sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From shreepa...@apache.org
Subject [2/2] git commit: SENTRY-11: Normalize the user:group mapping for end to end tests (Sravya Tirukkovalur via Shreepadma Venugopalan)
Date Wed, 02 Oct 2013 16:34:01 GMT
SENTRY-11: Normalize the user:group mapping for end to end tests (Sravya Tirukkovalur via Shreepadma Venugopalan)


Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/6396ccb1
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/6396ccb1
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/6396ccb1

Branch: refs/heads/master
Commit: 6396ccb1feeb100b5ae9af2e0ad42bddd94d2e36
Parents: fa43b28
Author: Shreepadma Venugopalan <shreepadma@apache.org>
Authored: Wed Oct 2 09:05:27 2013 -0700
Committer: Shreepadma Venugopalan <shreepadma@apache.org>
Committed: Wed Oct 2 09:05:27 2013 -0700

----------------------------------------------------------------------
 .../apache/sentry/provider/file/PolicyFile.java |  23 ++--
 .../file/TestPolicyParsingNegative.java         |   6 +-
 .../file/TestSimplePolicyEngineDFS.java         |   1 +
 .../e2e/hive/AbstractTestWithHiveServer.java    |   8 ++
 .../AbstractTestWithStaticConfiguration.java    |  17 ++-
 .../sentry/tests/e2e/hive/StaticUserGroup.java  |  35 ++++++
 .../sentry/tests/e2e/hive/TestCrossDbOps.java   |  80 +++++++-------
 .../sentry/tests/e2e/hive/TestEndToEnd.java     |  42 ++++----
 .../e2e/hive/TestExportImportPrivileges.java    |  34 +++---
 .../e2e/hive/TestMetadataObjectRetrieval.java   |  82 +++++++-------
 .../tests/e2e/hive/TestMetadataPermissions.java |  35 ++----
 .../tests/e2e/hive/TestMovingToProduction.java  |  28 +++--
 .../tests/e2e/hive/TestPerDBConfiguration.java  |  81 ++++++--------
 .../e2e/hive/TestPerDatabasePolicyFile.java     |  12 +--
 .../e2e/hive/TestPrivilegeAtTransform.java      |  16 +--
 .../e2e/hive/TestPrivilegesAtDatabaseScope.java |  86 +++++++--------
 .../e2e/hive/TestPrivilegesAtFunctionScope.java |  32 +++---
 .../e2e/hive/TestPrivilegesAtTableScope.java    |  76 ++++++-------
 .../e2e/hive/TestRuntimeMetadataRetrieval.java  |  57 +++++-----
 .../sentry/tests/e2e/hive/TestSandboxOps.java   | 107 +++++++++----------
 .../hive/TestSentryOnFailureHookLoading.java    |  12 +--
 .../tests/e2e/hive/TestServerConfiguration.java |  32 +++---
 .../tests/e2e/hive/TestUriPermissions.java      |  61 +++++------
 .../tests/e2e/hive/TestUserManagement.java      |  51 +++++----
 24 files changed, 513 insertions(+), 501 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/6396ccb1/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/PolicyFile.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/PolicyFile.java b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/PolicyFile.java
index fafe79b..3f2283e 100644
--- a/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/PolicyFile.java
+++ b/sentry-provider/sentry-provider-file/src/main/java/org/apache/sentry/provider/file/PolicyFile.java
@@ -17,10 +17,6 @@
 
 package org.apache.sentry.provider.file;
 
-import static org.apache.sentry.provider.file.PolicyFileConstants.DATABASES;
-import static org.apache.sentry.provider.file.PolicyFileConstants.GROUPS;
-import static org.apache.sentry.provider.file.PolicyFileConstants.ROLES;
-
 import java.io.File;
 import java.io.IOException;
 import java.util.Collection;
@@ -39,6 +35,8 @@ import com.google.common.collect.Maps;
 import com.google.common.collect.Multimap;
 import com.google.common.io.Files;
 
+import static org.apache.sentry.provider.file.PolicyFileConstants.*;
+
 /**
  * PolicyFile creator. Written specifically to be used with tests. Specifically
  * due to the fact that methods that would typically return true or false to
@@ -72,11 +70,19 @@ public class PolicyFile {
     return add(rolesToPermissions.get(roleName), allowDuplicates, permissionNames);
   }
   public PolicyFile addGroupsToUser(String userName, String... groupNames) {
+    LOGGER.warn("Static user:group mapping is not being used");
     return addGroupsToUser(userName, false, groupNames);
   }
   public PolicyFile addGroupsToUser(String userName, boolean allowDuplicates, String... groupNames) {
+    LOGGER.warn("Static user:group mapping is not being used");
     return add(usersToGroups.get(userName), allowDuplicates, groupNames);
   }
+  public PolicyFile setUserGroupMapping(Map<String, String> mapping){
+    for(String key: mapping.keySet()){
+      usersToGroups.put(key, mapping.get(key));
+    }
+    return this;
+  }
   public PolicyFile addDatabase(String databaseName, String path) {
     String oldPath;
     if((oldPath = databasesToPolicyFiles.put(databaseName, path)) != null) {
@@ -93,6 +99,7 @@ public class PolicyFile {
     return remove(rolesToPermissions.get(roleName), permissionNames);
   }
   public PolicyFile removeGroupsFromUser(String userName, String... groupNames) {
+    LOGGER.warn("Static user:group mapping is not being used");
     return remove(usersToGroups.get(userName), groupNames);
   }
   public PolicyFile removeDatabase(String databaseName) {
@@ -117,7 +124,7 @@ public class PolicyFile {
     }
     String contents = Joiner.on(NL)
         .join(getSection(DATABASES, databasesToPolicyFiles),
-            getSection(PolicyFileConstants.USERS, usersToGroups),
+            getSection(USERS, usersToGroups),
             getSection(GROUPS, groupsToRoles),
             getSection(ROLES, rolesToPermissions),
             "");
@@ -168,10 +175,10 @@ public class PolicyFile {
     return this;
   }
 
-  public static PolicyFile createAdminOnServer1(String admin) {
+  //User:Group mapping for the admin user needs to be set separately
+  public static PolicyFile setAdminOnServer1(String admin) {
     return new PolicyFile()
-      .addGroupsToUser(admin, "admin")
-      .addRolesToGroup("admin", "admin_role")
+      .addRolesToGroup(admin, "admin_role")
       .addPermissionsToRole("admin_role", "server=server1");
   }
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/6396ccb1/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestPolicyParsingNegative.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestPolicyParsingNegative.java b/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestPolicyParsingNegative.java
index 7285806..e6e6564 100644
--- a/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestPolicyParsingNegative.java
+++ b/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestPolicyParsingNegative.java
@@ -26,9 +26,6 @@ import org.apache.commons.io.FileUtils;
 import org.apache.sentry.core.Authorizable;
 import org.apache.sentry.core.Database;
 import org.apache.sentry.core.Server;
-import org.apache.sentry.provider.file.PolicyEngine;
-import org.apache.sentry.provider.file.PolicyFile;
-import org.apache.sentry.provider.file.SimplePolicyEngine;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
@@ -90,7 +87,8 @@ public class TestPolicyParsingNegative {
     ImmutableSet<String> permissions;
     PolicyFile policyFile;
     // test sanity
-    policyFile = PolicyFile.createAdminOnServer1("admin1");
+    policyFile = PolicyFile.setAdminOnServer1("admin");
+    policyFile.addGroupsToUser("admin1", "admin");
     policyFile.write(globalPolicyFile);
     policyFile.write(otherPolicyFile);
     policy = new SimplePolicyEngine(globalPolicyFile.getPath(), "server1");

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/6396ccb1/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestSimplePolicyEngineDFS.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestSimplePolicyEngineDFS.java b/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestSimplePolicyEngineDFS.java
index 656a0fa..34a734e 100644
--- a/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestSimplePolicyEngineDFS.java
+++ b/sentry-provider/sentry-provider-file/src/test/java/org/apache/sentry/provider/file/TestSimplePolicyEngineDFS.java
@@ -86,6 +86,7 @@ public class TestSimplePolicyEngineDFS extends AbstractTestSimplePolicyEngine {
     PolicyFile dbPolicy = new PolicyFile()
       .addPermissionsToRole("db11_role", "server=server1->db=db11")
       .addRolesToGroup("group1", "db11_role");
+
     dbPolicy.write(dbPolicyFile);
     Path dbPolicyPath = new Path(etc, "db11-policy.ini");
 

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/6396ccb1/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithHiveServer.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithHiveServer.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithHiveServer.java
index 25c64c7..cae15ae 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithHiveServer.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithHiveServer.java
@@ -42,6 +42,14 @@ public abstract class AbstractTestWithHiveServer {
   protected File policyFile;
   protected HiveServer hiveServer;
   protected FileSystem fileSystem;
+  protected static final String ADMIN1 = StaticUserGroup.ADMIN1,
+      ADMINGROUP = StaticUserGroup.ADMINGROUP,
+      USER1_1 = StaticUserGroup.USER1_1,
+      USER2_1 = StaticUserGroup.USER2_1,
+      USER3_1 = StaticUserGroup.USER3_1,
+      USERGROUP1 = StaticUserGroup.USERGROUP1,
+      USERGROUP2 = StaticUserGroup.USERGROUP2,
+      USERGROUP3 = StaticUserGroup.USERGROUP3;
 
   public Context createContext(Map<String, String> properties)
       throws Exception {

