sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From br...@apache.org
Subject [2/2] git commit: SENTRY-26: Separate sentry-core to hive specific and non-specific packages (Gregory Chanan via Brock Noland)
Date Fri, 04 Oct 2013 19:40:43 GMT
SENTRY-26: Separate sentry-core to hive specific and non-specific packages (Gregory Chanan via Brock Noland)


Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/ef54e132
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/ef54e132
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/ef54e132

Branch: refs/heads/master
Commit: ef54e13273574119974aeb3533d0bbc2dcf32b9d
Parents: d7cbc64
Author: Brock Noland <brock@apache.org>
Authored: Fri Oct 4 14:40:30 2013 -0500
Committer: Brock Noland <brock@apache.org>
Committed: Fri Oct 4 14:40:30 2013 -0500

----------------------------------------------------------------------
 pom.xml                                         |  7 +-
 sentry-binding/sentry-binding-hive/pom.xml      |  6 +-
 .../binding/hive/HiveAuthzBindingHook.java      | 57 +++++++-------
 .../hive/HiveAuthzBindingPreExecHook.java       | 10 +--
 .../hive/SentryOnFailureHookContext.java        |  6 +-
 .../hive/SentryOnFailureHookContextImpl.java    |  6 +-
 .../binding/hive/authz/HiveAuthzBinding.java    | 32 ++++----
 .../binding/hive/authz/HiveAuthzPrivileges.java | 34 ++++----
 .../hive/authz/HiveAuthzPrivilegesMap.java      | 55 ++++++-------
 .../binding/hive/TestHiveAuthzBindings.java     | 32 ++++----
 sentry-core/pom.xml                             | 12 ++-
 sentry-core/sentry-core-common/pom.xml          | 30 ++++++++
 .../org/apache/sentry/core/common/Action.java   | 21 +++++
 .../apache/sentry/core/common/Authorizable.java | 23 ++++++
 .../core/common/AuthorizationProvider.java      | 38 +++++++++
 .../core/common/NoAuthorizationProvider.java    | 30 ++++++++
 .../org/apache/sentry/core/common/Subject.java  | 35 +++++++++
 sentry-core/sentry-core-model-db/pom.xml        | 43 +++++++++++
 .../sentry/core/model/db/AccessConstants.java   | 30 ++++++++
 .../apache/sentry/core/model/db/AccessURI.java  | 57 ++++++++++++++
 .../sentry/core/model/db/DBModelAction.java     | 39 ++++++++++
 .../core/model/db/DBModelAuthorizable.java      | 32 ++++++++
 .../apache/sentry/core/model/db/Database.java   | 51 ++++++++++++
 .../org/apache/sentry/core/model/db/Server.java | 51 ++++++++++++
 .../sentry/core/model/db/ServerResource.java    | 21 +++++
 .../org/apache/sentry/core/model/db/Table.java  | 51 ++++++++++++
 .../sentry/core/model/db/TableOrView.java       | 21 +++++
 .../org/apache/sentry/core/model/db/View.java   | 51 ++++++++++++
 .../java/org/apache/sentry/core/db/TestURI.java | 45 +++++++++++
 .../org/apache/sentry/core/AccessConstants.java | 30 --------
 .../java/org/apache/sentry/core/AccessURI.java  | 53 -------------
 .../java/org/apache/sentry/core/Action.java     | 33 --------
 .../org/apache/sentry/core/Authorizable.java    | 32 --------
 .../sentry/core/AuthorizationProvider.java      | 51 ------------
 .../java/org/apache/sentry/core/Database.java   | 46 -----------
 .../sentry/core/NoAuthorizationProvider.java    | 44 -----------
 .../java/org/apache/sentry/core/Server.java     | 46 -----------
 .../org/apache/sentry/core/ServerResource.java  | 21 -----
 .../java/org/apache/sentry/core/Subject.java    | 35 ---------
 .../main/java/org/apache/sentry/core/Table.java | 46 -----------
 .../org/apache/sentry/core/TableOrView.java     | 21 -----
 .../main/java/org/apache/sentry/core/View.java  | 46 -----------
 .../java/org/apache/sentry/core/TestURI.java    | 45 -----------
 sentry-dist/pom.xml                             |  6 +-
 sentry-dist/src/main/assembly/src.xml           |  2 +
 sentry-provider/sentry-provider-file/pom.xml    |  6 +-
 .../sentry/provider/file/PolicyEngine.java      |  4 +-
 .../file/ResourceAuthorizationProvider.java     | 44 ++++-------
 .../provider/file/SimplePolicyParser.java       |  6 +-
 .../file/AbstractTestSimplePolicyEngine.java    |  4 +-
 .../sentry-provider-policy-db/pom.xml           |  6 +-
 .../provider/db/AbstractDBRoleValidator.java    |  8 +-
 .../sentry/provider/db/DBAuthorizables.java     | 60 ---------------
 .../provider/db/DBModelAuthorizables.java       | 60 +++++++++++++++
 .../org/apache/sentry/provider/db/DBRoles.java  |  2 +-
 .../provider/db/DBWildcardPermission.java       |  4 +-
 .../sentry/provider/db/DatabaseMustMatch.java   |  8 +-
 .../provider/db/DatabaseRequiredInRole.java     | 10 +--
 .../sentry/provider/db/ServerNameMustMatch.java |  8 +-
 .../sentry/provider/db/ServersAllIsInvalid.java |  8 +-
 .../provider/db/SimpleDBPolicyEngine.java       |  8 +-
 .../sentry/provider/db/TestDBAuthorizables.java | 80 -------------------
 .../provider/db/TestDBModelAuthorizables.java   | 81 ++++++++++++++++++++
 .../provider/db/TestDBWildcardPermission.java   |  2 +-
 .../provider/db/TestPolicyParsingNegative.java  |  6 +-
 ...sourceAuthorizationProviderGeneralCases.java | 26 ++++---
 ...sourceAuthorizationProviderSpecialCases.java | 24 +++---
 .../db/TestSimpleDBPolicyEngineDFS.java         |  6 +-
 sentry-tests/sentry-tests-hive/pom.xml          |  4 -
 69 files changed, 1043 insertions(+), 915 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/ef54e132/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 439ce32..56d22b5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -153,7 +153,12 @@ limitations under the License.
       </dependency>
       <dependency>
         <groupId>org.apache.sentry</groupId>
-        <artifactId>sentry-core</artifactId>
+        <artifactId>sentry-core-common</artifactId>
+        <version>${project.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>org.apache.sentry</groupId>
+        <artifactId>sentry-core-model-db</artifactId>
         <version>${project.version}</version>
       </dependency>
       <dependency>

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/ef54e132/sentry-binding/sentry-binding-hive/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/pom.xml b/sentry-binding/sentry-binding-hive/pom.xml
index 5c3e17a..16b12dd 100644
--- a/sentry-binding/sentry-binding-hive/pom.xml
+++ b/sentry-binding/sentry-binding-hive/pom.xml
@@ -64,7 +64,11 @@ limitations under the License.
     </dependency>
     <dependency>
       <groupId>org.apache.sentry</groupId>
-      <artifactId>sentry-core</artifactId>
+      <artifactId>sentry-core-common</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.sentry</groupId>
+      <artifactId>sentry-core-model-db</artifactId>
     </dependency>
     <dependency>
       <groupId>org.apache.sentry</groupId>

