sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From co...@apache.org
Subject sentry git commit: SENTRY-1221: Improve the SentryStore and thrift api for import/export with user scope(Colin Ma, reviewed by Dapeng Sun)
Date Wed, 04 May 2016 05:42:23 GMT
Repository: sentry
Updated Branches:
  refs/heads/master 793cb5d24 -> 0adf29344


SENTRY-1221: Improve the SentryStore and thrift api for import/export with user scope(Colin Ma, reviewed by Dapeng Sun)


Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/0adf2934
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/0adf2934
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/0adf2934

Branch: refs/heads/master
Commit: 0adf29344633d57654800174b01816ea85e3141c
Parents: 793cb5d
Author: Colin Ma <colin@apache.org>
Authored: Wed May 4 14:11:23 2016 +0800
Committer: Colin Ma <colin@apache.org>
Committed: Wed May 4 14:11:23 2016 +0800

----------------------------------------------------------------------
 .../db/service/thrift/TSentryMappingData.java   | 373 ++++++++++++++-----
 .../db/service/persistent/SentryStore.java      | 208 ++++++++---
 .../thrift/SentryPolicyStoreProcessor.java      |   7 +-
 .../main/resources/sentry_policy_service.thrift |   5 +-
 .../persistent/TestSentryStoreImportExport.java | 240 ++++++++----
 5 files changed, 628 insertions(+), 205 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sentry/blob/0adf2934/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryMappingData.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryMappingData.java b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryMappingData.java
index 9b70abd..c4137d6 100644
--- a/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryMappingData.java
+++ b/sentry-provider/sentry-provider-db/src/gen/thrift/gen-javabean/org/apache/sentry/provider/db/service/thrift/TSentryMappingData.java
@@ -36,6 +36,7 @@ public class TSentryMappingData implements org.apache.thrift.TBase<TSentryMappin
 
   private static final org.apache.thrift.protocol.TField GROUP_ROLES_MAP_FIELD_DESC = new org.apache.thrift.protocol.TField("groupRolesMap", org.apache.thrift.protocol.TType.MAP, (short)1);
   private static final org.apache.thrift.protocol.TField ROLE_PRIVILEGES_MAP_FIELD_DESC = new org.apache.thrift.protocol.TField("rolePrivilegesMap", org.apache.thrift.protocol.TType.MAP, (short)2);
+  private static final org.apache.thrift.protocol.TField USER_ROLES_MAP_FIELD_DESC = new org.apache.thrift.protocol.TField("userRolesMap", org.apache.thrift.protocol.TType.MAP, (short)3);
 
   private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
   static {
@@ -45,11 +46,13 @@ public class TSentryMappingData implements org.apache.thrift.TBase<TSentryMappin
 
   private Map<String,Set<String>> groupRolesMap; // optional
   private Map<String,Set<TSentryPrivilege>> rolePrivilegesMap; // optional
+  private Map<String,Set<String>> userRolesMap; // optional
 
   /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
   public enum _Fields implements org.apache.thrift.TFieldIdEnum {
     GROUP_ROLES_MAP((short)1, "groupRolesMap"),
-    ROLE_PRIVILEGES_MAP((short)2, "rolePrivilegesMap");
+    ROLE_PRIVILEGES_MAP((short)2, "rolePrivilegesMap"),
+    USER_ROLES_MAP((short)3, "userRolesMap");
 
     private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
 
@@ -68,6 +71,8 @@ public class TSentryMappingData implements org.apache.thrift.TBase<TSentryMappin
           return GROUP_ROLES_MAP;
         case 2: // ROLE_PRIVILEGES_MAP
           return ROLE_PRIVILEGES_MAP;
+        case 3: // USER_ROLES_MAP
+          return USER_ROLES_MAP;
         default:
           return null;
       }
@@ -108,20 +113,25 @@ public class TSentryMappingData implements org.apache.thrift.TBase<TSentryMappin
   }
 
