) {
-        String privilegeStr = converter.toString(privilege);
-        System.out.println(privilegeStr);
-      }
-    }
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListRolesCmd.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListRolesCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListRolesCmd.java
deleted file mode 100644
index 6b68d06..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/ListRolesCmd.java
+++ /dev/null
@@ -1,53 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.generic.tools.command;
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient;
-import org.apache.sentry.provider.db.generic.service.thrift.TSentryRole;
-
-import java.util.Set;
-
-/**
- * The class for admin command to list roles.
- */
-public class ListRolesCmd implements Command {
-
-  private String groupName;
-  private String component;
-
-  public ListRolesCmd(String groupName, String component) {
-    this.groupName = groupName;
-    this.component = component;
-  }
-
-  @Override
-  public void execute(SentryGenericServiceClient client, String requestorName) throws Exception {
-    Set<TSentryRole> roles;
-    if (StringUtils.isEmpty(groupName)) {
-      roles = client.listAllRoles(requestorName, component);
-    } else {
-      roles = client.listRolesByGroupName(requestorName, groupName, component);
-    }
-    if (roles != null) {
-      for (TSentryRole role : roles) {
-        System.out.println(role.getRoleName());
-      }
-    }
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/RevokePrivilegeFromRoleCmd.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/RevokePrivilegeFromRoleCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/RevokePrivilegeFromRoleCmd.java
deleted file mode 100644
index 3e42e60..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/RevokePrivilegeFromRoleCmd.java
+++ /dev/null
@@ -1,47 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.generic.tools.command;
-
-import org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClient;
-import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege;
-
-/**
- * The class for admin command to revoke privileges from role.
- */
-public class RevokePrivilegeFromRoleCmd implements Command {
-
-  private String roleName;
-  private String component;
-  private String privilegeStr;
-  private TSentryPrivilegeConverter converter;
-
-  public RevokePrivilegeFromRoleCmd(String roleName, String component, String privilegeStr,
-      TSentryPrivilegeConverter converter) {
-    this.roleName = roleName;
-    this.component = component;
-    this.privilegeStr = privilegeStr;
-    this.converter = converter;
-  }
-
-  @Override
-  public void execute(SentryGenericServiceClient client, String requestorName) throws Exception {
-    TSentryPrivilege privilege = converter.fromString(privilegeStr);
-    client.revokePrivilege(requestorName, roleName, component, privilege);
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/TSentryPrivilegeConverter.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/TSentryPrivilegeConverter.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/TSentryPrivilegeConverter.java
index ab44895..0bfbc44 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/TSentryPrivilegeConverter.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/command/TSentryPrivilegeConverter.java
@@ -17,6 +17,7 @@
  */
 package org.apache.sentry.provider.db.generic.tools.command;
 
+import org.apache.sentry.core.common.exception.SentryUserException;
 import org.apache.sentry.provider.db.generic.service.thrift.TSentryPrivilege;
 
 public interface TSentryPrivilegeConverter {
@@ -24,7 +25,7 @@ public interface TSentryPrivilegeConverter {
   /**
    * Convert string to privilege
    */
-  TSentryPrivilege fromString(String privilegeStr) throws Exception;
+  TSentryPrivilege fromString(String privilegeStr) throws SentryUserException;
 
   /**
    * Convert privilege to string

http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellHive.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellHive.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellHive.java
index 09f17ed..226d58d 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellHive.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellHive.java
@@ -18,6 +18,8 @@
 
 package org.apache.sentry.provider.db.tools;
 