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/ef54e132/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java
index e9efed2..5395c50 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java
@@ -60,13 +60,14 @@ import org.apache.sentry.binding.hive.authz.HiveAuthzPrivileges.HiveOperationSco
 import org.apache.sentry.binding.hive.authz.HiveAuthzPrivileges.HiveOperationType;
 import org.apache.sentry.binding.hive.authz.HiveAuthzPrivilegesMap;
 import org.apache.sentry.binding.hive.conf.HiveAuthzConf;
-import org.apache.sentry.core.AccessURI;
-import org.apache.sentry.core.Action;
-import org.apache.sentry.core.Authorizable;
-import org.apache.sentry.core.Authorizable.AuthorizableType;
-import org.apache.sentry.core.Database;
-import org.apache.sentry.core.Subject;
-import org.apache.sentry.core.Table;
+import org.apache.sentry.core.common.Action;
+import org.apache.sentry.core.common.Subject;
+import org.apache.sentry.core.model.db.AccessURI;
+import org.apache.sentry.core.model.db.Database;
+import org.apache.sentry.core.model.db.DBModelAction;
+import org.apache.sentry.core.model.db.DBModelAuthorizable;
+import org.apache.sentry.core.model.db.DBModelAuthorizable.AuthorizableType;
+import org.apache.sentry.core.model.db.Table;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -339,8 +340,8 @@ implements HiveDriverFilterHook {
       HiveAuthzPrivileges stmtAuthObject, HiveOperation stmtOperation) throws  AuthorizationException {
     Set<ReadEntity> inputs = context.getInputs();
     Set<WriteEntity> outputs = context.getOutputs();
-    List<List<Authorizable>> inputHierarchy = new ArrayList<List<Authorizable>>();
-    List<List<Authorizable>> outputHierarchy = new ArrayList<List<Authorizable>>();
+    List<List<DBModelAuthorizable>> inputHierarchy = new ArrayList<List<DBModelAuthorizable>>();
+    List<List<DBModelAuthorizable>> outputHierarchy = new ArrayList<List<DBModelAuthorizable>>();
 
     if(LOG.isDebugEnabled()) {
       LOG.debug("stmtAuthObject.getOperationScope() = " + stmtAuthObject.getOperationScope());
@@ -352,13 +353,13 @@ implements HiveDriverFilterHook {
 
     case SERVER :
       // validate server level privileges if applicable. Eg create UDF,register jar etc ..
-      List<Authorizable> serverHierarchy = new ArrayList<Authorizable>();
+      List<DBModelAuthorizable> serverHierarchy = new ArrayList<DBModelAuthorizable>();
       serverHierarchy.add(hiveAuthzBinding.getAuthServer());
       inputHierarchy.add(serverHierarchy);
       break;
     case DATABASE:
       // workaround for database scope statements (create/alter/drop db)
-      List<Authorizable> dbHierarchy = new ArrayList<Authorizable>();
+      List<DBModelAuthorizable> dbHierarchy = new ArrayList<DBModelAuthorizable>();
       dbHierarchy.add(hiveAuthzBinding.getAuthServer());
       dbHierarchy.add(currDB);
       inputHierarchy.add(dbHierarchy);
@@ -369,7 +370,7 @@ implements HiveDriverFilterHook {
       }
 
       for(ReadEntity readEntity:inputs) {
-        List<Authorizable> entityHierarchy = new ArrayList<Authorizable>();
+        List<DBModelAuthorizable> entityHierarchy = new ArrayList<DBModelAuthorizable>();
         entityHierarchy.add(hiveAuthzBinding.getAuthServer());
         entityHierarchy.addAll(getAuthzHierarchyFromEntity(readEntity));
         inputHierarchy.add(entityHierarchy);
@@ -387,7 +388,7 @@ implements HiveDriverFilterHook {
           checkUDFWhiteList(readEntity.getUDF().getDisplayName());
           continue;
         }
-        List<Authorizable> entityHierarchy = new ArrayList<Authorizable>();
+        List<DBModelAuthorizable> entityHierarchy = new ArrayList<DBModelAuthorizable>();
         entityHierarchy.add(hiveAuthzBinding.getAuthServer());
         entityHierarchy.addAll(getAuthzHierarchyFromEntity(readEntity));
         inputHierarchy.add(entityHierarchy);
@@ -396,7 +397,7 @@ implements HiveDriverFilterHook {
         if (filterWriteEntity(writeEntity)) {
           continue;
         }
-        List<Authorizable> entityHierarchy = new ArrayList<Authorizable>();
+        List<DBModelAuthorizable> entityHierarchy = new ArrayList<DBModelAuthorizable>();
         entityHierarchy.add(hiveAuthzBinding.getAuthServer());
         entityHierarchy.addAll(getAuthzHierarchyFromEntity(writeEntity));
         outputHierarchy.add(entityHierarchy);
@@ -404,7 +405,7 @@ implements HiveDriverFilterHook {
       // workaround for metadata queries.
       // Capture the table name in pre-analyze and include that in the entity list
       if (currTab != null) {
-        List<Authorizable> externalAuthorizableHierarchy = new ArrayList<Authorizable>();
+        List<DBModelAuthorizable> externalAuthorizableHierarchy = new ArrayList<DBModelAuthorizable>();
         externalAuthorizableHierarchy.add(hiveAuthzBinding.getAuthServer());
         externalAuthorizableHierarchy.add(currDB);
         externalAuthorizableHierarchy.add(currTab);
@@ -419,7 +420,7 @@ implements HiveDriverFilterHook {
        *  It's allowed when the user has any privilege on the current database. For application
        *  backward compatibility, we allow (optional) implicit connect permission on 'default' db.
        */
-      List<Authorizable> connectHierarchy = new ArrayList<Authorizable>();
+      List<DBModelAuthorizable> connectHierarchy = new ArrayList<DBModelAuthorizable>();
       connectHierarchy.add(hiveAuthzBinding.getAuthServer());
       // by default allow connect access to default db
       if (DEFAULT_DATABASE_NAME.equalsIgnoreCase(currDB.getName()) &&
@@ -433,7 +434,7 @@ implements HiveDriverFilterHook {
       inputHierarchy.add(connectHierarchy);
       // check if this is a create temp function and we need to validate URI
       if (udfURI != null) {
-        List<Authorizable> udfUriHierarchy = new ArrayList<Authorizable>();
+        List<DBModelAuthorizable> udfUriHierarchy = new ArrayList<DBModelAuthorizable>();
         udfUriHierarchy.add(hiveAuthzBinding.getAuthServer());
         udfUriHierarchy.add(udfURI);
         inputHierarchy.add(udfUriHierarchy);
@@ -488,8 +489,8 @@ implements HiveDriverFilterHook {
   }
 
   // Build the hierarchy of authorizable object for the given entity type.
-  private List<Authorizable> getAuthzHierarchyFromEntity(Entity entity) {
-    List<Authorizable> objectHierarchy = new ArrayList<Authorizable>();
+  private List<DBModelAuthorizable> getAuthzHierarchyFromEntity(Entity entity) {
+    List<DBModelAuthorizable> objectHierarchy = new ArrayList<DBModelAuthorizable>();
     switch (entity.getType()) {
     case TABLE:
       objectHierarchy.add(new Database(entity.getTable().getDbName()));
@@ -550,7 +551,7 @@ implements HiveDriverFilterHook {
     List<String> filteredResult = new ArrayList<String>();
     Subject subject = new Subject(userName);
     HiveAuthzPrivileges tableMetaDataPrivilege = new HiveAuthzPrivileges.AuthzPrivilegeBuilder().
-        addInputObjectPriviledge(AuthorizableType.Table, EnumSet.of(Action.SELECT, Action.INSERT)).
+        addInputObjectPriviledge(AuthorizableType.Table, EnumSet.of(DBModelAction.SELECT, DBModelAction.INSERT)).
         setOperationScope(HiveOperationScope.TABLE).
         setOperationType(HiveOperationType.INFO).
         build();
@@ -561,9 +562,9 @@ implements HiveDriverFilterHook {
       Database database;
       database = new Database(dbName);
 