   // isset id assignments
-  private _Fields optionals[] = {_Fields.GROUP_ROLES_MAP,_Fields.ROLE_PRIVILEGES_MAP};
+  private _Fields optionals[] = {_Fields.GROUP_ROLES_MAP,_Fields.ROLE_PRIVILEGES_MAP,_Fields.USER_ROLES_MAP};
   public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
   static {
     Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
-    tmpMap.put(_Fields.GROUP_ROLES_MAP, new org.apache.thrift.meta_data.FieldMetaData("groupRolesMap", org.apache.thrift.TFieldRequirementType.OPTIONAL, 
-        new org.apache.thrift.meta_data.MapMetaData(org.apache.thrift.protocol.TType.MAP, 
-            new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING), 
-            new org.apache.thrift.meta_data.SetMetaData(org.apache.thrift.protocol.TType.SET, 
+    tmpMap.put(_Fields.GROUP_ROLES_MAP, new org.apache.thrift.meta_data.FieldMetaData("groupRolesMap", org.apache.thrift.TFieldRequirementType.OPTIONAL,
+        new org.apache.thrift.meta_data.MapMetaData(org.apache.thrift.protocol.TType.MAP,
+            new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING),
+            new org.apache.thrift.meta_data.SetMetaData(org.apache.thrift.protocol.TType.SET,
                 new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)))));
-    tmpMap.put(_Fields.ROLE_PRIVILEGES_MAP, new org.apache.thrift.meta_data.FieldMetaData("rolePrivilegesMap", org.apache.thrift.TFieldRequirementType.OPTIONAL, 
-        new org.apache.thrift.meta_data.MapMetaData(org.apache.thrift.protocol.TType.MAP, 
-            new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING), 
-            new org.apache.thrift.meta_data.SetMetaData(org.apache.thrift.protocol.TType.SET, 
+    tmpMap.put(_Fields.ROLE_PRIVILEGES_MAP, new org.apache.thrift.meta_data.FieldMetaData("rolePrivilegesMap", org.apache.thrift.TFieldRequirementType.OPTIONAL,
+        new org.apache.thrift.meta_data.MapMetaData(org.apache.thrift.protocol.TType.MAP,
+            new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING),
+            new org.apache.thrift.meta_data.SetMetaData(org.apache.thrift.protocol.TType.SET,
                 new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, TSentryPrivilege.class)))));
+    tmpMap.put(_Fields.USER_ROLES_MAP, new org.apache.thrift.meta_data.FieldMetaData("userRolesMap", org.apache.thrift.TFieldRequirementType.OPTIONAL,
+        new org.apache.thrift.meta_data.MapMetaData(org.apache.thrift.protocol.TType.MAP,
+            new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING),
+            new org.apache.thrift.meta_data.SetMetaData(org.apache.thrift.protocol.TType.SET,
+                new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)))));
     metaDataMap = Collections.unmodifiableMap(tmpMap);
     org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(TSentryMappingData.class, metaDataMap);
   }
@@ -169,6 +179,24 @@ public class TSentryMappingData implements org.apache.thrift.TBase<TSentryMappin
       }
       this.rolePrivilegesMap = __this__rolePrivilegesMap;
     }
+    if (other.isSetUserRolesMap()) {
+      Map<String,Set<String>> __this__userRolesMap = new HashMap<String,Set<String>>();
+      for (Map.Entry<String, Set<String>> other_element : other.userRolesMap.entrySet()) {
+
+        String other_element_key = other_element.getKey();
+        Set<String> other_element_value = other_element.getValue();
+
+        String __this__userRolesMap_copy_key = other_element_key;
+
+        Set<String> __this__userRolesMap_copy_value = new HashSet<String>();
+        for (String other_element_value_element : other_element_value) {
+          __this__userRolesMap_copy_value.add(other_element_value_element);
+        }
+
+        __this__userRolesMap.put(__this__userRolesMap_copy_key, __this__userRolesMap_copy_value);
+      }
+      this.userRolesMap = __this__userRolesMap;
+    }
   }
 
   public TSentryMappingData deepCopy() {
@@ -179,6 +207,7 @@ public class TSentryMappingData implements org.apache.thrift.TBase<TSentryMappin
   public void clear() {
     this.groupRolesMap = null;
     this.rolePrivilegesMap = null;
+    this.userRolesMap = null;
   }
 
   public int getGroupRolesMapSize() {
@@ -249,34 +278,79 @@ public class TSentryMappingData implements org.apache.thrift.TBase<TSentryMappin
     }
   }
 