+import java.util.List;
+
 import org.apache.commons.lang.StringUtils;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.fs.Path;
@@ -39,39 +41,41 @@ public class SentryShellHive extends SentryShellCommon {
   private static final Logger LOGGER = LoggerFactory.getLogger(SentryShellHive.class);
 
   public void run() throws Exception {
-    Command command = null;
 
     try(SentryPolicyServiceClient client =
                 SentryServiceClientFactory.create(getSentryConf())) {
       UserGroupInformation ugi = UserGroupInformation.getLoginUser();
       String requestorName = ugi.getShortUserName();
+      ShellCommand command = new HiveShellCommand(client);
+
+      // check the requestor name
+      if (StringUtils.isEmpty(requestorName)) {
+        // The exception message will be recorded in the log file.
+        throw new Exception("The requestor name is empty.");
+      }
 
       if (isCreateRole) {
-        command = new CreateRoleCmd(roleName);
+        command.createRole(requestorName, roleName);
       } else if (isDropRole) {
-        command = new DropRoleCmd(roleName);
+        command.dropRole(requestorName, roleName);
       } else if (isAddRoleGroup) {
-        command = new GrantRoleToGroupsCmd(roleName, groupName);
+        command.grantRoleToGroups(requestorName, roleName, groupName);
       } else if (isDeleteRoleGroup) {
-        command = new RevokeRoleFromGroupsCmd(roleName, groupName);
+        command.revokeRoleFromGroups(requestorName, roleName, groupName);
       } else if (isGrantPrivilegeRole) {
-        command = new GrantPrivilegeToRoleCmd(roleName, privilegeStr);
+        command.grantPrivilegeToRole(requestorName, roleName, privilegeStr);
       } else if (isRevokePrivilegeRole) {
-        command = new RevokePrivilegeFromRoleCmd(roleName, privilegeStr);
+        command.revokePrivilegeFromRole(requestorName, roleName, privilegeStr);
       } else if (isListRole) {
-        command = new ListRolesCmd(groupName);
+        List<String> roles = command.listRoles(requestorName, roleName, groupName);
+        for (String role : roles) {
+          System.out.println(role);
+        }
       } else if (isListPrivilege) {
-        command = new ListPrivilegesCmd(roleName);
-      }
-
-      // check the requestor name
-      if (StringUtils.isEmpty(requestorName)) {
-        // The exception message will be recoreded in log file.
-        throw new Exception("The requestor name is empty.");
-      }
-
-      if (command != null) {
-        command.execute(client, requestorName);
+        List<String> privileges = command.listPrivileges(requestorName, roleName);
+        for (String privilege : privileges) {
+          System.out.println(privilege);
+        }
       }
     }
   }

http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/ShellCommand.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/ShellCommand.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/ShellCommand.java
new file mode 100644
index 0000000..ec751ec
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/ShellCommand.java
@@ -0,0 +1,44 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.provider.db.tools;
+
+import java.util.List;
+
+import org.apache.sentry.core.common.exception.SentryUserException;
+
+/**
+ * The interface for all admin commands, eg, CreateRoleCmd. It is independent of the underlying mechanism (i.e. Generic or Hive)
+ */
+public interface ShellCommand {
+
+    void createRole(String requestorName, String roleName) throws SentryUserException;
+
+    void dropRole(String requestorName, String roleName) throws SentryUserException;
+
+    void grantPrivilegeToRole(String requestorName, String roleName, String privilege) throws SentryUserException;
+
+    void grantRoleToGroups(String requestorName, String roleName, String groups) throws SentryUserException;
+
+    void revokePrivilegeFromRole(String requestorName, String roleName, String privilege) throws SentryUserException;
+
+    void revokeRoleFromGroups(String requestorName, String roleName, String groups) throws SentryUserException;
+
+    List<String> listRoles(String requestorName, String roleName, String group) throws SentryUserException;
+
+    List<String> listPrivileges(String requestorName, String roleName) throws SentryUserException;
+}

http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/Command.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/Command.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/Command.java
deleted file mode 100644
index 79aed49..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/Command.java
+++ /dev/null
@@ -1,27 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.tools.command.hive;
-
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-
-/**
- * The interface for all admin commands, eg, CreateRoleCmd.
- */
-public interface Command {
-  void execute(SentryPolicyServiceClient client, String requestorName) throws Exception;
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CommandUtil.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CommandUtil.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CommandUtil.java
index b6f4140..3f0b5fa 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CommandUtil.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CommandUtil.java
@@ -31,7 +31,7 @@ public final class CommandUtil {
 