-      List<List<Authorizable>> inputHierarchy = new ArrayList<List<Authorizable>>();
-      List<List<Authorizable>> outputHierarchy = new ArrayList<List<Authorizable>>();
-      List<Authorizable> externalAuthorizableHierarchy = new ArrayList<Authorizable>();
+      List<List<DBModelAuthorizable>> inputHierarchy = new ArrayList<List<DBModelAuthorizable>>();
+      List<List<DBModelAuthorizable>> outputHierarchy = new ArrayList<List<DBModelAuthorizable>>();
+      List<DBModelAuthorizable> externalAuthorizableHierarchy = new ArrayList<DBModelAuthorizable>();
       externalAuthorizableHierarchy.add(hiveAuthzBinding.getAuthServer());
       externalAuthorizableHierarchy.add(database);
       externalAuthorizableHierarchy.add(table);
@@ -588,8 +589,8 @@ implements HiveDriverFilterHook {
     List<String> filteredResult = new ArrayList<String>();
     Subject subject = new Subject(userName);
     HiveAuthzPrivileges anyPrivilege = new HiveAuthzPrivileges.AuthzPrivilegeBuilder().
-        addInputObjectPriviledge(AuthorizableType.Table, EnumSet.of(Action.SELECT, Action.INSERT)).
-        addInputObjectPriviledge(AuthorizableType.URI, EnumSet.of(Action.SELECT)).
+        addInputObjectPriviledge(AuthorizableType.Table, EnumSet.of(DBModelAction.SELECT, DBModelAction.INSERT)).
+        addInputObjectPriviledge(AuthorizableType.URI, EnumSet.of(DBModelAction.SELECT)).
         setOperationScope(HiveOperationScope.CONNECT).
         setOperationType(HiveOperationType.QUERY).
         build();
@@ -608,9 +609,9 @@ implements HiveDriverFilterHook {
 
       database = new Database(dbName);
 
-      List<List<Authorizable>> inputHierarchy = new ArrayList<List<Authorizable>>();
-      List<List<Authorizable>> outputHierarchy = new ArrayList<List<Authorizable>>();
-      List<Authorizable> externalAuthorizableHierarchy = new ArrayList<Authorizable>();
+      List<List<DBModelAuthorizable>> inputHierarchy = new ArrayList<List<DBModelAuthorizable>>();
+      List<List<DBModelAuthorizable>> outputHierarchy = new ArrayList<List<DBModelAuthorizable>>();
+      List<DBModelAuthorizable> externalAuthorizableHierarchy = new ArrayList<DBModelAuthorizable>();
       externalAuthorizableHierarchy.add(hiveAuthzBinding.getAuthServer());
       externalAuthorizableHierarchy.add(database);
       externalAuthorizableHierarchy.add(Table.ALL);

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/ef54e132/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingPreExecHook.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingPreExecHook.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingPreExecHook.java
index 28812c5..f120c77 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingPreExecHook.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingPreExecHook.java
@@ -26,8 +26,8 @@ import org.apache.hadoop.hive.ql.plan.HiveOperation;
 import org.apache.sentry.binding.hive.authz.HiveAuthzBinding;
 import org.apache.sentry.binding.hive.authz.HiveAuthzPrivilegesMap;
 import org.apache.sentry.binding.hive.authz.HiveAuthzPrivileges.HiveExtendedOperation;
-import org.apache.sentry.core.Authorizable;
-import org.apache.sentry.core.Subject;
+import org.apache.sentry.core.common.Subject;
+import org.apache.sentry.core.model.db.DBModelAuthorizable;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -52,9 +52,9 @@ public class HiveAuthzBindingPreExecHook implements ExecuteWithHookContext {
           LOG.warn("No authorization binding fund, skipping the authorization for transform");
           return;
         }
-        List<List<Authorizable>> inputHierarchy = new ArrayList<List<Authorizable>> ();
-        List<List<Authorizable>> outputHierarchy = new ArrayList<List<Authorizable>> ();
-        List<Authorizable> serverHierarchy = new ArrayList<Authorizable>();
+        List<List<DBModelAuthorizable>> inputHierarchy = new ArrayList<List<DBModelAuthorizable>> ();
+        List<List<DBModelAuthorizable>> outputHierarchy = new ArrayList<List<DBModelAuthorizable>> ();
+        List<DBModelAuthorizable> serverHierarchy = new ArrayList<DBModelAuthorizable>();
 
         serverHierarchy.add(hiveAuthzBinding.getAuthServer());
         outputHierarchy.add(serverHierarchy);

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/ef54e132/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryOnFailureHookContext.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryOnFailureHookContext.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryOnFailureHookContext.java
index a57c510..2beacd0 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryOnFailureHookContext.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryOnFailureHookContext.java
@@ -20,9 +20,9 @@ package org.apache.sentry.binding.hive;
 
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.hive.ql.plan.HiveOperation;
-import org.apache.sentry.core.AccessURI;
-import org.apache.sentry.core.Database;
-import org.apache.sentry.core.Table;
+import org.apache.sentry.core.model.db.AccessURI;
+import org.apache.sentry.core.model.db.Database;
+import org.apache.sentry.core.model.db.Table;
 import org.apache.hadoop.hive.ql.exec.Task;
 import org.apache.hadoop.hive.ql.hooks.ReadEntity;
 import org.apache.hadoop.hive.ql.hooks.WriteEntity;

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/ef54e132/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryOnFailureHookContextImpl.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryOnFailureHookContextImpl.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryOnFailureHookContextImpl.java
index e2142df..d8ffe23 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryOnFailureHookContextImpl.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryOnFailureHookContextImpl.java
@@ -20,9 +20,9 @@ package org.apache.sentry.binding.hive;
 
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.hive.ql.plan.HiveOperation;
-import org.apache.sentry.core.AccessURI;
-import org.apache.sentry.core.Database;
-import org.apache.sentry.core.Table;
+import org.apache.sentry.core.model.db.AccessURI;
+import org.apache.sentry.core.model.db.Database;
+import org.apache.sentry.core.model.db.Table;
 import org.apache.hadoop.hive.ql.exec.Task;
 import org.apache.hadoop.hive.ql.hooks.ReadEntity;
 import org.apache.hadoop.hive.ql.hooks.WriteEntity;

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/ef54e132/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java
index 8ecb41b..36d2fd1 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java
@@ -17,7 +17,6 @@
 package org.apache.sentry.binding.hive.authz;
 
 import java.lang.reflect.Constructor;
-
 import java.util.EnumSet;
 import java.util.List;
 import java.util.Map;
@@ -33,13 +32,14 @@ import org.apache.hadoop.hive.ql.plan.HiveOperation;
 import org.apache.hadoop.hive.ql.session.SessionState;
 import org.apache.sentry.binding.hive.conf.HiveAuthzConf;
 import org.apache.sentry.binding.hive.conf.HiveAuthzConf.AuthzConfVars;
-import org.apache.sentry.core.Action;
-import org.apache.sentry.core.Authorizable;
-import org.apache.sentry.core.AuthorizationProvider;
-import org.apache.sentry.core.NoAuthorizationProvider;
-import org.apache.sentry.core.Server;
-import org.apache.sentry.core.Subject;
-import org.apache.sentry.core.Authorizable.AuthorizableType;
+import org.apache.sentry.core.common.Action;
+import org.apache.sentry.core.common.AuthorizationProvider;
+import org.apache.sentry.core.common.NoAuthorizationProvider;
+import org.apache.sentry.core.common.Subject;
+import org.apache.sentry.core.model.db.DBModelAction;
+import org.apache.sentry.core.model.db.DBModelAuthorizable;
+import org.apache.sentry.core.model.db.DBModelAuthorizable.AuthorizableType;
+import org.apache.sentry.core.model.db.Server;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.apache.sentry.binding.hive.conf.InvalidConfigurationException;
@@ -149,7 +149,7 @@ public class HiveAuthzBinding {
    * @throws AuthorizationException
    */
   public void authorize(HiveOperation hiveOp, HiveAuthzPrivileges stmtAuthPrivileges,
-      Subject subject, List<List<Authorizable>> inputHierarchyList, List<List<Authorizable>> outputHierarchyList )
+      Subject subject, List<List<DBModelAuthorizable>> inputHierarchyList, List<List<DBModelAuthorizable>> outputHierarchyList )
           throws AuthorizationException {
     boolean isDebug = LOG.isDebugEnabled();
     if(isDebug) {
@@ -166,16 +166,16 @@ public class HiveAuthzBinding {
        */
 