+  public int getUserRolesMapSize() {
+    return (this.userRolesMap == null) ? 0 : this.userRolesMap.size();
+  }
+
+  public void putToUserRolesMap(String key, Set<String> val) {
+    if (this.userRolesMap == null) {
+      this.userRolesMap = new HashMap<String,Set<String>>();
+    }
+    this.userRolesMap.put(key, val);
+  }
+
+  public Map<String,Set<String>> getUserRolesMap() {
+    return this.userRolesMap;
+  }
+
+  public void setUserRolesMap(Map<String,Set<String>> userRolesMap) {
+    this.userRolesMap = userRolesMap;
+  }
+
+  public void unsetUserRolesMap() {
+    this.userRolesMap = null;
+  }
+
+  /** Returns true if field userRolesMap is set (has been assigned a value) and false otherwise */
+  public boolean isSetUserRolesMap() {
+    return this.userRolesMap != null;
+  }
+
+  public void setUserRolesMapIsSet(boolean value) {
+    if (!value) {
+      this.userRolesMap = null;
+    }
+  }
+
   public void setFieldValue(_Fields field, Object value) {
     switch (field) {
-    case GROUP_ROLES_MAP:
-      if (value == null) {
-        unsetGroupRolesMap();
-      } else {
-        setGroupRolesMap((Map<String,Set<String>>)value);
-      }
-      break;
+      case GROUP_ROLES_MAP:
+        if (value == null) {
+          unsetGroupRolesMap();
+        } else {
+          setGroupRolesMap((Map<String,Set<String>>)value);
+        }
+        break;
 
-    case ROLE_PRIVILEGES_MAP:
-      if (value == null) {
-        unsetRolePrivilegesMap();
-      } else {
-        setRolePrivilegesMap((Map<String,Set<TSentryPrivilege>>)value);
-      }
-      break;
+      case ROLE_PRIVILEGES_MAP:
+        if (value == null) {
+          unsetRolePrivilegesMap();
+        } else {
+          setRolePrivilegesMap((Map<String,Set<TSentryPrivilege>>)value);
+        }
+        break;
+
+      case USER_ROLES_MAP:
+        if (value == null) {
+          unsetUserRolesMap();
+        } else {
+          setUserRolesMap((Map<String,Set<String>>)value);
+        }
+        break;
 
     }
   }
 
   public Object getFieldValue(_Fields field) {
     switch (field) {
-    case GROUP_ROLES_MAP:
-      return getGroupRolesMap();
+      case GROUP_ROLES_MAP:
+        return getGroupRolesMap();
 
-    case ROLE_PRIVILEGES_MAP:
-      return getRolePrivilegesMap();
+      case ROLE_PRIVILEGES_MAP:
+        return getRolePrivilegesMap();
+
+      case USER_ROLES_MAP:
+        return getUserRolesMap();
 
     }
     throw new IllegalStateException();
@@ -289,10 +363,12 @@ public class TSentryMappingData implements org.apache.thrift.TBase<TSentryMappin
     }
 
     switch (field) {
-    case GROUP_ROLES_MAP:
-      return isSetGroupRolesMap();
-    case ROLE_PRIVILEGES_MAP:
-      return isSetRolePrivilegesMap();
+      case GROUP_ROLES_MAP:
+        return isSetGroupRolesMap();
+      case ROLE_PRIVILEGES_MAP:
+        return isSetRolePrivilegesMap();
+      case USER_ROLES_MAP:
+        return isSetUserRolesMap();
     }
     throw new IllegalStateException();
   }
@@ -328,6 +404,15 @@ public class TSentryMappingData implements org.apache.thrift.TBase<TSentryMappin
         return false;
     }
 