   // check the privilege value for the specific privilege scope
   // eg, for the table scope, server and database can't be empty
-  public static void validatePrivilegeHierarchy(TSentryPrivilege tSentryPrivilege) throws Exception {
+  public static void validatePrivilegeHierarchy(TSentryPrivilege tSentryPrivilege) throws IllegalArgumentException {
     String serverName = tSentryPrivilege.getServerName();
     String dbName = tSentryPrivilege.getDbName();
     String tableName = tSentryPrivilege.getTableName();

http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CreateRoleCmd.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CreateRoleCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CreateRoleCmd.java
deleted file mode 100644
index 5a4834a..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/CreateRoleCmd.java
+++ /dev/null
@@ -1,37 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.tools.command.hive;
-
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-
-/**
- * The class for admin command to create role.
- */
-public class CreateRoleCmd implements Command {
-
-  private String roleName;
-
-  public CreateRoleCmd(String roleName) {
-    this.roleName = roleName;
-  }
-
-  @Override
-  public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception {
-    client.createRole(requestorName, roleName);
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/DropRoleCmd.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/DropRoleCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/DropRoleCmd.java
deleted file mode 100644
index facec0e..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/DropRoleCmd.java
+++ /dev/null
@@ -1,37 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.tools.command.hive;
-
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-
-/**
- * The class for admin command to drop role.
- */
-public class DropRoleCmd implements Command {
-
-  private String roleName;
-
-  public DropRoleCmd(String roleName) {
-    this.roleName = roleName;
-  }
-
-  @Override
-  public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception {
-    client.dropRole(requestorName, roleName);
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantPrivilegeToRoleCmd.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantPrivilegeToRoleCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantPrivilegeToRoleCmd.java
deleted file mode 100644
index f530c00..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantPrivilegeToRoleCmd.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.tools.command.hive;
-
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
-import org.apache.sentry.service.thrift.SentryServiceUtil;
-
-/**
- * The class for admin command to grant privilege to role.
- */
-public class GrantPrivilegeToRoleCmd implements Command {
-
-  private String roleName;
-  private String privilegeStr;
-
-  public GrantPrivilegeToRoleCmd(String roleName, String privilegeStr) {
-    this.roleName = roleName;
-    this.privilegeStr = privilegeStr;
-  }
-
-  @Override
-  public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception {
-    TSentryPrivilege tSentryPrivilege = SentryServiceUtil.convertToTSentryPrivilege(privilegeStr);
-    CommandUtil.validatePrivilegeHierarchy(tSentryPrivilege);
-    client.grantPrivilege(requestorName, roleName, tSentryPrivilege);
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantRoleToGroupsCmd.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantRoleToGroupsCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantRoleToGroupsCmd.java
deleted file mode 100644
index 07a3de4..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/GrantRoleToGroupsCmd.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.tools.command.hive;
-
-import com.google.common.collect.Sets;
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-import org.apache.sentry.provider.db.tools.SentryShellCommon;
-
-import java.util.Set;
-
-/**
- * The class for admin command to grant role to group.
- */
-public class GrantRoleToGroupsCmd implements Command {
-
-  private String roleName;
-  private String groupNamesStr;
-
-  public GrantRoleToGroupsCmd(String roleName, String groupNamesStr) {
-    this.roleName = roleName;
-    this.groupNamesStr = groupNamesStr;
-  }
-
-  @Override
-  public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception {