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/6396ccb1/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java
index e56eb92..ba05044 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java
@@ -40,8 +40,7 @@ public abstract class AbstractTestWithStaticConfiguration {
   private static final Logger LOGGER = LoggerFactory
       .getLogger(AbstractTestWithStaticConfiguration.class);
   protected static final String SINGLE_TYPE_DATA_FILE_NAME = "kv1.dat";
-  protected static final String ADMIN1 = "admin1";
-  protected static final String ALL_DB1 = "server=server1->db=db_1",      
+  protected static final String ALL_DB1 = "server=server1->db=db_1",
       ALL_DB2 = "server=server1->db=db_2",
       SELECT_DB1_TBL1 = "server=server1->db=db_1->table=tb_1->action=select",
       SELECT_DB1_TBL2 = "server=server1->db=db_1->table=tb_2->action=select",
@@ -51,9 +50,17 @@ public abstract class AbstractTestWithStaticConfiguration {
       SELECT_DB2_TBL2 = "server=server1->db=db_2->table=tb_2->action=select",
       INSERT_DB2_TBL1 = "server=server1->db=db_2->table=tb_1->action=insert",
       SELECT_DB1_VIEW1 = "server=server1->db=db_1->table=view_1->action=select",
-      USER1 = "user1",
-      USER2 = "user2",
-      GROUP1 = "group1",
+      ADMIN1 = StaticUserGroup.ADMIN1,
+      ADMINGROUP = StaticUserGroup.ADMINGROUP,
+      USER1_1 = StaticUserGroup.USER1_1,
+      USER1_2 = StaticUserGroup.USER1_2,
+      USER2_1 = StaticUserGroup.USER2_1,
+      USER3_1 = StaticUserGroup.USER3_1,
+      USER4_1 = StaticUserGroup.USER4_1,
+      USERGROUP1 = StaticUserGroup.USERGROUP1,
+      USERGROUP2 = StaticUserGroup.USERGROUP2,
+      USERGROUP3 = StaticUserGroup.USERGROUP3,
+      USERGROUP4 = StaticUserGroup.USERGROUP4,
       GROUP1_ROLE = "group1_role",
       DB1 = "db_1",
       DB2 = "db_2",

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/6396ccb1/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/StaticUserGroup.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/StaticUserGroup.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/StaticUserGroup.java
new file mode 100644
index 0000000..227fc89
--- /dev/null
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/StaticUserGroup.java
@@ -0,0 +1,35 @@
+package org.apache.sentry.tests.e2e.hive;
+
+import java.util.HashMap;
+import java.util.Map;
+
+public class StaticUserGroup {
+  public static final String
+      ADMIN1 = "admin1",
+      ADMINGROUP = "admin",
+      USER1_1 = "user1_1",
+      USER1_2 = "user1_2",
+      USER2_1 = "user2_1",
+      USER3_1 = "user3_1",
+      USER4_1 = "user4_1",
+      USERGROUP1 = "user_group1",
+      USERGROUP2 = "user_group2",
+      USERGROUP3 = "user_group3",
+      USERGROUP4 = "user_group4";
+  private static final Map<String, String> staticMapping;
+
+  static {
+    staticMapping = new HashMap<String, String>();
+    staticMapping.put(ADMIN1, ADMINGROUP);
+    staticMapping.put(USER1_1, USERGROUP1);
+    staticMapping.put(USER1_2, USERGROUP1);
+    staticMapping.put(USER2_1, USERGROUP2);
+    staticMapping.put(USER3_1, USERGROUP3);
+    staticMapping.put(USER4_1, USERGROUP4);
+  }
+
+  public static Map<String, String> getStaticMapping(){
+    return staticMapping;
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/6396ccb1/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestCrossDbOps.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestCrossDbOps.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestCrossDbOps.java
index 45854e9..85ddc67 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestCrossDbOps.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestCrossDbOps.java
@@ -55,7 +55,7 @@ public class TestCrossDbOps extends AbstractTestWithStaticLocalFS {
     FileOutputStream to = new FileOutputStream(dataFile);
     Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
     to.close();
-    policyFile = PolicyFile.createAdminOnServer1(ADMIN1);
+    policyFile = PolicyFile.setAdminOnServer1(ADMINGROUP);
     loadData = "server=server1->uri=file://" + dataFile.getPath();
 
   }
@@ -77,13 +77,12 @@ public class TestCrossDbOps extends AbstractTestWithStaticLocalFS {
   public void testShowDatabasesAndShowTables() throws Exception {
     // edit policy file
     policyFile
-        .addRolesToGroup("group1", "select_tab1", "insert_tab2")
-        .addRolesToGroup("group2", "select_tab3")
+        .addRolesToGroup(USERGROUP1, "select_tab1", "insert_tab2")
+        .addRolesToGroup(USERGROUP2, "select_tab3")
         .addPermissionsToRole("select_tab1",  "server=server1->db=db1->table=tab1->action=select")
         .addPermissionsToRole("select_tab3", "server=server1->db=db2->table=tab3->action=select")
         .addPermissionsToRole("insert_tab2", "server=server1->db=db2->table=tab2->action=insert")
-        .addGroupsToUser("user1", "group1")
-        .addGroupsToUser("user2", "group2");
+        .setUserGroupMapping(StaticUserGroup.getStaticMapping());
     policyFile.write(context.getPolicyFile());
 
     // admin create two databases
@@ -105,7 +104,7 @@ public class TestCrossDbOps extends AbstractTestWithStaticLocalFS {
 
     // test show databases
     // show databases shouldn't filter any of the dbs from the resultset
-    Connection conn = context.createConnection("user1", "");
+    Connection conn = context.createConnection(USER1_1, "");
     Statement stmt = context.createStatement(conn);
     ResultSet res = stmt.executeQuery("SHOW DATABASES");
     List<String> result = new ArrayList<String>();
@@ -148,8 +147,8 @@ public class TestCrossDbOps extends AbstractTestWithStaticLocalFS {
     stmt.close();
     conn.close();
 
-    // test show databases and show tables for user2
-    conn = context.createConnection("user2", "");
+    // test show databases and show tables for user2_1
+    conn = context.createConnection(USER2_1, "");
     stmt = context.createStatement(conn);
     res = stmt.executeQuery("SHOW DATABASES");
     result.clear();
@@ -194,13 +193,12 @@ public class TestCrossDbOps extends AbstractTestWithStaticLocalFS {
   @Test
   public void testJDBCGetSchemasAndGetTables() throws Exception {
     // edit policy file
-    policyFile.addRolesToGroup("group1", "select_tab1", "insert_tab2")
-        .addRolesToGroup("group2", "select_tab3")
+    policyFile.addRolesToGroup(USERGROUP1, "select_tab1", "insert_tab2")
+        .addRolesToGroup(USERGROUP2, "select_tab3")
         .addPermissionsToRole("select_tab1", "server=server1->db=db1->table=tab1->action=select")
         .addPermissionsToRole("select_tab3", "server=server1->db=db2->table=tab3->action=select")
         .addPermissionsToRole("insert_tab2", "server=server1->db=db2->table=tab2->action=insert")
-        .addGroupsToUser("user1", "group1")
-        .addGroupsToUser("user2", "group2");
+        .setUserGroupMapping(StaticUserGroup.getStaticMapping());
     policyFile.write(context.getPolicyFile());
 
     // admin create two databases
@@ -222,7 +220,7 @@ public class TestCrossDbOps extends AbstractTestWithStaticLocalFS {
 
     // test show databases
     // show databases shouldn't filter any of the dbs from the resultset
-    Connection conn = context.createConnection("user1", "");
+    Connection conn = context.createConnection(USER1_1, "");
     List<String> result = new ArrayList<String>();
 
     // test direct JDBC metadata API
@@ -291,7 +289,7 @@ public class TestCrossDbOps extends AbstractTestWithStaticLocalFS {
     conn.close();
 
     // test show databases and show tables for user2
-    conn = context.createConnection("user2", "");
+    conn = context.createConnection(USER2_1, "");
 
     // test direct JDBC metadata API
     res = conn.getMetaData().getSchemas();
@@ -346,25 +344,24 @@ public class TestCrossDbOps extends AbstractTestWithStaticLocalFS {
   }
 
   /**
-   * 2.8 admin user create two database, DB_1, DB_2 admin grant all to USER1,
-   * USER2 on DB_1, admin grant all to user1's group, user2's group on DB_2
+   * 2.8 admin user create two database, DB_1, DB_2 admin grant all to USER1_1,
+   * USER1_2 on DB_1, admin grant all to user1's group, user2's group on DB_2
    * positive test case: user1, user2 has ALL privilege on both DB_1 and DB_2
    * negative test case: user1, user2 don't have ALL privilege on SERVER
    */
   @Test
   public void testDbPrivileges() throws Exception {
     // edit policy file
-    policyFile.addRolesToGroup("user_group", "db1_all,db2_all, load_data")
+    policyFile.addRolesToGroup(USERGROUP1, "db1_all,db2_all, load_data")
         .addPermissionsToRole("db1_all", "server=server1->db=" + DB1)
         .addPermissionsToRole("db2_all", "server=server1->db=" + DB2)
         .addPermissionsToRole("load_data", "server=server1->URI=file://" + dataFile.getPath())
-        .addGroupsToUser("user1", "user_group")
-        .addGroupsToUser("user2", "user_group");
+        .setUserGroupMapping(StaticUserGroup.getStaticMapping());
     policyFile.write(context.getPolicyFile());
 
     dropDb(ADMIN1, DB1, DB2);
     createDb(ADMIN1, DB1, DB2);
-    for (String user : new String[]{USER1, USER2}) {
+    for (String user : new String[]{USER1_1, USER1_2}) {
       for (String dbName : new String[]{DB1, DB2}) {
         Connection userConn = context.createConnection(user, "foo");
         String tabName = user + "_tab1";
@@ -388,7 +385,9 @@ public class TestCrossDbOps extends AbstractTestWithStaticLocalFS {
    */
   @Test
   public void testAdminDbPrivileges() throws Exception {
-    policyFile.write(context.getPolicyFile());
+    policyFile
+        .setUserGroupMapping(StaticUserGroup.getStaticMapping())
+        .write(context.getPolicyFile());
     dropDb(ADMIN1, DB1);
     createDb(ADMIN1, DB1);
     Connection adminCon = context.createConnection(ADMIN1, "password");
@@ -413,10 +412,10 @@ public class TestCrossDbOps extends AbstractTestWithStaticLocalFS {
   @Test
   public void testNegativeUserPrivileges() throws Exception {
     // edit policy file
-    policyFile.addRolesToGroup("user_group", "db1_tab1_insert", "db1_tab2_all")
+    policyFile.addRolesToGroup(USERGROUP1, "db1_tab1_insert", "db1_tab2_all")
         .addPermissionsToRole("db1_tab2_all", "server=server1->db=db1->table=table_2")
         .addPermissionsToRole("db1_tab1_insert", "server=server1->db=db1->table=table_1->action=insert")
-        .addGroupsToUser("user3", "user_group");
+        .setUserGroupMapping(StaticUserGroup.getStaticMapping());
     policyFile.write(context.getPolicyFile());
 