+    boolean this_present_userRolesMap = true && this.isSetUserRolesMap();
+    boolean that_present_userRolesMap = true && that.isSetUserRolesMap();
+    if (this_present_userRolesMap || that_present_userRolesMap) {
+      if (!(this_present_userRolesMap && that_present_userRolesMap))
+        return false;
+      if (!this.userRolesMap.equals(that.userRolesMap))
+        return false;
+    }
+
     return true;
   }
 
@@ -345,6 +430,11 @@ public class TSentryMappingData implements org.apache.thrift.TBase<TSentryMappin
     if (present_rolePrivilegesMap)
       builder.append(rolePrivilegesMap);
 
+    boolean present_userRolesMap = true && (isSetUserRolesMap());
+    builder.append(present_userRolesMap);
+    if (present_userRolesMap)
+      builder.append(userRolesMap);
+
     return builder.toHashCode();
   }
 
@@ -376,6 +466,16 @@ public class TSentryMappingData implements org.apache.thrift.TBase<TSentryMappin
         return lastComparison;
       }
     }
+    lastComparison = Boolean.valueOf(isSetUserRolesMap()).compareTo(typedOther.isSetUserRolesMap());
+    if (lastComparison != 0) {
+      return lastComparison;
+    }
+    if (isSetUserRolesMap()) {
+      lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.userRolesMap, typedOther.userRolesMap);
+      if (lastComparison != 0) {
+        return lastComparison;
+      }
+    }
     return 0;
   }
 