       // Check read entities
-      Map<AuthorizableType, EnumSet<Action>> requiredInputPrivileges =
+      Map<AuthorizableType, EnumSet<DBModelAction>> requiredInputPrivileges =
           stmtAuthPrivileges.getInputPrivileges();
-      for (List<Authorizable> inputHierarchy : inputHierarchyList) {
+      for (List<DBModelAuthorizable> inputHierarchy : inputHierarchyList) {
         if(isDebug) {
           LOG.debug("requiredInputPrivileges = " + requiredInputPrivileges);
           LOG.debug("inputHierarchy = " + inputHierarchy);
           LOG.debug("getAuthzType(inputHierarchy) = " + getAuthzType(inputHierarchy));
         }
         if (requiredInputPrivileges.containsKey(getAuthzType(inputHierarchy))) {
-          EnumSet<Action> inputPrivSet =
+          EnumSet<DBModelAction> inputPrivSet =
             requiredInputPrivileges.get(getAuthzType(inputHierarchy));
           if (!authProvider.hasAccess(subject, inputHierarchy, inputPrivSet)) {
             throw new AuthorizationException("User " + subject.getName() +
@@ -184,16 +184,16 @@ public class HiveAuthzBinding {
         }
       }
       // Check write entities
-      Map<AuthorizableType, EnumSet<Action>> requiredOutputPrivileges =
+      Map<AuthorizableType, EnumSet<DBModelAction>> requiredOutputPrivileges =
           stmtAuthPrivileges.getOutputPrivileges();
-      for (List<Authorizable> outputHierarchy : outputHierarchyList) {
+      for (List<DBModelAuthorizable> outputHierarchy : outputHierarchyList) {
         if(isDebug) {
           LOG.debug("requiredOutputPrivileges = " + requiredOutputPrivileges);
           LOG.debug("outputHierarchy = " + outputHierarchy);
           LOG.debug("getAuthzType(outputHierarchy) = " + getAuthzType(outputHierarchy));
         }
         if (requiredOutputPrivileges.containsKey(getAuthzType(outputHierarchy))) {
-          EnumSet<Action> outputPrivSet =
+          EnumSet<DBModelAction> outputPrivSet =
             requiredOutputPrivileges.get(getAuthzType(outputHierarchy));
           if (!authProvider.hasAccess(subject, outputHierarchy, outputPrivSet)) {
             throw new AuthorizationException("User " + subject.getName() +
@@ -207,7 +207,7 @@ public class HiveAuthzBinding {
     return authServer;
   }
 
-  private AuthorizableType getAuthzType (List<Authorizable> hierarchy){
+  private AuthorizableType getAuthzType (List<DBModelAuthorizable> hierarchy){
     return hierarchy.get(hierarchy.size() -1).getAuthzType();
   }
 }

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/ef54e132/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivileges.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivileges.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivileges.java
index 2c480ef..98dbc8d 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivileges.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivileges.java
@@ -20,8 +20,8 @@ import java.util.EnumSet;
 import java.util.HashMap;
 import java.util.Map;
 
-import org.apache.sentry.core.Action;
-import org.apache.sentry.core.Authorizable.AuthorizableType;
+import org.apache.sentry.core.model.db.DBModelAction;
+import org.apache.sentry.core.model.db.DBModelAuthorizable.AuthorizableType;
 
 /**
  * Hive objects with required access privileges mapped to auth provider privileges
@@ -61,24 +61,24 @@ public class HiveAuthzPrivileges {
   }
 
   public static class AuthzPrivilegeBuilder {
-    private final Map<AuthorizableType, EnumSet<Action>> inputPrivileges =
-        new HashMap<AuthorizableType ,EnumSet<Action>>();
-    private final Map<AuthorizableType,EnumSet<Action>> outputPrivileges =
-        new HashMap<AuthorizableType,EnumSet<Action>>();
+    private final Map<AuthorizableType, EnumSet<DBModelAction>> inputPrivileges =
+        new HashMap<AuthorizableType ,EnumSet<DBModelAction>>();
+    private final Map<AuthorizableType,EnumSet<DBModelAction>> outputPrivileges =
+        new HashMap<AuthorizableType,EnumSet<DBModelAction>>();
     private HiveOperationType operationType;
     private HiveOperationScope operationScope;
 
-    public AuthzPrivilegeBuilder addInputObjectPriviledge(AuthorizableType inputObjectType, EnumSet<Action> inputPrivilege) {
+    public AuthzPrivilegeBuilder addInputObjectPriviledge(AuthorizableType inputObjectType, EnumSet<DBModelAction> inputPrivilege) {
       inputPrivileges.put(inputObjectType, inputPrivilege);
       return this;
     }
 
-    public AuthzPrivilegeBuilder addOutputEntityPriviledge(AuthorizableType outputEntityType, EnumSet<Action> outputPrivilege) {
+    public AuthzPrivilegeBuilder addOutputEntityPriviledge(AuthorizableType outputEntityType, EnumSet<DBModelAction> outputPrivilege) {
       outputPrivileges.put(outputEntityType, outputPrivilege);
       return this;
     }
 
-    public AuthzPrivilegeBuilder addOutputObjectPriviledge(AuthorizableType outputObjectType, EnumSet<Action> outputPrivilege) {
+    public AuthzPrivilegeBuilder addOutputObjectPriviledge(AuthorizableType outputObjectType, EnumSet<DBModelAction> outputPrivilege) {
       outputPrivileges.put(outputObjectType, outputPrivilege);
       return this;
     }
@@ -106,15 +106,15 @@ public class HiveAuthzPrivileges {
     }
   }
 
-  private final Map<AuthorizableType,EnumSet<Action>> inputPrivileges =
-      new HashMap<AuthorizableType,EnumSet<Action>>();
-  private final Map<AuthorizableType,EnumSet<Action>>  outputPrivileges =
-      new HashMap<AuthorizableType,EnumSet<Action>>();
+  private final Map<AuthorizableType,EnumSet<DBModelAction>> inputPrivileges =
+      new HashMap<AuthorizableType,EnumSet<DBModelAction>>();
+  private final Map<AuthorizableType,EnumSet<DBModelAction>>  outputPrivileges =
+      new HashMap<AuthorizableType,EnumSet<DBModelAction>>();
   private final HiveOperationType operationType;
   private final HiveOperationScope operationScope;
 
-  protected HiveAuthzPrivileges(Map<AuthorizableType,EnumSet<Action>> inputPrivileges,
-      Map<AuthorizableType,EnumSet<Action>> outputPrivileges, HiveOperationType operationType,
+  protected HiveAuthzPrivileges(Map<AuthorizableType,EnumSet<DBModelAction>> inputPrivileges,
+      Map<AuthorizableType,EnumSet<DBModelAction>> outputPrivileges, HiveOperationType operationType,
       HiveOperationScope operationScope) {
     this.inputPrivileges.putAll(inputPrivileges);
     this.outputPrivileges.putAll(outputPrivileges);
@@ -125,14 +125,14 @@ public class HiveAuthzPrivileges {
   /**
    * @return the inputPrivileges
    */
-  public Map<AuthorizableType, EnumSet<Action>> getInputPrivileges() {
+  public Map<AuthorizableType, EnumSet<DBModelAction>> getInputPrivileges() {
     return inputPrivileges;
   }
 
   /**
    * @return the outputPrivileges
    */
-  public Map<AuthorizableType, EnumSet<Action>> getOutputPrivileges() {
+  public Map<AuthorizableType, EnumSet<DBModelAction>> getOutputPrivileges() {
     return outputPrivileges;
   }
 