     Connection adminCon = context.createConnection(ADMIN1, "foo");
@@ -428,7 +427,7 @@ public class TestCrossDbOps extends AbstractTestWithStaticLocalFS {
     adminStmt.execute("create table " + dbName + ".table_1 (id int)");
     adminStmt.close();
     adminCon.close();
-    Connection userConn = context.createConnection("user3", "foo");
+    Connection userConn = context.createConnection(USER1_1, "foo");
     Statement userStmt = context.createStatement(userConn);
     context.assertAuthzException(userStmt, "select * from " + dbName + ".table_1");
     userConn.close();
@@ -445,8 +444,8 @@ public class TestCrossDbOps extends AbstractTestWithStaticLocalFS {
   public void testNegativeUserDMLPrivileges() throws Exception {
     policyFile
         .addPermissionsToRole("db1_tab2_all", "server=server1->db=db1->table=table_2")
-        .addRolesToGroup("group1", "db1_tab2_all")
-        .addGroupsToUser("user3", "group1");
+        .addRolesToGroup(USERGROUP1, "db1_tab2_all")
+        .setUserGroupMapping(StaticUserGroup.getStaticMapping());
     policyFile.write(context.getPolicyFile());
 
     dropDb(ADMIN1, DB1);
@@ -457,7 +456,7 @@ public class TestCrossDbOps extends AbstractTestWithStaticLocalFS {
     adminStmt.execute("create table " + DB1 + ".table_2 (id int)");
     adminStmt.close();
     adminCon.close();
-    Connection userConn = context.createConnection("user3", "foo");
+    Connection userConn = context.createConnection(USER1_1, "foo");
     Statement userStmt = context.createStatement(userConn);
     context.assertAuthzException(userStmt, "insert overwrite table  " + DB1
         + ".table_2 select * from " + DB1 + ".table_1");
@@ -488,13 +487,12 @@ public class TestCrossDbOps extends AbstractTestWithStaticLocalFS {
   public void testNegUserPrivilegesAll() throws Exception {
 
     policyFile
-        .addRolesToGroup("user_group1", "db1_all")
-        .addRolesToGroup("user_group2", "db1_tab1_select")
+        .addRolesToGroup(USERGROUP1, "db1_all")
+        .addRolesToGroup(USERGROUP2, "db1_tab1_select")
         .addPermissionsToRole("db1_all", "server=server1->db=db1")
         .addPermissionsToRole("db1_tab1_select", "server=server1->db=db1->table=table_1->action=select")
-        .addGroupsToUser("user1", "user_group1")
-        .addGroupsToUser("user2", "user_group2");
-    policyFile.write(context.getPolicyFile());
+        .setUserGroupMapping(StaticUserGroup.getStaticMapping())
+        .write(context.getPolicyFile());
 
     // create dbs
     Connection adminCon = context.createConnection(ADMIN1, "foo");
@@ -523,7 +521,7 @@ public class TestCrossDbOps extends AbstractTestWithStaticLocalFS {
     adminStmt.close();
     adminCon.close();
 
-    Connection userConn = context.createConnection("user2", "foo");
+    Connection userConn = context.createConnection(USER2_1, "foo");
     Statement userStmt = context.createStatement(userConn);
 
     context.assertAuthzException(userStmt, "drop database " + dbName);
@@ -568,14 +566,14 @@ public class TestCrossDbOps extends AbstractTestWithStaticLocalFS {
   public void testSandboxOpt9() throws Exception {
     policyFile
         .addPermissionsToRole(GROUP1_ROLE, ALL_DB1, ALL_DB2, loadData)
-        .addRolesToGroup(GROUP1, GROUP1_ROLE)
-        .addGroupsToUser(USER1, GROUP1);
-    policyFile.write(context.getPolicyFile());
+        .addRolesToGroup(USERGROUP1, GROUP1_ROLE)
+        .setUserGroupMapping(StaticUserGroup.getStaticMapping())
+        .write(context.getPolicyFile());
 
     dropDb(ADMIN1, DB1, DB2);
     createDb(ADMIN1, DB1, DB2);
 
-    Connection connection = context.createConnection(USER1, "password");
+    Connection connection = context.createConnection(USER1_1, "password");
     Statement statement = context.createStatement(connection);
 
     // a
@@ -642,13 +640,13 @@ public class TestCrossDbOps extends AbstractTestWithStaticLocalFS {
   public void testCrossDbViewOperations() throws Exception {
     // edit policy file
     policyFile
-        .addRolesToGroup("group1", "all_db1", "load_data", "select_tb2")
+        .addRolesToGroup(USERGROUP1, "all_db1", "load_data", "select_tb2")
         .addPermissionsToRole("all_db1", "server=server1->db=db_1")
         .addPermissionsToRole("all_db2", "server=server1->db=db_2")
         .addPermissionsToRole("select_tb2", "server=server1->db=db_2->table=tb_1->action=select")
         .addPermissionsToRole("load_data", "server=server1->URI=file://" + dataFile.getPath())
-        .addGroupsToUser("user1", "group1");
-    policyFile.write(context.getPolicyFile());
+        .setUserGroupMapping(StaticUserGroup.getStaticMapping())
+        .write(context.getPolicyFile());
 
     // admin create two databases
     dropDb(ADMIN1, DB1, DB2);
@@ -663,7 +661,7 @@ public class TestCrossDbOps extends AbstractTestWithStaticLocalFS {
     .execute("CREATE TABLE " + DB2 + "." + TBL2 + "(id int)");
     context.close();
 
-    connection = context.createConnection("user1", "foo");
+    connection = context.createConnection(USER1_1, "foo");
     statement = context.createStatement(connection);
 
     // d

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/6396ccb1/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestEndToEnd.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestEndToEnd.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestEndToEnd.java
index 8a32e5f..ff8fd9c 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestEndToEnd.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestEndToEnd.java
@@ -43,7 +43,7 @@ public class TestEndToEnd extends AbstractTestWithStaticLocalFS {
     FileOutputStream to = new FileOutputStream(dataFile);
     Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
     to.close();
-    policyFile = PolicyFile.createAdminOnServer1(ADMIN1);
+    policyFile = PolicyFile.setAdminOnServer1(ADMINGROUP);
 
   }
 
@@ -58,25 +58,26 @@ public class TestEndToEnd extends AbstractTestWithStaticLocalFS {
    * Steps:
    * 1. admin create a new experimental database
    * 2. admin create a new production database, create table, load data
-   * 3. admin create new user group, and add user into it
-   * 4. admin grant privilege all@'experimental database' to group
-   * 5. user create table, load data in experimental DB
-   * 6. user create view based on table in experimental DB
-   * 7. admin create table (same name) in production DB
-   * 8. admin grant read@productionDB.table to group
+   * 3. admin grant privilege all@'experimental database' to usergroup1
+   * 4. user create table, load data in experimental DB
+   * 5. user create view based on table in experimental DB
+   * 6. admin create table (same name) in production DB
+   * 7. admin grant read@productionDB.table to group
    *    admin grant select@productionDB.table to group
-   * 9. user load data from experimental table to production table
+   * 8. user load data from experimental table to production table
    */
   @Test
   public void testEndToEnd1() throws Exception {
-    policyFile.write(context.getPolicyFile());
+    policyFile
+      .setUserGroupMapping(StaticUserGroup.getStaticMapping())
+      .write(context.getPolicyFile());
 
     String dbName1 = "db_1";
     String dbName2 = "productionDB";
     String tableName1 = "tb_1";
     String tableName2 = "tb_2";
     String viewName1 = "view_1";
-    Connection connection = context.createConnection("admin1", "foo");
+    Connection connection = context.createConnection(ADMIN1, "foo");
     Statement statement = context.createStatement(connection);
     // 1
     statement.execute("DROP DATABASE IF EXISTS " + dbName1 + " CASCADE");
@@ -94,20 +95,17 @@ public class TestEndToEnd extends AbstractTestWithStaticLocalFS {
     connection.close();
 