@@ -415,6 +515,16 @@ public class TSentryMappingData implements org.apache.thrift.TBase<TSentryMappin
       }
       first = false;
     }
+    if (isSetUserRolesMap()) {
+      if (!first) sb.append(", ");
+      sb.append("userRolesMap:");
+      if (this.userRolesMap == null) {
+        sb.append("null");
+      } else {
+        sb.append(this.userRolesMap);
+      }
+      first = false;
+    }
     sb.append(")");
     return sb.toString();
   }
@@ -454,7 +564,7 @@ public class TSentryMappingData implements org.apache.thrift.TBase<TSentryMappin
       while (true)
       {
         schemeField = iprot.readFieldBegin();
-        if (schemeField.type == org.apache.thrift.protocol.TType.STOP) { 
+        if (schemeField.type == org.apache.thrift.protocol.TType.STOP) {
           break;
         }
         switch (schemeField.id) {
@@ -484,7 +594,7 @@ public class TSentryMappingData implements org.apache.thrift.TBase<TSentryMappin
                 iprot.readMapEnd();
               }
               struct.setGroupRolesMapIsSet(true);
-            } else { 
+            } else {
               org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
             }
             break;
@@ -515,7 +625,37 @@ public class TSentryMappingData implements org.apache.thrift.TBase<TSentryMappin
                 iprot.readMapEnd();
               }
               struct.setRolePrivilegesMapIsSet(true);
-            } else { 
+            } else {
+              org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+            }
+            break;
+          case 3: // USER_ROLES_MAP
+            if (schemeField.type == org.apache.thrift.protocol.TType.MAP) {
+              {
+                org.apache.thrift.protocol.TMap _map170 = iprot.readMapBegin();
+                struct.userRolesMap = new HashMap<String,Set<String>>(2*_map170.size);
+                for (int _i171 = 0; _i171 < _map170.size; ++_i171)
+                {
+                  String _key172; // required
+                  Set<String> _val173; // required
+                  _key172 = iprot.readString();
+                  {
+                    org.apache.thrift.protocol.TSet _set174 = iprot.readSetBegin();
+                    _val173 = new HashSet<String>(2*_set174.size);
+                    for (int _i175 = 0; _i175 < _set174.size; ++_i175)
+                    {
+                      String _elem176; // required
+                      _elem176 = iprot.readString();
+                      _val173.add(_elem176);
+                    }
+                    iprot.readSetEnd();
+                  }
+                  struct.userRolesMap.put(_key172, _val173);
+                }
+                iprot.readMapEnd();
+              }
+              struct.setUserRolesMapIsSet(true);
+            } else {
               org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
             }
             break;
@@ -537,14 +677,14 @@ public class TSentryMappingData implements org.apache.thrift.TBase<TSentryMappin
           oprot.writeFieldBegin(GROUP_ROLES_MAP_FIELD_DESC);
           {
             oprot.writeMapBegin(new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.SET, struct.groupRolesMap.size()));
-            for (Map.Entry<String, Set<String>> _iter170 : struct.groupRolesMap.entrySet())
+            for (Map.Entry<String, Set<String>> _iter177 : struct.groupRolesMap.entrySet())
             {
-              oprot.writeString(_iter170.getKey());
+              oprot.writeString(_iter177.getKey());
               {
-                oprot.writeSetBegin(new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRING, _iter170.getValue().size()));
-                for (String _iter171 : _iter170.getValue())
+                oprot.writeSetBegin(new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRING, _iter177.getValue().size()));
+                for (String _iter178 : _iter177.getValue())
                 {
-                  oprot.writeString(_iter171);
+                  oprot.writeString(_iter178);
                 }
                 oprot.writeSetEnd();
               }
@@ -559,14 +699,36 @@ public class TSentryMappingData implements org.apache.thrift.TBase<TSentryMappin
           oprot.writeFieldBegin(ROLE_PRIVILEGES_MAP_FIELD_DESC);
           {
             oprot.writeMapBegin(new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.SET, struct.rolePrivilegesMap.size()));
-            for (Map.Entry<String, Set<TSentryPrivilege>> _iter172 : struct.rolePrivilegesMap.entrySet())
+            for (Map.Entry<String, Set<TSentryPrivilege>> _iter179 : struct.rolePrivilegesMap.entrySet())
+            {
+              oprot.writeString(_iter179.getKey());
+              {
+                oprot.writeSetBegin(new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRUCT, _iter179.getValue().size()));