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/ef54e132/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
index b7340a2..b20ec34 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
@@ -24,8 +24,9 @@ import org.apache.hadoop.hive.ql.plan.HiveOperation;
 import org.apache.sentry.binding.hive.authz.HiveAuthzPrivileges.HiveExtendedOperation;
 import org.apache.sentry.binding.hive.authz.HiveAuthzPrivileges.HiveOperationScope;
 import org.apache.sentry.binding.hive.authz.HiveAuthzPrivileges.HiveOperationType;
-import org.apache.sentry.core.Action;
-import org.apache.sentry.core.Authorizable.AuthorizableType;
+import org.apache.sentry.core.common.Action;
+import org.apache.sentry.core.model.db.DBModelAction;
+import org.apache.sentry.core.model.db.DBModelAuthorizable.AuthorizableType;
 
 public class HiveAuthzPrivilegesMap {
   private static final Map <HiveOperation, HiveAuthzPrivileges> hiveAuthzStmtPrivMap =
@@ -35,8 +36,8 @@ public class HiveAuthzPrivilegesMap {
 
   static {
     HiveAuthzPrivileges tableDDLPrivilege = new HiveAuthzPrivileges.AuthzPrivilegeBuilder().
-        addOutputObjectPriviledge(AuthorizableType.Table, EnumSet.of(Action.ALL)).
-        addInputObjectPriviledge(AuthorizableType.URI, EnumSet.of(Action.SELECT)).
+        addOutputObjectPriviledge(AuthorizableType.Table, EnumSet.of(DBModelAction.ALL)).
+        addInputObjectPriviledge(AuthorizableType.URI, EnumSet.of(DBModelAction.SELECT)).
         setOperationScope(HiveOperationScope.TABLE).
         setOperationType(HiveOperationType.DDL).
         build();
@@ -44,75 +45,75 @@ public class HiveAuthzPrivilegesMap {
      * The difference is that the insert also has output table entities
      */
     HiveAuthzPrivileges tableQueryPrivilege = new HiveAuthzPrivileges.AuthzPrivilegeBuilder().
-        addInputObjectPriviledge(AuthorizableType.Table, EnumSet.of(Action.SELECT)).
-        addOutputObjectPriviledge(AuthorizableType.Table, EnumSet.of(Action.INSERT)).
-        addOutputObjectPriviledge(AuthorizableType.URI, EnumSet.of(Action.INSERT)).
+        addInputObjectPriviledge(AuthorizableType.Table, EnumSet.of(DBModelAction.SELECT)).
+        addOutputObjectPriviledge(AuthorizableType.Table, EnumSet.of(DBModelAction.INSERT)).
+        addOutputObjectPriviledge(AuthorizableType.URI, EnumSet.of(DBModelAction.INSERT)).
         setOperationScope(HiveOperationScope.TABLE).
         setOperationType(HiveOperationType.QUERY).
         build();
     HiveAuthzPrivileges tableLoadPrivilege = new HiveAuthzPrivileges.AuthzPrivilegeBuilder().
-        addInputObjectPriviledge(AuthorizableType.URI, EnumSet.of(Action.SELECT)).
-        addOutputObjectPriviledge(AuthorizableType.Table, EnumSet.of(Action.INSERT)).
+        addInputObjectPriviledge(AuthorizableType.URI, EnumSet.of(DBModelAction.SELECT)).
+        addOutputObjectPriviledge(AuthorizableType.Table, EnumSet.of(DBModelAction.INSERT)).
         setOperationScope(HiveOperationScope.TABLE).
         setOperationType(HiveOperationType.DATA_LOAD).
         build();
 
     HiveAuthzPrivileges tableExportPrivilege = new HiveAuthzPrivileges.AuthzPrivilegeBuilder().
-        addInputObjectPriviledge(AuthorizableType.Table, EnumSet.of(Action.SELECT)).
-        addOutputObjectPriviledge(AuthorizableType.URI, EnumSet.of(Action.INSERT)).
+        addInputObjectPriviledge(AuthorizableType.Table, EnumSet.of(DBModelAction.SELECT)).
+        addOutputObjectPriviledge(AuthorizableType.URI, EnumSet.of(DBModelAction.INSERT)).
         setOperationScope(HiveOperationScope.TABLE).
         setOperationType(HiveOperationType.DATA_UNLOAD).
         build();
 
     HiveAuthzPrivileges tableMetaDataPrivilege = new HiveAuthzPrivileges.AuthzPrivilegeBuilder().
-        addInputObjectPriviledge(AuthorizableType.Table, EnumSet.of(Action.SELECT, Action.INSERT)).
+        addInputObjectPriviledge(AuthorizableType.Table, EnumSet.of(DBModelAction.SELECT, DBModelAction.INSERT)).
         setOperationScope(HiveOperationScope.TABLE).
         setOperationType(HiveOperationType.INFO).
         build();
 
     HiveAuthzPrivileges dbDDLPrivilege = new HiveAuthzPrivileges.AuthzPrivilegeBuilder().
-        addOutputObjectPriviledge(AuthorizableType.Db, EnumSet.of(Action.ALL)).
-        addInputObjectPriviledge(AuthorizableType.URI, EnumSet.of(Action.ALL)).
+        addOutputObjectPriviledge(AuthorizableType.Db, EnumSet.of(DBModelAction.ALL)).
+        addInputObjectPriviledge(AuthorizableType.URI, EnumSet.of(DBModelAction.ALL)).
         setOperationScope(HiveOperationScope.DATABASE).
         setOperationType(HiveOperationType.DDL).
         build();
 
     HiveAuthzPrivileges dbImportPrivilege = new HiveAuthzPrivileges.AuthzPrivilegeBuilder().
-        addOutputObjectPriviledge(AuthorizableType.Db, EnumSet.of(Action.ALL)).
-        addInputObjectPriviledge(AuthorizableType.URI, EnumSet.of(Action.SELECT)).
+        addOutputObjectPriviledge(AuthorizableType.Db, EnumSet.of(DBModelAction.ALL)).
+        addInputObjectPriviledge(AuthorizableType.URI, EnumSet.of(DBModelAction.SELECT)).
         setOperationScope(HiveOperationScope.DATABASE).
         setOperationType(HiveOperationType.DDL).
         build();
 
     HiveAuthzPrivileges createViewPrivilege = new HiveAuthzPrivileges.AuthzPrivilegeBuilder().
-    addOutputObjectPriviledge(AuthorizableType.Db, EnumSet.of(Action.ALL)).
-    addInputObjectPriviledge(AuthorizableType.Table, EnumSet.of(Action.SELECT)).
-    addInputObjectPriviledge(AuthorizableType.URI, EnumSet.of(Action.SELECT)).
+    addOutputObjectPriviledge(AuthorizableType.Db, EnumSet.of(DBModelAction.ALL)).
+    addInputObjectPriviledge(AuthorizableType.Table, EnumSet.of(DBModelAction.SELECT)).
+    addInputObjectPriviledge(AuthorizableType.URI, EnumSet.of(DBModelAction.SELECT)).
     setOperationScope(HiveOperationScope.DATABASE).
     setOperationType(HiveOperationType.DDL).
     build();
 
     HiveAuthzPrivileges dbMetaDataPrivilege = new HiveAuthzPrivileges.AuthzPrivilegeBuilder().
-      addInputObjectPriviledge(AuthorizableType.Db, EnumSet.of(Action.SELECT)).
+      addInputObjectPriviledge(AuthorizableType.Db, EnumSet.of(DBModelAction.SELECT)).
       setOperationScope(HiveOperationScope.DATABASE).
       setOperationType(HiveOperationType.INFO).
       build();
 
     HiveAuthzPrivileges tableDMLPrivilege = new HiveAuthzPrivileges.AuthzPrivilegeBuilder().
-        addOutputObjectPriviledge(AuthorizableType.Table, EnumSet.of(Action.INSERT)).
+        addOutputObjectPriviledge(AuthorizableType.Table, EnumSet.of(DBModelAction.INSERT)).
         setOperationScope(HiveOperationScope.TABLE).
         setOperationType(HiveOperationType.DML).
         build();
     HiveAuthzPrivileges serverPrivilege = new HiveAuthzPrivileges.AuthzPrivilegeBuilder().
-        addInputObjectPriviledge(AuthorizableType.Server, EnumSet.of(Action.ALL)).
-        addOutputObjectPriviledge(AuthorizableType.Server, EnumSet.of(Action.ALL)).
+        addInputObjectPriviledge(AuthorizableType.Server, EnumSet.of(DBModelAction.ALL)).
+        addOutputObjectPriviledge(AuthorizableType.Server, EnumSet.of(DBModelAction.ALL)).
         setOperationScope(HiveOperationScope.SERVER).
         setOperationType(HiveOperationType.DDL).
         build();
 