     // 3
-    policyFile.addGroupsToUser("user1", "group1");
-
-    // 4
     policyFile
-        .addRolesToGroup("group1", "all_db1", "data_uri", "select_tb1", "insert_tb1")
+        .addRolesToGroup(USERGROUP1, "all_db1", "data_uri", "select_tb1", "insert_tb1")
         .addPermissionsToRole("all_db1", "server=server1->db=db_1")
         .addPermissionsToRole("select_tb1", "server=server1->db=productionDB->table=tb_1->action=select")
         .addPermissionsToRole("insert_tb2", "server=server1->db=productionDB->table=tb_2->action=insert")
         .addPermissionsToRole("insert_tb1", "server=server1->db=productionDB->table=tb_2->action=insert")
-        .addPermissionsToRole("data_uri", "server=server1->uri=file://" + dataDir.getPath());
-    policyFile.write(context.getPolicyFile());
+        .addPermissionsToRole("data_uri", "server=server1->uri=file://" + dataDir.getPath())
+        .write(context.getPolicyFile());
 
-    // 5
-    connection = context.createConnection("user1", "foo");
+    // 4
+    connection = context.createConnection(USER1_1, "foo");
     statement = context.createStatement(connection);
     statement.execute("USE " + dbName1);
     statement.execute("DROP TABLE IF EXISTS " + dbName1 + "." + tableName1);
@@ -115,13 +113,13 @@ public class TestEndToEnd extends AbstractTestWithStaticLocalFS {
         + " (under_col int comment 'the under column', value string)");
     statement.execute("load data local inpath '" + dataFile.getPath()
             + "' into table " + tableName1);
-    // 6
+    // 5
     statement.execute("CREATE VIEW " + viewName1 + " (value) AS SELECT value from " + tableName1 + " LIMIT 10");
     statement.close();
     connection.close();
 
     // 7
-    connection = context.createConnection("admin1", "foo");
+    connection = context.createConnection(ADMIN1, "foo");
     statement = context.createStatement(connection);
     statement.execute("USE " + dbName2);
     statement.execute("DROP TABLE IF EXISTS " + dbName1 + "." + tableName1);
@@ -130,8 +128,8 @@ public class TestEndToEnd extends AbstractTestWithStaticLocalFS {
     statement.close();
     connection.close();
 
-    // 9
-    connection = context.createConnection("user1", "foo");
+    // 8
+    connection = context.createConnection(USER1_1, "foo");
     statement = context.createStatement(connection);
     statement.execute("USE " + dbName2);
     statement.execute("INSERT OVERWRITE TABLE " +

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/6396ccb1/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestExportImportPrivileges.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestExportImportPrivileges.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestExportImportPrivileges.java
index c2403f8..304b2af 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestExportImportPrivileges.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestExportImportPrivileges.java
@@ -42,7 +42,7 @@ public class TestExportImportPrivileges extends AbstractTestWithStaticDFS {
     FileOutputStream to = new FileOutputStream(dataFile);
     Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
     to.close();
-    policyFile = PolicyFile.createAdminOnServer1(ADMIN1);
+    policyFile = PolicyFile.setAdminOnServer1(ADMINGROUP);
   }
 
   @After
@@ -59,21 +59,20 @@ public class TestExportImportPrivileges extends AbstractTestWithStaticDFS {
     String dumpDir = context.getDFSUri().toString() + "/hive_data_dump";
 
     policyFile
-        .addRolesToGroup("user_group1", "db1_read", "db1_write", "data_dump")
-        .addRolesToGroup("user_group2", "db1_read", "db1_write")
+        .addRolesToGroup(USERGROUP1, "db1_read", "db1_write", "data_dump")
+        .addRolesToGroup(USERGROUP2, "db1_read", "db1_write")
         .addPermissionsToRole("db1_write", "server=server1->db=" + DB1 + "->table=" + TBL1 + "->action=INSERT")
         .addPermissionsToRole("db1_read", "server=server1->db=" + DB1 + "->table=" + TBL1 + "->action=SELECT")
+        .setUserGroupMapping(StaticUserGroup.getStaticMapping())
         .addPermissionsToRole("data_dump", "server=server1->URI=" + dumpDir)
-        .addGroupsToUser("user1", "user_group1")
-        .addGroupsToUser("user2", "user_group2");
-    policyFile.write(context.getPolicyFile());
+        .write(context.getPolicyFile());
 
     dropDb(ADMIN1, DB1);
     createDb(ADMIN1, DB1);
     createTable(ADMIN1, DB1, dataFile, TBL1);
 
     // Negative test, user2 doesn't have access to write to dir
-    connection = context.createConnection(USER2, "password");
+    connection = context.createConnection(USER2_1, "password");
     statement = context.createStatement(connection);
     statement.execute("use " + DB1);
     context.assertAuthzException(statement, "INSERT OVERWRITE DIRECTORY '" + dumpDir + "' SELECT * FROM " + TBL1);
@@ -82,7 +81,7 @@ public class TestExportImportPrivileges extends AbstractTestWithStaticDFS {
 
     // Negative test, user2 doesn't have access to dir that's similar to scratch dir
     String scratchDumpDir = context.getProperty(HiveConf.ConfVars.SCRATCHDIR.varname) + "_foo" + "/bar";
-    connection = context.createConnection(USER2, "password");
+    connection = context.createConnection(USER2_1, "password");
     statement = context.createStatement(connection);
     statement.execute("use " + DB1);
     context.assertAuthzException(statement, "INSERT OVERWRITE DIRECTORY '" + scratchDumpDir + "' SELECT * FROM " + TBL1);
@@ -90,7 +89,7 @@ public class TestExportImportPrivileges extends AbstractTestWithStaticDFS {
     connection.close();
 
     // positive test, user1 has access to write to dir
-    connection = context.createConnection(USER1, "password");
+    connection = context.createConnection(USER1_1, "password");
     statement = context.createStatement(connection);
     statement.execute("use " + DB1);
     assertTrue(statement.executeQuery("SELECT * FROM " + TBL1).next());
@@ -104,23 +103,22 @@ public class TestExportImportPrivileges extends AbstractTestWithStaticDFS {
     String exportDir = context.getDFSUri().toString() + "/hive_export1";
 
     policyFile
-        .addRolesToGroup("user_group1", "tab1_read", "tab1_write", "db1_all", "data_read", "data_export")
-        .addRolesToGroup("user_group2", "tab1_write", "tab1_read")
+        .addRolesToGroup(USERGROUP1, "tab1_read", "tab1_write", "db1_all", "data_read", "data_export")
+        .addRolesToGroup(USERGROUP2, "tab1_write", "tab1_read")
         .addPermissionsToRole("tab1_write", "server=server1->db=" + DB1 + "->table=" + TBL1 + "->action=INSERT")
         .addPermissionsToRole("tab1_read", "server=server1->db=" + DB1 + "->table=" + TBL1 + "->action=SELECT")
         .addPermissionsToRole("db1_all", "server=server1->db=" + DB1)
         .addPermissionsToRole("data_read", "server=server1->URI=file://" + dataFile.getPath())
         .addPermissionsToRole("data_export", "server=server1->URI=" + exportDir)
-        .addGroupsToUser("user1", "user_group1")
-        .addGroupsToUser("user2", "user_group2");
-    policyFile.write(context.getPolicyFile());
+        .setUserGroupMapping(StaticUserGroup.getStaticMapping())
+        .write(context.getPolicyFile());
 
     dropDb(ADMIN1, DB1);
     createDb(ADMIN1, DB1);
     createTable(ADMIN1, DB1, dataFile, TBL1);
 
     // Negative test, user2 doesn't have access to the file being loaded
-    connection = context.createConnection(USER2, "password");
+    connection = context.createConnection(USER2_1, "password");
     statement = context.createStatement(connection);
     statement.execute("use " + DB1);
     context.assertAuthzException(statement, "EXPORT TABLE " + TBL1 + " TO '" + exportDir + "'");
@@ -128,7 +126,7 @@ public class TestExportImportPrivileges extends AbstractTestWithStaticDFS {
     connection.close();
 
     // Positive test, user1 have access to the target directory
-    connection = context.createConnection(USER1, "password");
+    connection = context.createConnection(USER1_1, "password");
     statement = context.createStatement(connection);
     statement.execute("use " + DB1);
     statement.execute("EXPORT TABLE " + TBL1 + " TO '" + exportDir + "'");
@@ -136,7 +134,7 @@ public class TestExportImportPrivileges extends AbstractTestWithStaticDFS {
     connection.close();
 
     // Negative test, user2 doesn't have access to the directory loading from
-    connection = context.createConnection(USER2, "password");
+    connection = context.createConnection(USER2_1, "password");
     statement = context.createStatement(connection);
     statement.execute("use " + DB1);
     context.assertAuthzException(statement, "IMPORT TABLE " + TBL2 + " FROM '" + exportDir + "'");
@@ -144,7 +142,7 @@ public class TestExportImportPrivileges extends AbstractTestWithStaticDFS {
     connection.close();
 
     // Positive test, user1 have access to the target directory
-    connection = context.createConnection(USER1, "password");
+    connection = context.createConnection(USER1_1, "password");
     statement = context.createStatement(connection);
     statement.execute("use " + DB1);
     statement.execute("IMPORT TABLE " + TBL2 + " FROM '" + exportDir + "'");

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/6396ccb1/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestMetadataObjectRetrieval.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestMetadataObjectRetrieval.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestMetadataObjectRetrieval.java
index a16db9b..cd8daf2 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestMetadataObjectRetrieval.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestMetadataObjectRetrieval.java
@@ -40,7 +40,7 @@ AbstractTestWithStaticLocalFS {
 