+                for (TSentryPrivilege _iter180 : _iter179.getValue())
+                {
+                  _iter180.write(oprot);
+                }
+                oprot.writeSetEnd();
+              }
+            }
+            oprot.writeMapEnd();
+          }
+          oprot.writeFieldEnd();
+        }
+      }
+      if (struct.userRolesMap != null) {
+        if (struct.isSetUserRolesMap()) {
+          oprot.writeFieldBegin(USER_ROLES_MAP_FIELD_DESC);
+          {
+            oprot.writeMapBegin(new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.SET, struct.userRolesMap.size()));
+            for (Map.Entry<String, Set<String>> _iter181 : struct.userRolesMap.entrySet())
             {
-              oprot.writeString(_iter172.getKey());
+              oprot.writeString(_iter181.getKey());
               {
-                oprot.writeSetBegin(new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRUCT, _iter172.getValue().size()));
-                for (TSentryPrivilege _iter173 : _iter172.getValue())
+                oprot.writeSetBegin(new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRING, _iter181.getValue().size()));
+                for (String _iter182 : _iter181.getValue())
                 {
-                  _iter173.write(oprot);
+                  oprot.writeString(_iter182);
                 }
                 oprot.writeSetEnd();
               }
@@ -600,18 +762,21 @@ public class TSentryMappingData implements org.apache.thrift.TBase<TSentryMappin
       if (struct.isSetRolePrivilegesMap()) {
         optionals.set(1);
       }
-      oprot.writeBitSet(optionals, 2);
+      if (struct.isSetUserRolesMap()) {
+        optionals.set(2);
+      }
+      oprot.writeBitSet(optionals, 3);
       if (struct.isSetGroupRolesMap()) {
         {
           oprot.writeI32(struct.groupRolesMap.size());
-          for (Map.Entry<String, Set<String>> _iter174 : struct.groupRolesMap.entrySet())
+          for (Map.Entry<String, Set<String>> _iter183 : struct.groupRolesMap.entrySet())
           {
-            oprot.writeString(_iter174.getKey());
+            oprot.writeString(_iter183.getKey());
             {
-              oprot.writeI32(_iter174.getValue().size());
-              for (String _iter175 : _iter174.getValue())
+              oprot.writeI32(_iter183.getValue().size());
+              for (String _iter184 : _iter183.getValue())
               {
-                oprot.writeString(_iter175);
+                oprot.writeString(_iter184);
               }
             }
           }
@@ -620,14 +785,30 @@ public class TSentryMappingData implements org.apache.thrift.TBase<TSentryMappin
       if (struct.isSetRolePrivilegesMap()) {
         {
           oprot.writeI32(struct.rolePrivilegesMap.size());
-          for (Map.Entry<String, Set<TSentryPrivilege>> _iter176 : struct.rolePrivilegesMap.entrySet())
+          for (Map.Entry<String, Set<TSentryPrivilege>> _iter185 : struct.rolePrivilegesMap.entrySet())
           {
-            oprot.writeString(_iter176.getKey());
+            oprot.writeString(_iter185.getKey());
             {
-              oprot.writeI32(_iter176.getValue().size());
-              for (TSentryPrivilege _iter177 : _iter176.getValue())
+              oprot.writeI32(_iter185.getValue().size());
+              for (TSentryPrivilege _iter186 : _iter185.getValue())
               {
-                _iter177.write(oprot);
+                _iter186.write(oprot);
+              }
+            }
+          }
+        }
+      }
+      if (struct.isSetUserRolesMap()) {
+        {
+          oprot.writeI32(struct.userRolesMap.size());
+          for (Map.Entry<String, Set<String>> _iter187 : struct.userRolesMap.entrySet())
+          {
+            oprot.writeString(_iter187.getKey());
+            {
+              oprot.writeI32(_iter187.getValue().size());
+              for (String _iter188 : _iter187.getValue())
+              {
+                oprot.writeString(_iter188);
               }
             }
           }
@@ -638,56 +819,80 @@ public class TSentryMappingData implements org.apache.thrift.TBase<TSentryMappin
     @Override
     public void read(org.apache.thrift.protocol.TProtocol prot, TSentryMappingData struct) throws org.apache.thrift.TException {
       TTupleProtocol iprot = (TTupleProtocol) prot;
-      BitSet incoming = iprot.readBitSet(2);
+      BitSet incoming = iprot.readBitSet(3);
       if (incoming.get(0)) {
         {
-          org.apache.thrift.protocol.TMap _map178 = new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.SET, iprot.readI32());
-          struct.groupRolesMap = new HashMap<String,Set<String>>(2*_map178.size);
-          for (int _i179 = 0; _i179 < _map178.size; ++_i179)