     HiveAuthzPrivileges anyPrivilege = new HiveAuthzPrivileges.AuthzPrivilegeBuilder().
-        addInputObjectPriviledge(AuthorizableType.Table, EnumSet.of(Action.SELECT, Action.INSERT)).
-        addInputObjectPriviledge(AuthorizableType.URI, EnumSet.of(Action.SELECT)).
+        addInputObjectPriviledge(AuthorizableType.Table, EnumSet.of(DBModelAction.SELECT, DBModelAction.INSERT)).
+        addInputObjectPriviledge(AuthorizableType.URI, EnumSet.of(DBModelAction.SELECT)).
         setOperationScope(HiveOperationScope.CONNECT).
         setOperationType(HiveOperationType.QUERY).
         build();
@@ -178,8 +179,8 @@ public class HiveAuthzPrivilegesMap {
     hiveAuthzStmtPrivMap.put(HiveOperation.CREATETABLE, dbDDLPrivilege);
     hiveAuthzStmtPrivMap.put(HiveOperation.CREATETABLE_AS_SELECT,
         new HiveAuthzPrivileges.AuthzPrivilegeBuilder().
-        addInputObjectPriviledge(AuthorizableType.Table, EnumSet.of(Action.SELECT)).
-        addOutputObjectPriviledge(AuthorizableType.Db, EnumSet.of(Action.ALL)).
+        addInputObjectPriviledge(AuthorizableType.Table, EnumSet.of(DBModelAction.SELECT)).
+        addOutputObjectPriviledge(AuthorizableType.Db, EnumSet.of(DBModelAction.ALL)).
         setOperationScope(HiveOperationScope.DATABASE).
         setOperationType(HiveOperationType.DDL).
         build());

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/ef54e132/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java
index d3d44d2..506abf8 100644
--- a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java
+++ b/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java
@@ -34,13 +34,13 @@ import org.apache.sentry.binding.hive.authz.HiveAuthzPrivilegesMap;
 import org.apache.sentry.binding.hive.conf.HiveAuthzConf;
 import org.apache.sentry.binding.hive.conf.HiveAuthzConf.AuthzConfVars;
 import org.apache.sentry.binding.hive.conf.InvalidConfigurationException;
-import org.apache.sentry.core.AccessConstants;
-import org.apache.sentry.core.AccessURI;
-import org.apache.sentry.core.Authorizable;
-import org.apache.sentry.core.Database;
-import org.apache.sentry.core.Server;
-import org.apache.sentry.core.Subject;
-import org.apache.sentry.core.Table;
+import org.apache.sentry.core.common.Subject;
+import org.apache.sentry.core.model.db.AccessConstants;
+import org.apache.sentry.core.model.db.AccessURI;
+import org.apache.sentry.core.model.db.DBModelAuthorizable;
+import org.apache.sentry.core.model.db.Database;
+import org.apache.sentry.core.model.db.Server;
+import org.apache.sentry.core.model.db.Table;
 import org.apache.sentry.provider.file.PolicyFiles;
 import org.junit.After;
 import org.junit.Before;
@@ -76,8 +76,8 @@ public class TestHiveAuthzBindings {
   private static final String PAYMENT_TAB = "payments";
 
   // Entities
-  private List<List<Authorizable>> inputTabHierarcyList = new ArrayList<List<Authorizable>>();
-  private List<List<Authorizable>> outputTabHierarcyList = new ArrayList<List<Authorizable>>();
+  private List<List<DBModelAuthorizable>> inputTabHierarcyList = new ArrayList<List<DBModelAuthorizable>>();
+  private List<List<DBModelAuthorizable>> outputTabHierarcyList = new ArrayList<List<DBModelAuthorizable>>();
   private HiveConf hiveConf = new HiveConf();
   private HiveAuthzConf authzConf = new HiveAuthzConf(Resources.getResource("sentry-deprecated-site.xml"));
 
@@ -247,7 +247,7 @@ public class TestHiveAuthzBindings {
   @Test
   public void testValidateCreateFunctionForAdmin() throws Exception {
     inputTabHierarcyList.add(buildObjectHierarchy(SERVER1, null, null));
-    inputTabHierarcyList.add(Arrays.asList(new Authorizable[] {
+    inputTabHierarcyList.add(Arrays.asList(new DBModelAuthorizable[] {
         new Server(SERVER1), new AccessURI("file:///some/path/to/a/jar")
     }));
     testAuth.authorize(HiveOperation.CREATEFUNCTION, createFuncPrivileges, ADMIN_SUBJECT,
@@ -255,10 +255,10 @@ public class TestHiveAuthzBindings {
   }
   @Test
   public void testValidateCreateFunctionAppropiateURI() throws Exception {
-    inputTabHierarcyList.add(Arrays.asList(new Authorizable[] {
+    inputTabHierarcyList.add(Arrays.asList(new DBModelAuthorizable[] {
         new Server(SERVER1), new Database(CUSTOMER_DB), new Table(AccessConstants.ALL)
     }));
-    inputTabHierarcyList.add(Arrays.asList(new Authorizable[] {
+    inputTabHierarcyList.add(Arrays.asList(new DBModelAuthorizable[] {
         new Server(SERVER1), new AccessURI("file:///path/to/some/lib/dir/my.jar")
     }));
     testAuth.authorize(HiveOperation.CREATEFUNCTION, createFuncPrivileges, ANALYST_SUBJECT,
@@ -272,10 +272,10 @@ public class TestHiveAuthzBindings {
   }
   @Test(expected=AuthorizationException.class)
   public void testValidateCreateFunctionRejectionForUserWithoutURI() throws Exception {
-    inputTabHierarcyList.add(Arrays.asList(new Authorizable[] {
+    inputTabHierarcyList.add(Arrays.asList(new DBModelAuthorizable[] {
         new Server(SERVER1), new Database(CUSTOMER_DB), new Table(AccessConstants.ALL)
     }));
-    inputTabHierarcyList.add(Arrays.asList(new Authorizable[] {
+    inputTabHierarcyList.add(Arrays.asList(new DBModelAuthorizable[] {
         new Server(SERVER1), new AccessURI("file:///some/path/to/a.jar")
     }));
     testAuth.authorize(HiveOperation.CREATEFUNCTION, createFuncPrivileges, ANALYST_SUBJECT,
@@ -319,8 +319,8 @@ public class TestHiveAuthzBindings {
         inputTabHierarcyList, outputTabHierarcyList);
   }
 
-  private List <Authorizable>  buildObjectHierarchy(String server, String db, String table) {
-    List <Authorizable> authList = new ArrayList<Authorizable> ();
+  private List <DBModelAuthorizable>  buildObjectHierarchy(String server, String db, String table) {
+    List <DBModelAuthorizable> authList = new ArrayList<DBModelAuthorizable> ();
     authList.add(new Server(server));
     if (db != null) {
       authList.add(new Database(db));

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/ef54e132/sentry-core/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-core/pom.xml b/sentry-core/pom.xml
index 6afdd4a..109d09f 100644
--- a/sentry-core/pom.xml
+++ b/sentry-core/pom.xml
@@ -26,13 +26,11 @@ limitations under the License.
 