   @Before
   public void setup() throws Exception {
-    policyFile = PolicyFile.createAdminOnServer1(ADMIN1);
+    policyFile = PolicyFile.setAdminOnServer1(ADMINGROUP);
     context = createContext();
     dataFile = new File(dataDir, SINGLE_TYPE_DATA_FILE_NAME);
     FileOutputStream to = new FileOutputStream(dataFile);
@@ -153,24 +153,24 @@ AbstractTestWithStaticLocalFS {
   public void testAllOnServerSelectInsertNegativeNoneAllOnDifferentTable()
       throws Exception {
     policyFile
-    .addPermissionsToRole(GROUP1_ROLE, "server=server1->db=" + DB1 + "->table=" + TBL2)
-    .addRolesToGroup(GROUP1, GROUP1_ROLE)
-    .addGroupsToUser(USER1, GROUP1)
-    .write(context.getPolicyFile());
+        .addPermissionsToRole(GROUP1_ROLE, "server=server1->db=" + DB1 + "->table=" + TBL2)
+        .addRolesToGroup(USERGROUP1, GROUP1_ROLE)
+        .setUserGroupMapping(StaticUserGroup.getStaticMapping())
+        .write(context.getPolicyFile());
     dropDb(ADMIN1, DB1);
     createDb(ADMIN1, DB1);
     createTable(ADMIN1, DB1, dataFile, TBL1);
     positiveDescribeShowTests(ADMIN1, DB1, TBL1);
-    negativeDescribeShowTests(USER1, DB1, TBL1);
+    negativeDescribeShowTests(USER1_1, DB1, TBL1);
     policyFile
     .addPermissionsToRole(GROUP1_ROLE, SELECT_DB1_TBL1)
     .write(context.getPolicyFile());
-    positiveDescribeShowTests(USER1, DB1, TBL1);
+    positiveDescribeShowTests(USER1_1, DB1, TBL1);
     policyFile.removePermissionsFromRole(GROUP1_ROLE, SELECT_DB1_TBL1);
     policyFile
     .addPermissionsToRole(GROUP1_ROLE, INSERT_DB1_TBL1)
     .write(context.getPolicyFile());
-    positiveDescribeShowTests(USER1, DB1, TBL1);
+    positiveDescribeShowTests(USER1_1, DB1, TBL1);
   }
 
   /**
@@ -191,15 +191,15 @@ AbstractTestWithStaticLocalFS {
   @Test
   public void testAllOnServerAndAllOnDb() throws Exception {
     policyFile
-    .addPermissionsToRole(GROUP1_ROLE, "server=server1->db=" + DB1)
-    .addRolesToGroup(GROUP1, GROUP1_ROLE)
-    .addGroupsToUser(USER1, GROUP1)
-    .write(context.getPolicyFile());
+      .addPermissionsToRole(GROUP1_ROLE, "server=server1->db=" + DB1)
+      .addRolesToGroup(USERGROUP1, GROUP1_ROLE)
+      .setUserGroupMapping(StaticUserGroup.getStaticMapping())
+      .write(context.getPolicyFile());
     dropDb(ADMIN1, DB1);
     createDb(ADMIN1, DB1);
     createTable(ADMIN1, DB1, dataFile, TBL1);
     positiveDescribeShowTests(ADMIN1, DB1, TBL1);
-    positiveDescribeShowTests(USER1, DB1, TBL1);
+    positiveDescribeShowTests(USER1_1, DB1, TBL1);
   }
 
   /**
@@ -221,10 +221,10 @@ AbstractTestWithStaticLocalFS {
   @Test
   public void testAllOnServerNegativeAllOnView() throws Exception {
     policyFile
-    .addPermissionsToRole(GROUP1_ROLE, "server=server1->db=" + DB1 + "->table=" + VIEW1)
-    .addRolesToGroup(GROUP1, GROUP1_ROLE)
-    .addGroupsToUser(USER1, GROUP1)
-    .write(context.getPolicyFile());
+      .addPermissionsToRole(GROUP1_ROLE, "server=server1->db=" + DB1 + "->table=" + VIEW1)
+      .addRolesToGroup(USERGROUP1, GROUP1_ROLE)
+      .setUserGroupMapping(StaticUserGroup.getStaticMapping())
+      .write(context.getPolicyFile());
     dropDb(ADMIN1, DB1);
     createDb(ADMIN1, DB1);
     createTable(ADMIN1, DB1, dataFile, TBL1);
@@ -236,7 +236,7 @@ AbstractTestWithStaticLocalFS {
     positiveDescribeShowTests(ADMIN1, DB1, TBL1);
     statement.close();
     connection.close();
-    negativeDescribeShowTests(USER1, DB1, TBL1);
+    negativeDescribeShowTests(USER1_1, DB1, TBL1);
   }
 
   /**
@@ -257,15 +257,15 @@ AbstractTestWithStaticLocalFS {
   @Test
   public void testAllOnServerAndAllOnTable() throws Exception {
     policyFile
-    .addPermissionsToRole(GROUP1_ROLE, "server=server1->db=" + DB1 + "->table=" + TBL1)
-    .addRolesToGroup(GROUP1, GROUP1_ROLE)
-    .addGroupsToUser(USER1, GROUP1)
-    .write(context.getPolicyFile());
+      .addPermissionsToRole(GROUP1_ROLE, "server=server1->db=" + DB1 + "->table=" + TBL1)
+      .addRolesToGroup(USERGROUP1, GROUP1_ROLE)
+      .setUserGroupMapping(StaticUserGroup.getStaticMapping())
+      .write(context.getPolicyFile());
     dropDb(ADMIN1, DB1);
     createDb(ADMIN1, DB1);
     createTable(ADMIN1, DB1, dataFile, TBL1);
     positiveDescribeShowTests(ADMIN1, DB1, TBL1);
-    positiveDescribeShowTests(USER1, DB1, TBL1);
+    positiveDescribeShowTests(USER1_1, DB1, TBL1);
   }
 
 
@@ -278,10 +278,10 @@ AbstractTestWithStaticLocalFS {
   public void testDescribeDatabasesWithAllOnServerAndAllOnDb()
       throws Exception {
     policyFile
-    .addPermissionsToRole(GROUP1_ROLE, "server=server1->db=" + DB1)
-    .addRolesToGroup(GROUP1, GROUP1_ROLE)
-    .addGroupsToUser(USER1, GROUP1)
-    .write(context.getPolicyFile());
+      .addPermissionsToRole(GROUP1_ROLE, "server=server1->db=" + DB1)
+      .addRolesToGroup(USERGROUP1, GROUP1_ROLE)
+      .setUserGroupMapping(StaticUserGroup.getStaticMapping())
+      .write(context.getPolicyFile());
     dropDb(ADMIN1, DB1, DB2);
     createDb(ADMIN1, DB1, DB2);
     createTable(ADMIN1, DB1, dataFile, TBL1);
@@ -293,7 +293,7 @@ AbstractTestWithStaticLocalFS {
     statement.close();
     connection.close();
 
-    connection = context.createConnection(USER1, "password");
+    connection = context.createConnection(USER1_1, "password");
     statement = context.createStatement(connection);
     assertTrue(statement.executeQuery("DESCRIBE DATABASE " + DB1).next());
     assertTrue(statement.executeQuery("DESCRIBE DATABASE EXTENDED " + DB1).next());
@@ -313,11 +313,11 @@ AbstractTestWithStaticLocalFS {
   @Test
   public void testDescribeDefaultDatabase() throws Exception {
     policyFile
-    .addPermissionsToRole(GROUP1_ROLE, "server=server1->db=default->table=" + TBL1 + "->action=select",
+      .addPermissionsToRole(GROUP1_ROLE, "server=server1->db=default->table=" + TBL1 + "->action=select",
         "server=server1->db=" + DB1 + "->table=" + TBL1 + "->action=select")
-        .addRolesToGroup(GROUP1, GROUP1_ROLE)
-        .addGroupsToUser(USER1, GROUP1)
-        .write(context.getPolicyFile());
+      .addRolesToGroup(USERGROUP1, GROUP1_ROLE)
+      .setUserGroupMapping(StaticUserGroup.getStaticMapping())
+      .write(context.getPolicyFile());
     dropDb(ADMIN1, DB1, DB2);
     createDb(ADMIN1, DB1, DB2);
     Connection connection = context.createConnection(ADMIN1, "password");
@@ -330,7 +330,7 @@ AbstractTestWithStaticLocalFS {
     statement.close();
     connection.close();
 