-    Set<String> groups = Sets.newHashSet(groupNamesStr.split(SentryShellCommon.GROUP_SPLIT_CHAR));
-    client.grantRoleToGroups(requestorName, roleName, groups);
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/HiveShellCommand.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/HiveShellCommand.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/HiveShellCommand.java
new file mode 100644
index 0000000..8451d8b
--- /dev/null
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/HiveShellCommand.java
@@ -0,0 +1,108 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.provider.db.tools.command.hive;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Set;
+
+import org.apache.commons.lang.StringUtils;
+import org.apache.sentry.core.common.exception.SentryUserException;
+import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
+import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
+import org.apache.sentry.provider.db.service.thrift.TSentryRole;
+import org.apache.sentry.provider.db.tools.SentryShellCommon;
+import org.apache.sentry.provider.db.tools.ShellCommand;
+import org.apache.sentry.service.thrift.SentryServiceUtil;
+
+import com.google.common.collect.Sets;
+
+/**
+ * The ShellCommand implementation for Hive.
+ */
+public class HiveShellCommand implements ShellCommand {
+
+  private final SentryPolicyServiceClient client;
+
+  public HiveShellCommand(SentryPolicyServiceClient client) {
+    this.client = client;
+  }
+
+  public void createRole(String requestorName, String roleName) throws SentryUserException {
+    client.createRole(requestorName, roleName);
+  }
+
+  public void dropRole(String requestorName, String roleName) throws SentryUserException {
+    client.dropRole(requestorName, roleName);
+  }
+
+  public void grantPrivilegeToRole(String requestorName, String roleName, String privilege) throws SentryUserException {
+    TSentryPrivilege tSentryPrivilege = SentryServiceUtil.convertToTSentryPrivilege(privilege);
+    CommandUtil.validatePrivilegeHierarchy(tSentryPrivilege);
+    client.grantPrivilege(requestorName, roleName, tSentryPrivilege);
+  }
+
+  public void grantRoleToGroups(String requestorName, String roleName, String groups) throws SentryUserException {
+    Set<String> groupSet = Sets.newHashSet(groups.split(SentryShellCommon.GROUP_SPLIT_CHAR));
+    client.grantRoleToGroups(requestorName, roleName, groupSet);
+  }
+
+  public void revokePrivilegeFromRole(String requestorName, String roleName, String privilege) throws SentryUserException {
+    TSentryPrivilege tSentryPrivilege = SentryServiceUtil.convertToTSentryPrivilege(privilege);
+    CommandUtil.validatePrivilegeHierarchy(tSentryPrivilege);
+    client.revokePrivilege(requestorName, roleName, tSentryPrivilege);
+  }
+
+  public void revokeRoleFromGroups(String requestorName, String roleName, String groups) throws SentryUserException {
+    Set<String> groupSet = Sets.newHashSet(groups.split(SentryShellCommon.GROUP_SPLIT_CHAR));
+    client.revokeRoleFromGroups(requestorName, roleName, groupSet);
+  }
+
+  public List<String> listRoles(String requestorName, String roleName, String group) throws SentryUserException {
+    Set<TSentryRole> roles;
+    if (StringUtils.isEmpty(group)) {
+      roles = client.listRoles(requestorName);
+    } else {
+      roles = client.listRolesByGroupName(requestorName, group);
+    }
+
+    List<String> result = new ArrayList<>();
+    if (roles != null) {
+      for (TSentryRole role : roles) {
+        result.add(role.getRoleName());
+      }
+    }
+
+    return result;
+  }
+
+  public List<String> listPrivileges(String requestorName, String roleName) throws SentryUserException {
+    Set<TSentryPrivilege> privileges = client
+        .listAllPrivilegesByRoleName(requestorName, roleName);
+
+    List<String> result = new ArrayList<>();
+    if (privileges != null) {
+      for (TSentryPrivilege privilege : privileges) {
+        String privilegeStr = SentryServiceUtil.convertTSentryPrivilegeToStr(privilege);
+        result.add(privilegeStr);
+      }
+    }
+    return result;
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/ListPrivilegesCmd.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/ListPrivilegesCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/ListPrivilegesCmd.java
deleted file mode 100644
index 2cc4f71..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/ListPrivilegesCmd.java
+++ /dev/null