   <artifactId>sentry-core</artifactId>
   <name>Sentry core</name>
+  <packaging>pom</packaging>
 
-  <dependencies>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-      <scope>test</scope>
-    </dependency>
-  </dependencies>
+  <modules>
+    <module>sentry-core-common</module>
+    <module>sentry-core-model-db</module>
+  </modules>
 
 </project>

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/ef54e132/sentry-core/sentry-core-common/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-common/pom.xml b/sentry-core/sentry-core-common/pom.xml
new file mode 100644
index 0000000..9b7d067
--- /dev/null
+++ b/sentry-core/sentry-core-common/pom.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements.  See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License.  You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+  <modelVersion>4.0.0</modelVersion>
+  <parent>
+    <groupId>org.apache.sentry</groupId>
+    <artifactId>sentry-core</artifactId>
+    <version>1.3.0-incubating-SNAPSHOT</version>
+  </parent>
+
+  <artifactId>sentry-core-common</artifactId>
+  <name>Sentry Core Common</name>
+
+</project>

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/ef54e132/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Action.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Action.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Action.java
new file mode 100644
index 0000000..44b7b2b
--- /dev/null
+++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Action.java
@@ -0,0 +1,21 @@
+/*
+* Licensed to the Apache Software Foundation (ASF) under one or more
+* contributor license agreements. See the NOTICE file distributed with
+* this work for additional information regarding copyright ownership.
+* The ASF licenses this file to You under the Apache License, Version 2.0
+* (the "License"); you may not use this file except in compliance with
+* the License. You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package org.apache.sentry.core.common;
+
+public interface Action {
+  public String getValue();
+}

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/ef54e132/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Authorizable.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Authorizable.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Authorizable.java
new file mode 100644
index 0000000..3523237
--- /dev/null
+++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Authorizable.java
@@ -0,0 +1,23 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.core.common;
+
+public interface Authorizable {
+  public String getName();
+
+  public String getTypeName();
+}

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/ef54e132/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/AuthorizationProvider.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/AuthorizationProvider.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/AuthorizationProvider.java
new file mode 100644
index 0000000..0239f12
--- /dev/null
+++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/AuthorizationProvider.java
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.core.common;
+
+import java.util.List;
+import java.util.Set;
+
+
+public interface AuthorizationProvider {
+
+  /***
+   * Returns validate subject privileges on given Authorizable object
+   *
+   * @param subject: UserID to validate privileges
+   * @param authorizableHierarchy : List of object accroding to namespace hierarchy.
+   *        eg. Server->Db->Table or Server->Function
+   *        The privileges will be validated from the higher to lower scope
+   * @param actions : Privileges to validate
+   * @return
+   *        True if the subject is authorized to perform requested action on the given object
+   */
+  public boolean hasAccess(Subject subject, List<? extends Authorizable> authorizableHierarchy, Set<? extends Action> actions);
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/ef54e132/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/NoAuthorizationProvider.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/NoAuthorizationProvider.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/NoAuthorizationProvider.java
new file mode 100644
index 0000000..3bcd08b
--- /dev/null
+++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/NoAuthorizationProvider.java
@@ -0,0 +1,30 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.core.common;
+
+import java.util.List;
+import java.util.Set;
+
+public class NoAuthorizationProvider implements AuthorizationProvider {
+
+  @Override
+  public boolean hasAccess(Subject subject, List<? extends Authorizable> authorizableHierarchy,
+      Set<? extends Action> actions) {
+    return false;
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/ef54e132/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Subject.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Subject.java b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Subject.java
new file mode 100644
index 0000000..88457c0
--- /dev/null
+++ b/sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Subject.java
@@ -0,0 +1,35 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.core.common;
+
+public class Subject {
+
+  private final String name;
+
+  public Subject(String name) {
+    this.name = name;
+  }
+
+  public String getName() {
+    return name;
+  }
+
+  @Override
+  public String toString() {
+    return "Subject [name=" + name + "]";
+  }
+}

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/ef54e132/sentry-core/sentry-core-model-db/pom.xml
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-db/pom.xml b/sentry-core/sentry-core-model-db/pom.xml
new file mode 100644
index 0000000..ff419a4
--- /dev/null
+++ b/sentry-core/sentry-core-model-db/pom.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements.  See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License.  You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+  <modelVersion>4.0.0</modelVersion>
+  <parent>
+    <groupId>org.apache.sentry</groupId>
+    <artifactId>sentry-core</artifactId>
+    <version>1.3.0-incubating-SNAPSHOT</version>
+  </parent>
+
+  <artifactId>sentry-core-model-db</artifactId>
+  <name>Sentry Core Model DB</name>
+
+  <dependencies>
+    <dependency>
+      <groupId>org.apache.sentry</groupId>
+      <artifactId>sentry-core-common</artifactId>
+    </dependency>
+
+    <dependency>
+      <groupId>junit</groupId>
+      <artifactId>junit</artifactId>
+      <scope>test</scope>
+    </dependency>
+  </dependencies>
+
+</project>

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/ef54e132/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/AccessConstants.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/AccessConstants.java b/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/AccessConstants.java
new file mode 100644
index 0000000..4be391f
--- /dev/null
+++ b/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/AccessConstants.java
@@ -0,0 +1,30 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.core.model.db;
+
+public class AccessConstants {
+
+  /**
+   * Used as the &quot;name&quot; for a Server, Database, Table object which
+   * represents all Servers, Databases, or Tables.
+   */
+  public static final String ALL = "*";
+
+  public static final String SELECT = "select";
+  public static final String INSERT = "insert";
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/ef54e132/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/AccessURI.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/AccessURI.java b/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/AccessURI.java
new file mode 100644
index 0000000..8e44026
--- /dev/null
+++ b/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/AccessURI.java
@@ -0,0 +1,57 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.core.model.db;
+
+public class AccessURI implements DBModelAuthorizable {
+  /**
+   * Represents all URIs
+   */
+  public static final AccessURI ALL = new AccessURI(AccessConstants.ALL);
+
+  private final String uriName;
+
+
+  public AccessURI(String uriName) {
+    uriName = uriName == null ? "" : uriName;
+    if(!(uriName.equals(AccessConstants.ALL) ||
+        uriName.startsWith("file://") ||
+        uriName.startsWith("hdfs://"))) {
+      throw new IllegalArgumentException("URI '" + uriName + "' in invalid. Must start with file:// or hdfs://");
+    }
+    this.uriName = uriName;
+  }
+
+  @Override
+  public String getName() {
+    return uriName;
+  }
+
+  @Override
+  public AuthorizableType getAuthzType() {
+    return AuthorizableType.URI;
+  }
+
+  @Override
+  public String toString() {
+    return "URI [name=" + uriName + "]";
+  }
+
+  @Override
+  public String getTypeName() {
+    return getAuthzType().name();
+  }
+}

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/ef54e132/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/DBModelAction.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/DBModelAction.java b/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/DBModelAction.java
new file mode 100644
index 0000000..a4f3a87
--- /dev/null
+++ b/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/DBModelAction.java
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.core.model.db;
+
+import org.apache.sentry.core.common.Action;
+
+/**
+ * Represents actions in the DB model.
+ */
+public enum DBModelAction implements Action {
+
+  INSERT(AccessConstants.INSERT),
+  SELECT(AccessConstants.SELECT),
+  ALL(AccessConstants.ALL);
+
+  private final String value;
+  private DBModelAction(String value) {
+    this.value = value;
+  }
+
+  @Override
+  public String getValue() {
+    return value;
+  }
+}

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/ef54e132/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/DBModelAuthorizable.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/DBModelAuthorizable.java b/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/DBModelAuthorizable.java
new file mode 100644
index 0000000..de35bfa
--- /dev/null
+++ b/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/DBModelAuthorizable.java
@@ -0,0 +1,32 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.core.model.db;
+
+import org.apache.sentry.core.common.Authorizable;
+
+public interface DBModelAuthorizable extends Authorizable {
+
+  public enum AuthorizableType {
+    Server,
+    Db,
+    Table,
+    View,
+    URI
+  };
+
+  public AuthorizableType getAuthzType();
+}

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/ef54e132/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/Database.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/Database.java b/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/Database.java
new file mode 100644
index 0000000..0d94805
--- /dev/null
+++ b/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/Database.java
@@ -0,0 +1,51 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.core.model.db;
+
+public class Database implements DBModelAuthorizable {
+
+  /**
+   * Represents all databases
+   */
+  public static final Database ALL = new Database(AccessConstants.ALL);
+
+  private final String name;
+
+  public Database(String name) {
+    this.name = name;
+  }
+
+  @Override
+  public String getName() {
+    return name;
+  }
+
+  @Override
+  public String toString() {
+    return "Database [name=" + name + "]";
+  }
+
+  @Override
+  public AuthorizableType getAuthzType() {
+    return AuthorizableType.Db;
+  }
+
+  @Override
+  public String getTypeName() {
+    return getAuthzType().name();
+  }
+}