-    connection = context.createConnection(USER1, "password");
+    connection = context.createConnection(USER1_1, "password");
     statement = context.createStatement(connection);
     context.assertAuthzException(statement, "DESCRIBE DATABASE default");
     context.assertAuthzException(statement, "DESCRIBE DATABASE " + DB1);
@@ -349,9 +349,9 @@ AbstractTestWithStaticLocalFS {
   public void testShowIndexes1() throws Exception {
     // grant privilege to non-existent table to allow use db1
     policyFile.addPermissionsToRole(GROUP1_ROLE, SELECT_DB1_NONTABLE)
-    .addRolesToGroup(GROUP1, GROUP1_ROLE)
-    .addGroupsToUser(USER1, GROUP1)
-    .write(context.getPolicyFile());
+      .addRolesToGroup(USERGROUP1, GROUP1_ROLE)
+      .setUserGroupMapping(StaticUserGroup.getStaticMapping())
+      .write(context.getPolicyFile());
     dropDb(ADMIN1, DB1);
     createDb(ADMIN1, DB1);
     createTable(ADMIN1, DB1, dataFile, TBL1);
@@ -369,7 +369,7 @@ AbstractTestWithStaticLocalFS {
     statement.execute("CREATE VIEW " + VIEW1 + " (value) AS SELECT value from " + TBL1 + " LIMIT 10");
     statement.close();
     connection.close();
-    connection = context.createConnection(USER1, "password");
+    connection = context.createConnection(USER1_1, "password");
     statement = context.createStatement(connection);
     statement.execute("USE " + DB1);
     context.assertAuthzException(statement, "SHOW INDEX ON " + TBL1);
@@ -407,9 +407,9 @@ AbstractTestWithStaticLocalFS {
   public void testShowPartitions1() throws Exception {
     // grant privilege to non-existent table to allow use db1
     policyFile.addPermissionsToRole(GROUP1_ROLE, SELECT_DB1_NONTABLE)
-    .addRolesToGroup(GROUP1, GROUP1_ROLE)
-    .addGroupsToUser(USER1, GROUP1)
-    .write(context.getPolicyFile());
+      .addRolesToGroup(USERGROUP1, GROUP1_ROLE)
+      .setUserGroupMapping(StaticUserGroup.getStaticMapping())
+      .write(context.getPolicyFile());
     dropDb(ADMIN1, DB1);
     createDb(ADMIN1, DB1);
     Connection connection = context.createConnection(ADMIN1, "password");
@@ -424,7 +424,7 @@ AbstractTestWithStaticLocalFS {
     statement.execute("CREATE VIEW " + VIEW1 + " (value) AS SELECT value from " + TBL1 + " LIMIT 10");
     statement.close();
     connection.close();
-    connection = context.createConnection(USER1, "password");
+    connection = context.createConnection(USER1_1, "password");
     statement = context.createStatement(connection);
     statement.execute("USE " + DB1);
     context.assertAuthzException(statement, "SHOW PARTITIONS " + TBL1);

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/6396ccb1/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestMetadataPermissions.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestMetadataPermissions.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestMetadataPermissions.java
index cddd1d7..57b9532 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestMetadataPermissions.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestMetadataPermissions.java
@@ -17,7 +17,6 @@
 package org.apache.sentry.tests.e2e.hive;
 
 import java.sql.Connection;
-import java.sql.SQLException;
 import java.sql.Statement;
 
 import junit.framework.Assert;
@@ -35,32 +34,14 @@ public class TestMetadataPermissions extends AbstractTestWithStaticLocalFS {
   @Before
   public void setup() throws Exception {
     context = createContext();
-    policyFile = PolicyFile.createAdminOnServer1(ADMIN1);
+    policyFile = PolicyFile.setAdminOnServer1(ADMINGROUP);
 
-/*
-    String testPolicies[] = {
-        "[groups]",
-        "admin_group = admin_role",
-        "user_group1 = db1_all,db2_all",
-        "user_group2 = db1_all",
-        "[roles]",
-        "db1_all = server=server1->db=db1",
-        "db2_all = server=server1->db=db2",
-        "admin_role = server=server1",
-        "[users]",
-        "user1 = user_group1",
-        "user2 = user_group2",
-        "admin = admin_group"
-        };
-    context.makeNewPolicy(testPolicies);
-*/
     policyFile
-        .addRolesToGroup("user_group1", "db1_all", "db2_all")
-        .addRolesToGroup("user_group2", "db1_all")
+        .addRolesToGroup(USERGROUP1, "db1_all", "db2_all")
+        .addRolesToGroup(USERGROUP2, "db1_all")
         .addPermissionsToRole("db1_all", "server=server1->db=db1")
         .addPermissionsToRole("db2_all", "server=server1->db=db2")
-        .addGroupsToUser("user1", "user_group1")
-        .addGroupsToUser("user2", "user_group2")
+        .setUserGroupMapping(StaticUserGroup.getStaticMapping())
         .write(context.getPolicyFile());
 
     Connection adminCon = context.createConnection(ADMIN1, "foo");
@@ -91,7 +72,7 @@ public class TestMetadataPermissions extends AbstractTestWithStaticLocalFS {
   @Test
   public void testDescPrivilegesNegative() throws Exception {
     String dbName = "db2";
-    Connection connection = context.createConnection("user2", "password");
+    Connection connection = context.createConnection(USER2_1, "password");
     Statement statement = context.createStatement(connection);
     context.assertAuthzException(statement, "USE " + dbName);
 //    TODO when DESCRIBE db.table is supported tests should be uncommented
@@ -110,7 +91,7 @@ public class TestMetadataPermissions extends AbstractTestWithStaticLocalFS {
   @Test
   public void testDescDbPrivilegesNegative() throws Exception {
     String dbName = "db2";
-    Connection connection = context.createConnection("user2", "password");
+    Connection connection = context.createConnection(USER2_1, "password");
     Statement statement = context.createStatement(connection);
     context.assertAuthzException(statement, "DESCRIBE DATABASE " + dbName);
     context.assertAuthzException(statement, "DESCRIBE DATABASE EXTENDED " + dbName);
@@ -124,7 +105,7 @@ public class TestMetadataPermissions extends AbstractTestWithStaticLocalFS {
    */
   @Test
   public void testDescDbPrivilegesPositive() throws Exception {
-    Connection connection = context.createConnection("user1", "password");
+    Connection connection = context.createConnection(USER1_1, "password");
     Statement statement = context.createStatement(connection);
     for (String dbName : new String[] { "db1", "db2" }) {
       statement.execute("USE " + dbName);
@@ -140,7 +121,7 @@ public class TestMetadataPermissions extends AbstractTestWithStaticLocalFS {
    */
   @Test
   public void testDescPrivilegesPositive() throws Exception {
-    Connection connection = context.createConnection("user1", "password");
+    Connection connection = context.createConnection(USER1_1, "password");
     Statement statement = context.createStatement(connection);
     for (String dbName : new String[] { "db1", "db2" }) {
       statement.execute("USE " + dbName);

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/6396ccb1/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestMovingToProduction.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestMovingToProduction.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestMovingToProduction.java
index ae3105c..5d53154 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestMovingToProduction.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestMovingToProduction.java
@@ -26,8 +26,6 @@ import java.sql.Connection;
 import java.sql.ResultSet;
 import java.sql.Statement;
 
-import junit.framework.Assert;
-
 import org.apache.sentry.provider.file.PolicyFile;
 import org.junit.After;
 import org.junit.Before;
@@ -48,7 +46,7 @@ public class TestMovingToProduction extends AbstractTestWithStaticLocalFS {
     FileOutputStream to = new FileOutputStream(dataFile);
     Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
     to.close();
-    policyFile = PolicyFile.createAdminOnServer1(ADMIN1);
+    policyFile = PolicyFile.setAdminOnServer1(ADMINGROUP);
   }
 
   @After
@@ -77,11 +75,10 @@ public class TestMovingToProduction extends AbstractTestWithStaticLocalFS {
   @Test
   public void testMovingTable1() throws Exception {
     policyFile
-        .addRolesToGroup("group1", "all_db1", "load_data", "select_proddb_tbl1", "insert_proddb_tbl1")
+        .addRolesToGroup(USERGROUP1, "all_db1", "load_data", "select_proddb_tbl1", "insert_proddb_tbl1")
         .addPermissionsToRole("load_data", "server=server1->uri=file://" + dataDir.getPath())
         .addPermissionsToRole("all_db1", "server=server1->db=db_1")
-        .addGroupsToUser("user1", "group1")
-        .addGroupsToUser("user2", "group2")
+        .setUserGroupMapping(StaticUserGroup.getStaticMapping())
         .write(context.getPolicyFile());
 
     String dbName1 = "db_1";
@@ -101,7 +98,7 @@ public class TestMovingToProduction extends AbstractTestWithStaticLocalFS {
     connection.close();
 
     // a
-    connection = context.createConnection("user1", "foo");
+    connection = context.createConnection(USER1_1, "foo");
     statement = context.createStatement(connection);
     statement.execute("USE " + dbName1);
     statement.execute("DROP TABLE IF EXISTS " + tableName1);
@@ -131,7 +128,7 @@ public class TestMovingToProduction extends AbstractTestWithStaticLocalFS {
     statement.execute("DESCRIBE " + tableName1);
 
     // c
-    connection = context.createConnection("user2", "foo");
+    connection = context.createConnection(USER2_1, "foo");
     statement = context.createStatement(connection);
     context.assertAuthzException(statement, "USE " + dbName2);
     context.assertAuthzException(statement, "INSERT OVERWRITE TABLE "
@@ -142,7 +139,7 @@ public class TestMovingToProduction extends AbstractTestWithStaticLocalFS {
     connection.close();
 
     // d
-    connection = context.createConnection("user1", "foo");
+    connection = context.createConnection(USER1_1, "foo");
     statement = context.createStatement(connection);
     statement.execute("USE " + dbName2);
     context.assertAuthzException(statement, "DROP TABLE " + tableName1);
@@ -159,17 +156,16 @@ public class TestMovingToProduction extends AbstractTestWithStaticLocalFS {
   @Test
   public void testMovingTable2() throws Exception {
     policyFile
-        .addRolesToGroup("group1", "all_db1", "load_data", "select_proddb_tbl1", "insert_proddb_tbl1")
+        .addRolesToGroup(USERGROUP1, "all_db1", "load_data", "select_proddb_tbl1", "insert_proddb_tbl1")
         .addPermissionsToRole("all_db1", "server=server1->db=db_1")
         .addPermissionsToRole("load_data", "server=server1->uri=file://" + dataDir.getPath())
-        .addGroupsToUser("user1", "group1")
-        .addGroupsToUser("user2", "group2")
+        .setUserGroupMapping(StaticUserGroup.getStaticMapping())
         .write(context.getPolicyFile());
 