+          org.apache.thrift.protocol.TMap _map189 = new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.SET, iprot.readI32());
+          struct.groupRolesMap = new HashMap<String,Set<String>>(2*_map189.size);
+          for (int _i190 = 0; _i190 < _map189.size; ++_i190)
           {
-            String _key180; // required
-            Set<String> _val181; // required
-            _key180 = iprot.readString();
+            String _key191; // required
+            Set<String> _val192; // required
+            _key191 = iprot.readString();
             {
-              org.apache.thrift.protocol.TSet _set182 = new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRING, iprot.readI32());
-              _val181 = new HashSet<String>(2*_set182.size);
-              for (int _i183 = 0; _i183 < _set182.size; ++_i183)
+              org.apache.thrift.protocol.TSet _set193 = new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRING, iprot.readI32());
+              _val192 = new HashSet<String>(2*_set193.size);
+              for (int _i194 = 0; _i194 < _set193.size; ++_i194)
               {
-                String _elem184; // required
-                _elem184 = iprot.readString();
-                _val181.add(_elem184);
+                String _elem195; // required
+                _elem195 = iprot.readString();
+                _val192.add(_elem195);
               }
             }
-            struct.groupRolesMap.put(_key180, _val181);
+            struct.groupRolesMap.put(_key191, _val192);
           }
         }
         struct.setGroupRolesMapIsSet(true);
       }
       if (incoming.get(1)) {
         {
-          org.apache.thrift.protocol.TMap _map185 = new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.SET, iprot.readI32());
-          struct.rolePrivilegesMap = new HashMap<String,Set<TSentryPrivilege>>(2*_map185.size);
-          for (int _i186 = 0; _i186 < _map185.size; ++_i186)
+          org.apache.thrift.protocol.TMap _map196 = new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.SET, iprot.readI32());
+          struct.rolePrivilegesMap = new HashMap<String,Set<TSentryPrivilege>>(2*_map196.size);
+          for (int _i197 = 0; _i197 < _map196.size; ++_i197)
           {
-            String _key187; // required
-            Set<TSentryPrivilege> _val188; // required
-            _key187 = iprot.readString();
+            String _key198; // required
+            Set<TSentryPrivilege> _val199; // required
+            _key198 = iprot.readString();
             {
-              org.apache.thrift.protocol.TSet _set189 = new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRUCT, iprot.readI32());
-              _val188 = new HashSet<TSentryPrivilege>(2*_set189.size);
-              for (int _i190 = 0; _i190 < _set189.size; ++_i190)
+              org.apache.thrift.protocol.TSet _set200 = new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRUCT, iprot.readI32());
+              _val199 = new HashSet<TSentryPrivilege>(2*_set200.size);
+              for (int _i201 = 0; _i201 < _set200.size; ++_i201)
               {
-                TSentryPrivilege _elem191; // required
-                _elem191 = new TSentryPrivilege();
-                _elem191.read(iprot);
-                _val188.add(_elem191);
+                TSentryPrivilege _elem202; // required
+                _elem202 = new TSentryPrivilege();
+                _elem202.read(iprot);
+                _val199.add(_elem202);
               }
             }
-            struct.rolePrivilegesMap.put(_key187, _val188);
+            struct.rolePrivilegesMap.put(_key198, _val199);
           }
         }
         struct.setRolePrivilegesMapIsSet(true);
       }
+      if (incoming.get(2)) {
+        {
+          org.apache.thrift.protocol.TMap _map203 = new org.apache.thrift.protocol.TMap(org.apache.thrift.protocol.TType.STRING, org.apache.thrift.protocol.TType.SET, iprot.readI32());
+          struct.userRolesMap = new HashMap<String,Set<String>>(2*_map203.size);
+          for (int _i204 = 0; _i204 < _map203.size; ++_i204)
+          {
+            String _key205; // required
+            Set<String> _val206; // required
+            _key205 = iprot.readString();
+            {
+              org.apache.thrift.protocol.TSet _set207 = new org.apache.thrift.protocol.TSet(org.apache.thrift.protocol.TType.STRING, iprot.readI32());
+              _val206 = new HashSet<String>(2*_set207.size);
+              for (int _i208 = 0; _i208 < _set207.size; ++_i208)
+              {
+                String _elem209; // required
+                _elem209 = iprot.readString();
+                _val206.add(_elem209);
+              }
+            }
+            struct.userRolesMap.put(_key205, _val206);
+          }
+        }
+        struct.setUserRolesMapIsSet(true);
+      }
     }
   }
 