@@ -1,49 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.tools.command.hive;
-
-import java.util.Set;
-
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
-import org.apache.sentry.service.thrift.SentryServiceUtil;
-
-/**
- * The class for admin command to list privileges.
- */
-public class ListPrivilegesCmd implements Command {
-
-  private String roleName;
-
-  public ListPrivilegesCmd(String roleName) {
-    this.roleName = roleName;
-  }
-
-  @Override
-  public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception {
-    Set<TSentryPrivilege> privileges = client
-            .listAllPrivilegesByRoleName(requestorName, roleName);
-    if (privileges != null) {
-      for (TSentryPrivilege privilege : privileges) {
-        String privilegeStr = SentryServiceUtil.convertTSentryPrivilegeToStr(privilege);
-        System.out.println(privilegeStr);
-      }
-    }
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/ListRolesCmd.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/ListRolesCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/ListRolesCmd.java
deleted file mode 100644
index 283f2c0..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/ListRolesCmd.java
+++ /dev/null
@@ -1,51 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.tools.command.hive;
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-import org.apache.sentry.provider.db.service.thrift.TSentryRole;
-
-import java.util.Set;
-
-/**
- * The class for admin command to list roles.
- */
-public class ListRolesCmd implements Command {
-
-  private String groupName;
-
-  public ListRolesCmd(String groupName) {
-    this.groupName = groupName;
-  }
-
-  @Override
-  public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception {
-    Set<TSentryRole> roles;
-    if (StringUtils.isEmpty(groupName)) {
-      roles = client.listRoles(requestorName);
-    } else {
-      roles = client.listRolesByGroupName(requestorName, groupName);
-    }
-    if (roles != null) {
-      for (TSentryRole role : roles) {
-        System.out.println(role.getRoleName());
-      }
-    }
-  }
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java
deleted file mode 100644
index 4acecee..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokePrivilegeFromRoleCmd.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.tools.command.hive;
-
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
-import org.apache.sentry.service.thrift.SentryServiceUtil;
-
-/**
- * The class for admin command to revoke privileges from role.
- */
-public class RevokePrivilegeFromRoleCmd implements Command {
-
-  private String roleName;
-  private String privilegeStr;
-
-  public RevokePrivilegeFromRoleCmd(String roleName, String privilegeStr) {
-    this.roleName = roleName;
-    this.privilegeStr = privilegeStr;
-  }
-
-  @Override
-  public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception {
-    TSentryPrivilege tSentryPrivilege = SentryServiceUtil.convertToTSentryPrivilege(privilegeStr);
-    CommandUtil.validatePrivilegeHierarchy(tSentryPrivilege);
-    client.revokePrivilege(requestorName, roleName, tSentryPrivilege);
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/sentry/blob/6d44cfd9/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokeRoleFromGroupsCmd.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokeRoleFromGroupsCmd.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokeRoleFromGroupsCmd.java
deleted file mode 100644
index 86773ca..0000000
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/command/hive/RevokeRoleFromGroupsCmd.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.provider.db.tools.command.hive;
-
-import com.google.common.collect.Sets;
-import org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClient;
-
-import java.util.Set;
-
-/**
- * The class for admin command to revoke role from group.
- */
-public class RevokeRoleFromGroupsCmd implements Command {
-
-  private String roleName;
-  private String groupNamesStr;
-
-  public RevokeRoleFromGroupsCmd(String roleName, String groupNamesStr) {
-    this.roleName = roleName;
-    this.groupNamesStr = groupNamesStr;
-  }
-
-  @Override
-  public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception {
-    Set<String> groups = Sets.newHashSet(groupNamesStr.split(CommandUtil.SPLIT_CHAR));
-    client.revokeRoleFromGroups(requestorName, roleName, groups);
-  }
-}


Mime
View raw message