     String dbName1 = "db_1";
     String dbName2 = "proddb";
     String tableName1 = "tb_1";
-    Connection connection = context.createConnection("admin1", "foo");
+    Connection connection = context.createConnection(ADMIN1, "foo");
     Statement statement = context.createStatement(connection);
     statement.execute("DROP DATABASE IF EXISTS " + dbName1 + " CASCADE");
     statement.execute("DROP DATABASE IF EXISTS " + dbName2 + " CASCADE");
@@ -182,7 +178,7 @@ public class TestMovingToProduction extends AbstractTestWithStaticLocalFS {
     connection.close();
 
     // a
-    connection = context.createConnection("user1", "foo");
+    connection = context.createConnection(USER1_1, "foo");
     statement = context.createStatement(connection);
     statement.execute("DROP TABLE IF EXISTS " + dbName1 + "." + tableName1);
     statement.execute("create table " + dbName1 + "." + tableName1
@@ -208,7 +204,7 @@ public class TestMovingToProduction extends AbstractTestWithStaticLocalFS {
         statement.execute("DESCRIBE " + dbName2 + "." + tableName1));
 
     // c
-    connection = context.createConnection("user2", "foo");
+    connection = context.createConnection(USER2_1, "foo");
     statement = context.createStatement(connection);
 
     context.assertAuthzException(statement, "INSERT OVERWRITE TABLE "
@@ -221,7 +217,7 @@ public class TestMovingToProduction extends AbstractTestWithStaticLocalFS {
     connection.close();
 
     // d
-    connection = context.createConnection("user1", "foo");
+    connection = context.createConnection(USER1_1, "foo");
     statement = context.createStatement(connection);
     statement.execute("USE " + dbName2);
     context.assertAuthzException(statement, "DROP TABLE " + tableName1);

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/6396ccb1/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPerDBConfiguration.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPerDBConfiguration.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPerDBConfiguration.java
index 17f4de1..f45a04f 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPerDBConfiguration.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPerDBConfiguration.java
@@ -32,9 +32,6 @@ import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 
-import com.google.common.base.Charsets;
-import com.google.common.base.Joiner;
-import com.google.common.io.Files;
 import com.google.common.io.Resources;
 
 /**
@@ -51,7 +48,7 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
   @Before
   public void setup() throws Exception {
     context = createContext();
-    policyFile = PolicyFile.createAdminOnServer1(ADMIN1);
+    policyFile = PolicyFile.setAdminOnServer1(ADMINGROUP);
 
     File dataDir = context.getDataDir();
     //copy data file to test dir
@@ -74,17 +71,16 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
     PolicyFile db2PolicyFile = new PolicyFile();
     File db2PolicyFileHandle = new File(context.getPolicyFile().getParent(), DB2_POLICY_FILE);
     db2PolicyFile
-        .addRolesToGroup("user_group2", "select_tbl2")
+        .addRolesToGroup(USERGROUP2, "select_tbl2")
         .addPermissionsToRole("select_tbl2", "server=server1->db=db2->table=tbl2->action=select")
         .write(db2PolicyFileHandle);
 
     policyFile
-        .addRolesToGroup("user_group1", "select_tbl1")
-        .addRolesToGroup("user_group2", "select_tbl2")
+        .addRolesToGroup(USERGROUP1, "select_tbl1")
+        .addRolesToGroup(USERGROUP2, "select_tbl2")
         .addPermissionsToRole("select_tbl1", "server=server1->db=db1->table=tbl1->action=select")
-        .addGroupsToUser("user1", "user_group1")
-        .addGroupsToUser("user2", "user_group2")
         .addDatabase("db2", db2PolicyFileHandle.getPath())
+        .setUserGroupMapping(StaticUserGroup.getStaticMapping())
         .write(context.getPolicyFile());
 
     // setup db objects needed by the test
@@ -108,7 +104,7 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
     connection.close();
 
     // test execution
-    connection = context.createConnection("user1", "password");
+    connection = context.createConnection(USER1_1, "password");
     statement = context.createStatement(connection);
     statement.execute("USE db1");
     // test user1 can execute query on tbl1
@@ -122,7 +118,7 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
 
     // test per-db file for db2
 
-    connection = context.createConnection("user2", "password");
+    connection = context.createConnection(USER2_1, "password");
     statement = context.createStatement(connection);
     statement.execute("USE db2");
     // test user2 can execute query on tbl2
@@ -163,28 +159,25 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
     PolicyFile db3PolicyFile = new PolicyFile();
     PolicyFile db4PolicyFile = new PolicyFile();
     db2PolicyFile
-        .addRolesToGroup("user_group2", "select_tbl2")
+        .addRolesToGroup(USERGROUP2, "select_tbl2")
         .addPermissionsToRole("select_tbl2", "server=server1->db=db2->table=tbl2->action=select")
         .write(db2PolicyFileHandle);
     db3PolicyFile
-        .addRolesToGroup("user_group3", "select_tbl3_BAD")
+        .addRolesToGroup(USERGROUP3, "select_tbl3_BAD")
         .addPermissionsToRole("select_tbl3_BAD", "server=server1->db=db3------>table->action=select")
         .write(db3PolicyFileHandle);
     db4PolicyFile
-        .addRolesToGroup("user_group4", "select_tbl4")
+        .addRolesToGroup(USERGROUP4, "select_tbl4")
         .addPermissionsToRole("select_tbl4", "server=server1->db=db4->table=tbl4->action=select")
         .write(db4PolicyFileHandle);
     policyFile
-        .addRolesToGroup("user_group1", "select_tbl1")
-        .addRolesToGroup("user_group2", "select_tbl2")
+        .addRolesToGroup(USERGROUP1, "select_tbl1")
+        .addRolesToGroup(USERGROUP2, "select_tbl2")
         .addPermissionsToRole("select_tbl1", "server=server1->db=db1->table=tbl1->action=select")
-        .addGroupsToUser("user1", "user_group1")
-        .addGroupsToUser("user2", "user_group2")
-        .addGroupsToUser("user3", "user_group3")
-        .addGroupsToUser("user4", "user_group4")
         .addDatabase("db2", db2PolicyFileHandle.getPath())
         .addDatabase("db3", db3PolicyFileHandle.getPath())
         .addDatabase("db4", db4PolicyFileHandle.getPath())
+        .setUserGroupMapping(StaticUserGroup.getStaticMapping())
         .write(context.getPolicyFile());
 
     // setup db objects needed by the test
@@ -223,14 +216,14 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
     connection.close();
 
     // test execution
-    connection = context.createConnection("user1", "password");
+    connection = context.createConnection(USER1_1, "password");
     statement = context.createStatement(connection);
     statement.execute("USE db1");
     // test user1 can execute query on tbl1
     verifyCount(statement, "SELECT COUNT(*) FROM tbl1");
     connection.close();
 
-    connection = context.createConnection("user2", "password");
+    connection = context.createConnection(USER2_1, "password");
     statement = context.createStatement(connection);
     statement.execute("USE db2");
     // test user1 can execute query on tbl1
@@ -238,14 +231,14 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
     connection.close();
 
     // verify no access to db3 due to badly formatted rule in db3 policy file
-    connection = context.createConnection("user3", "password");
+    connection = context.createConnection(USER3_1, "password");
     statement = context.createStatement(connection);
     context.assertAuthzException(statement, "USE db3");
     // test user1 can execute query on tbl1
     context.assertAuthzException(statement, "SELECT COUNT(*) FROM db3.tbl3");
     connection.close();
 
-    connection = context.createConnection("user4", "password");
+    connection = context.createConnection(USER4_1, "password");
     statement = context.createStatement(connection);
     statement.execute("USE db4");
     // test user1 can execute query on tbl1
@@ -268,17 +261,16 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
     File db2PolicyFileHandle = new File(context.getPolicyFile().getParent(), DB2_POLICY_FILE);
 
     policyFile
-        .addRolesToGroup("user_group1", "select_tbl1")
-        .addRolesToGroup("user_group2", "select_tbl2")
+        .addRolesToGroup(USERGROUP1, "select_tbl1")
+        .addRolesToGroup(USERGROUP2, "select_tbl2")
         .addPermissionsToRole("select_tbl1", "server=server1->db=db1->table=tbl1->action=select")
-        .addGroupsToUser("user1", "user_group1")
-        .addGroupsToUser("user2", "user_group2")
         .addDatabase("db2", db2PolicyFileHandle.getPath())
+        .setUserGroupMapping(StaticUserGroup.getStaticMapping())
         .write(context.getPolicyFile());
 
     PolicyFile db2PolicyFile = new PolicyFile();
     db2PolicyFile
-        .addRolesToGroup("user_group2", "select_tbl2", "data_read", "insert_tbl2")
+        .addRolesToGroup(USERGROUP2, "select_tbl2", "data_read", "insert_tbl2")
         .addPermissionsToRole("select_tbl2", "server=server1->db=db2->table=tbl2->action=select")
         .addPermissionsToRole("insert_tbl2", "server=server1->db=db2->table=tbl2->action=insert")
         .addPermissionsToRole("data_read", "server=server1->URI=file://" + dataFile)
@@ -308,7 +300,7 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
     connection.close();
 
     // test execution
-    connection = context.createConnection("user1", "password");
+    connection = context.createConnection(USER1_1, "password");
     statement = context.createStatement(connection);
     statement.execute("USE db1");
     // test user1 can execute query on tbl1
@@ -321,7 +313,7 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
     connection.close();
 