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/ef54e132/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/Server.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/Server.java b/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/Server.java
new file mode 100644
index 0000000..33e735e
--- /dev/null
+++ b/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/Server.java
@@ -0,0 +1,51 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.core.model.db;
+
+public class Server implements DBModelAuthorizable {
+
+  /**
+   * Represents all servers
+   */
+  public static final Server ALL = new Server(AccessConstants.ALL);
+
+  private final String name;
+
+  public Server(String name) {
+    this.name = name;
+  }
+
+  @Override
+  public String getName() {
+    return name;
+  }
+
+  @Override
+  public String toString() {
+    return "Server [name=" + name + "]";
+  }
+
+  @Override
+  public AuthorizableType getAuthzType() {
+    return AuthorizableType.Server;
+  }
+
+  @Override
+  public String getTypeName() {
+    return getAuthzType().name();
+  }
+}

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/ef54e132/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/ServerResource.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/ServerResource.java b/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/ServerResource.java
new file mode 100644
index 0000000..4e1ea5a
--- /dev/null
+++ b/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/ServerResource.java
@@ -0,0 +1,21 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.core.model.db;
+
+public enum ServerResource {
+  UDFS();
+}

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/ef54e132/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/Table.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/Table.java b/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/Table.java
new file mode 100644
index 0000000..62a0a81
--- /dev/null
+++ b/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/Table.java
@@ -0,0 +1,51 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.core.model.db;
+
+public class Table implements TableOrView {
+
+  /**
+   * Represents all tables
+   */
+  public static final Table ALL = new Table(AccessConstants.ALL);
+
+  private final String name;
+
+  public Table(String name) {
+    this.name = name;
+  }
+
+  @Override
+  public String getName() {
+    return name;
+  }
+
+  @Override
+  public String toString() {
+    return "Table [name=" + name + "]";
+  }
+
+  @Override
+  public AuthorizableType getAuthzType() {
+    return AuthorizableType.Table;
+  }
+
+  @Override
+  public String getTypeName() {
+    return getAuthzType().name();
+  }
+}

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/ef54e132/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/TableOrView.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/TableOrView.java b/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/TableOrView.java
new file mode 100644
index 0000000..025024b
--- /dev/null
+++ b/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/TableOrView.java
@@ -0,0 +1,21 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.core.model.db;
+
+public interface TableOrView extends DBModelAuthorizable {
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/ef54e132/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/View.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/View.java b/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/View.java
new file mode 100644
index 0000000..f6d8499
--- /dev/null
+++ b/sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/View.java
@@ -0,0 +1,51 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sentry.core.model.db;
+
+public class View implements TableOrView {
+
+  /**
+   * Represents all views
+   */
+  public static final View ALL = new View(AccessConstants.ALL);
+
+  private final String name;
+
+  public View(String name) {
+    this.name = name;
+  }
+
+  @Override
+  public String getName() {
+    return name;
+  }
+
+  @Override
+  public String toString() {
+    return "View [name=" + name + "]";
+  }
+
+  @Override
+  public AuthorizableType getAuthzType() {
+    return AuthorizableType.View;
+  }
+
+  @Override
+  public String getTypeName() {
+    return getAuthzType().name();
+  }
+}

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/ef54e132/sentry-core/sentry-core-model-db/src/test/java/org/apache/sentry/core/db/TestURI.java
----------------------------------------------------------------------
diff --git a/sentry-core/sentry-core-model-db/src/test/java/org/apache/sentry/core/db/TestURI.java b/sentry-core/sentry-core-model-db/src/test/java/org/apache/sentry/core/db/TestURI.java
new file mode 100644
index 0000000..3cc8b1e
--- /dev/null
+++ b/sentry-core/sentry-core-model-db/src/test/java/org/apache/sentry/core/db/TestURI.java
@@ -0,0 +1,45 @@
+package org.apache.sentry.core;
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+import org.apache.sentry.core.model.db.AccessURI;
+import org.junit.Test;
+
+public class TestURI {
+
+  @Test(expected=IllegalArgumentException.class)
+  public void testBadUriEmpty() {
+    new AccessURI("");
+  }
+  @Test(expected=IllegalArgumentException.class)
+  public void testBadUriNull() {
+    new AccessURI(null);
+  }
+  @Test(expected=IllegalArgumentException.class)
+  public void testBadUriNoFilePrefix() {
+    new AccessURI("/");
+  }
+  @Test(expected=IllegalArgumentException.class)
+  public void testBadUriIncorrectFilePrefix() {
+    new AccessURI("file:/some/path");
+  }
+  @Test(expected=IllegalArgumentException.class)
+  public void testBadUriIncorrectHdfsPrefix() {
+    new AccessURI("hdfs:/some/path");
+  }
+}

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/ef54e132/sentry-core/src/main/java/org/apache/sentry/core/AccessConstants.java
----------------------------------------------------------------------
diff --git a/sentry-core/src/main/java/org/apache/sentry/core/AccessConstants.java b/sentry-core/src/main/java/org/apache/sentry/core/AccessConstants.java
deleted file mode 100644
index 7551a1d..0000000
--- a/sentry-core/src/main/java/org/apache/sentry/core/AccessConstants.java
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.core;
-
-public class AccessConstants {
-
-  /**
-   * Used as the &quot;name&quot; for a Server, Database, Table object which
-   * represents all Servers, Databases, or Tables.
-   */
-  public static final String ALL = "*";
-
-  public static final String SELECT = "select";
-  public static final String INSERT = "insert";
-
-}

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/ef54e132/sentry-core/src/main/java/org/apache/sentry/core/AccessURI.java
----------------------------------------------------------------------
diff --git a/sentry-core/src/main/java/org/apache/sentry/core/AccessURI.java b/sentry-core/src/main/java/org/apache/sentry/core/AccessURI.java
deleted file mode 100644
index e6d817e..0000000
--- a/sentry-core/src/main/java/org/apache/sentry/core/AccessURI.java
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.core;
-
-public class AccessURI implements Authorizable {
-  /**
-   * Represents all URIs
-   */
-  public static final AccessURI ALL = new AccessURI(AccessConstants.ALL);
-
-  private final String uriName;
-
-
-  public AccessURI(String uriName) {
-    uriName = uriName == null ? "" : uriName;
-    if(!(uriName.equals(AccessConstants.ALL) || 
-        uriName.startsWith("file://") ||
-        uriName.startsWith("hdfs://"))) {
-      throw new IllegalArgumentException("URI '" + uriName + "' in invalid. Must start with file:// or hdfs://");      
-    }
-    this.uriName = uriName;
-  }
-
-  @Override
-  public String getName() {
-    return uriName;
-  }
-
-  @Override
-  public AuthorizableType getAuthzType() {
-    return AuthorizableType.URI;
-  }
-
-  @Override
-  public String toString() {
-    return "URI [name=" + uriName + "]";
-  }
-
-}

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/ef54e132/sentry-core/src/main/java/org/apache/sentry/core/Action.java
----------------------------------------------------------------------
diff --git a/sentry-core/src/main/java/org/apache/sentry/core/Action.java b/sentry-core/src/main/java/org/apache/sentry/core/Action.java
deleted file mode 100644
index 94e1984..0000000
--- a/sentry-core/src/main/java/org/apache/sentry/core/Action.java
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.core;
-
-public enum Action {
-
-  INSERT(AccessConstants.INSERT),
-  SELECT(AccessConstants.SELECT),
-  ALL(AccessConstants.ALL);
-
-  private final String value;
-  private Action(String value) {
-    this.value = value;
-  }
-
-  public String getValue() {
-    return value;
-  }
-}

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/ef54e132/sentry-core/src/main/java/org/apache/sentry/core/Authorizable.java
----------------------------------------------------------------------
diff --git a/sentry-core/src/main/java/org/apache/sentry/core/Authorizable.java b/sentry-core/src/main/java/org/apache/sentry/core/Authorizable.java
deleted file mode 100644
index 2849a9f..0000000
--- a/sentry-core/src/main/java/org/apache/sentry/core/Authorizable.java
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.sentry.core;
-
-public interface Authorizable {
-
-  public enum AuthorizableType {
-    Server,
-    Db,
-    Table,
-    View,
-    URI
-  };
-
-  public String getName();
-
-  public AuthorizableType getAuthzType();
-}


Mime
View raw message