     // test per-db file for db2
-    connection = context.createConnection("user2", "password");
+    connection = context.createConnection(USER2_1, "password");
     statement = context.createStatement(connection);
     statement.execute("USE db2");
     // test user2 can execute query on tbl2
@@ -354,10 +346,9 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
   @Test
   public void testDefaultDb() throws Exception {
     policyFile
-        .addRolesToGroup("user_group1", "select_tbl1")
+        .addRolesToGroup(USERGROUP1, "select_tbl1")
         .addPermissionsToRole("select_tbl1", "server=server1->db=db1->table=tbl1->action=select")
-        .addGroupsToUser("user_1", "user_group1")
-        .addGroupsToUser("user_2", "user_group2")
+        .setUserGroupMapping(StaticUserGroup.getStaticMapping())
         .write(context.getPolicyFile());
 
     // setup db objects needed by the test
@@ -376,14 +367,14 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
     connection.close();
 
     // user_1 should be able to access default
-    connection = context.createConnection("user_1", "password");
+    connection = context.createConnection(USER1_1, "password");
     statement = context.createStatement(connection);
     statement.execute("USE default");
     statement.close();
     connection.close();
 
     // user_2 should NOT be able to access default since it does have access to any other object
-    connection = context.createConnection("user_2", "password");
+    connection = context.createConnection(USER2_1, "password");
     statement = context.createStatement(connection);
     context.assertAuthzException(statement, "USE default");
     statement.close();
@@ -397,25 +388,23 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
     File defaultPolicyFileHandle = new File(context.getPolicyFile().getParent(), "default.ini");
 
     policyFile
-        .addRolesToGroup("user_group1", "select_tbl1")
-        .addRolesToGroup("user_group2", "select_tbl2")
+        .addRolesToGroup(USERGROUP1, "select_tbl1")
+        .addRolesToGroup(USERGROUP2, "select_tbl2")
         .addPermissionsToRole("select_tbl1", "server=server1->db=db1->table=tbl1->action=select")
-        .addGroupsToUser("user_1", "user_group1")
-        .addGroupsToUser("user_2", "user_group2")
-        .addGroupsToUser("user_3", "user_group3")
         .addDatabase("db2", db2PolicyFileHandle.getPath())
         .addDatabase("default", defaultPolicyFileHandle.getPath())
+        .setUserGroupMapping(StaticUserGroup.getStaticMapping())
         .write(context.getPolicyFile());
 
     PolicyFile db2PolicyFile = new PolicyFile();
     db2PolicyFile
-        .addRolesToGroup("user_group2", "select_tbl2")
+        .addRolesToGroup(USERGROUP2, "select_tbl2")
         .addPermissionsToRole("select_tbl2", "server=server1->db=db2->table=tbl2->action=select")
         .write(db2PolicyFileHandle);
 
     PolicyFile defaultPolicyFile = new PolicyFile();
     defaultPolicyFile
-        .addRolesToGroup("user_group2", "select_def")
+        .addRolesToGroup(USERGROUP2, "select_def")
         .addPermissionsToRole("select_def", "server=server1->db=default->table=dtab->action=select")
         .write(defaultPolicyFileHandle);
 
@@ -441,7 +430,7 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
     connection.close();
 
     // user_1 should be able to switch to default, but not the tables from default
-    connection = context.createConnection("user_1", "password");
+    connection = context.createConnection(USER1_1, "password");
     statement = context.createStatement(connection);
     statement.execute("USE db1");
     statement.execute("USE default");
@@ -453,7 +442,7 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
     connection.close();
 
     // user_2 should be able to access default and select from default's tables
-    connection = context.createConnection("user_2", "password");
+    connection = context.createConnection(USER2_1, "password");
     statement = context.createStatement(connection);
     statement.execute("USE db2");
     statement.execute("USE default");
@@ -464,7 +453,7 @@ public class TestPerDBConfiguration extends AbstractTestWithStaticLocalFS {
     connection.close();
 
     // user_3 should NOT be able to switch to default since it doesn't have access to any objects
-    connection = context.createConnection("user_3", "password");
+    connection = context.createConnection(USER3_1, "password");
     statement = context.createStatement(connection);
     context.assertAuthzException(statement, "USE default");
     statement.close();

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/6396ccb1/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPerDatabasePolicyFile.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPerDatabasePolicyFile.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPerDatabasePolicyFile.java
index a89988a..9a03728 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPerDatabasePolicyFile.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPerDatabasePolicyFile.java
@@ -33,7 +33,6 @@ import com.google.common.io.Resources;
 
 public class TestPerDatabasePolicyFile extends AbstractTestWithStaticLocalFS {
   private static final String SINGLE_TYPE_DATA_FILE_NAME = "kv1.dat";
-  private static final String ADMIN1 = "admin1";
   private Context context;
   private PolicyFile policyFile;
   private File globalPolicyFile;
@@ -42,7 +41,7 @@ public class TestPerDatabasePolicyFile extends AbstractTestWithStaticLocalFS {
 
   @Before
   public void setup() throws Exception {
-    policyFile = PolicyFile.createAdminOnServer1(ADMIN1);
+    policyFile = PolicyFile.setAdminOnServer1(ADMINGROUP);
     context = createContext();
     globalPolicyFile = context.getPolicyFile();
     dataDir = context.getDataDir();
@@ -101,7 +100,9 @@ public class TestPerDatabasePolicyFile extends AbstractTestWithStaticLocalFS {
 
   public void doTestDbSpecificFileGrants(String grant) throws Exception {
 
-    policyFile.write(context.getPolicyFile());
+    policyFile
+        .setUserGroupMapping(StaticUserGroup.getStaticMapping())
+        .write(context.getPolicyFile());
 
     // setup db objects needed by the test
     Connection connection = context.createConnection(ADMIN1, "password");
@@ -115,8 +116,7 @@ public class TestPerDatabasePolicyFile extends AbstractTestWithStaticLocalFS {
 
     PolicyFile specificPolicyFile = new PolicyFile()
     .addPermissionsToRole("db1_role", grant)
-    .addRolesToGroup("group1", "db1_role")
-    .addGroupsToUser("user1", "group1");
+    .addRolesToGroup("group1", "db1_role");
     specificPolicyFile.write(specificPolicyFileFile);
 
     policyFile.addDatabase("db2", specificPolicyFileFile.getPath());
@@ -125,7 +125,7 @@ public class TestPerDatabasePolicyFile extends AbstractTestWithStaticLocalFS {
 
 
     // test execution
-    connection = context.createConnection("user1", "password");
+    connection = context.createConnection(USER1_1, "password");
     statement = context.createStatement(connection);
     // test user can query table
     context.assertAuthzException(statement, "USE db1");

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/6396ccb1/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegeAtTransform.java
----------------------------------------------------------------------
diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegeAtTransform.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegeAtTransform.java
index 0b71c87..2b309d8 100644
--- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegeAtTransform.java
+++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegeAtTransform.java
@@ -46,7 +46,7 @@ public class TestPrivilegeAtTransform extends AbstractTestWithStaticLocalFS {
     FileOutputStream to = new FileOutputStream(dataFile);
     Resources.copy(Resources.getResource(SINGLE_TYPE_DATA_FILE_NAME), to);
     to.close();
-    policyFile = PolicyFile.createAdminOnServer1("admin1");
+    policyFile = PolicyFile.setAdminOnServer1(ADMINGROUP);
   }
 
   @After
@@ -68,17 +68,17 @@ public class TestPrivilegeAtTransform extends AbstractTestWithStaticLocalFS {
   @Test
   public void testTransform1() throws Exception {
     policyFile
-      .addGroupsToUser("user1", "group1")
       .addPermissionsToRole("all_db1", "server=server1->db=db_1")
-      .addRolesToGroup("group1", "all_db1");
-    policyFile.write(context.getPolicyFile());
+      .addRolesToGroup(USERGROUP1, "all_db1")
+      .setUserGroupMapping(StaticUserGroup.getStaticMapping())
+      .write(context.getPolicyFile());
 
     // verify by SQL
     // 1, 2
     String dbName1 = "db_1";
     String tableName1 = "tb_1";
     String query = "select TRANSFORM(a.under_col, a.value) USING 'cat' AS (tunder_col, tvalue) FROM " + dbName1 + "." + tableName1 + " a";
-    Connection connection = context.createConnection("admin1", "foo");
+    Connection connection = context.createConnection(ADMIN1, "foo");
     Statement statement = context.createStatement(connection);
     statement.execute("DROP DATABASE IF EXISTS " + dbName1 + " CASCADE");
     statement.execute("CREATE DATABASE " + dbName1);
@@ -92,7 +92,7 @@ public class TestPrivilegeAtTransform extends AbstractTestWithStaticLocalFS {
     statement.close();
     connection.close();
 
-    connection = context.createConnection("user1", "foo");
+    connection = context.createConnection(USER1_1, "foo");
     statement = context.createStatement(connection);
 
     // 3
@@ -102,14 +102,14 @@ public class TestPrivilegeAtTransform extends AbstractTestWithStaticLocalFS {
     policyFile
       .addPermissionsToRole("select_tb1", "server=server1->db=db_1->table=tb_1->action=select")
       .addPermissionsToRole("insert_tb1", "server=server1->db=db_1->table=tb_1->action=insert")
-      .addRolesToGroup("group1", "select_tb1", "insert_tb1");
+      .addRolesToGroup(USERGROUP1, "select_tb1", "insert_tb1");
     policyFile.write(context.getPolicyFile());
     context.assertAuthzExecHookException(statement, query);
 
     // 5
     policyFile
       .addPermissionsToRole("all_server1", "server=server1")
-      .addRolesToGroup("group1", "all_server1");
+      .addRolesToGroup(USERGROUP1, "all_server1");
     policyFile.write(context.getPolicyFile());
     assertTrue(query, statement.execute(query));
     statement.close();


Mime
View raw message