http://git-wip-us.apache.org/repos/asf/sentry/blob/0adf2934/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
index f680bc7..ae8b974 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
@@ -99,6 +99,8 @@ public class SentryStore {
           .getLogger(SentryStore.class);
 
   public static String NULL_COL = "__NULL__";
+  public static int INDEX_GROUP_ROLES_MAP = 0;
+  public static int INDEX_USER_ROLES_MAP = 1;
   static final String DEFAULT_DATA_DIR = "sentry_policy_db";
 
   private static final Set<String> ALL_ACTIONS = Sets.newHashSet(AccessConstants.ALL,
@@ -309,7 +311,6 @@ public class SentryStore {
    */
   public CommitContext createSentryRole(String roleName)
       throws SentryAlreadyExistsException {
-    roleName = trimAndLower(roleName);
     boolean rollbackTransaction = true;
     PersistenceManager pm = null;
     try {
@@ -327,6 +328,7 @@ public class SentryStore {
 
   private void createSentryRoleCore(PersistenceManager pm, String roleName)
       throws SentryAlreadyExistsException {
+    roleName = trimAndLower(roleName);
     MSentryRole mSentryRole = getMSentryRole(pm, roleName);
     if (mSentryRole == null) {
       MSentryRole mRole = new MSentryRole(roleName, System.currentTimeMillis());
@@ -877,32 +879,12 @@ public class SentryStore {
       Set<String> userNames) throws SentryNoSuchObjectException {
     boolean rollbackTransaction = true;
     PersistenceManager pm = null;
-    roleName = roleName.trim().toLowerCase();
     try {
       pm = openTransaction();
-      MSentryRole role = getMSentryRole(pm, roleName);
-      if (role == null) {
-        throw new SentryNoSuchObjectException("Role: " + roleName);
-      } else {
-        Query query = pm.newQuery(MSentryUser.class);
-        query.setFilter("this.userName == t");
-        query.declareParameters("java.lang.String t");
-        query.setUnique(true);
-        List<MSentryUser> users = Lists.newArrayList();
-        for (String userName : userNames) {
-          userName = userName.trim();
-          MSentryUser user = (MSentryUser) query.execute(userName);
-          if (user == null) {
-            user = new MSentryUser(userName, System.currentTimeMillis(), Sets.newHashSet(role));
-          }
-          user.appendRole(role);
-          users.add(user);
-        }
-        pm.makePersistentAll(users);
-        CommitContext commit = commitUpdateTransaction(pm);
-        rollbackTransaction = false;
-        return commit;
-      }
+      alterSentryRoleAddUsersCore(pm, roleName, userNames);
+      CommitContext commit = commitUpdateTransaction(pm);
+      rollbackTransaction = false;
+      return commit;
     } finally {
       if (rollbackTransaction) {
         rollbackTransaction(pm);
@@ -910,6 +892,31 @@ public class SentryStore {
     }
   }
 
+  private void alterSentryRoleAddUsersCore(PersistenceManager pm, String roleName,
+      Set<String> userNames) throws SentryNoSuchObjectException {
+    roleName = roleName.trim().toLowerCase();
+    MSentryRole role = getMSentryRole(pm, roleName);
+    if (role == null) {
+      throw new SentryNoSuchObjectException("Role: " + roleName);
+    } else {
+      Query query = pm.newQuery(MSentryUser.class);
+      query.setFilter("this.userName == t");
+      query.declareParameters("java.lang.String t");
+      query.setUnique(true);
+      List<MSentryUser> users = Lists.newArrayList();
+      for (String userName : userNames) {
+        userName = userName.trim();
+        MSentryUser user = (MSentryUser) query.execute(userName);
+        if (user == null) {
+          user = new MSentryUser(userName, System.currentTimeMillis(), Sets.newHashSet(role));
+        }
+        user.appendRole(role);
+        users.add(user);
+      }
+      pm.makePersistentAll(users);
+    }
+  }
+
   public CommitContext alterSentryRoleDeleteUsers(String roleName, Set<String> userNames)
       throws SentryNoSuchObjectException {
     boolean rollbackTransaction = true;
@@ -2172,13 +2179,8 @@ public class SentryStore {
     }
   }
 
-  // get mapping data for [group,role]
-  public Map<String, Set<String>> getGroupNameRoleNamesMap() {
-    return getGroupNameRoleNamesMap(null);
-  }
-
-  // get mapping data for [group,role] with the specific roles
-  public Map<String, Set<String>> getGroupNameRoleNamesMap(Set<String> roleNames) {
+  // get mapping datas for [group,role], [user,role] with the specific roles
+  public List<Map<String, Set<String>>> getGroupUserRoleMapList(Set<String> roleNames) {
     boolean rollbackTransaction = true;
     PersistenceManager pm = null;
     try {
@@ -2197,9 +2199,13 @@ public class SentryStore {
 
       List<MSentryRole> mSentryRoles = (List<MSentryRole>) query.execute();
       Map<String, Set<String>> groupRolesMap = getGroupRolesMap(mSentryRoles);
+      Map<String, Set<String>> userRolesMap = getUserRolesMap(mSentryRoles);
+      List<Map<String, Set<String>>> mapsList = new ArrayList<>();
+      mapsList.add(INDEX_GROUP_ROLES_MAP, groupRolesMap);
+      mapsList.add(INDEX_USER_ROLES_MAP, userRolesMap);
       commitTransaction(pm);
       rollbackTransaction = false;
-      return groupRolesMap;
+      return mapsList;
     } finally {
       if (rollbackTransaction) {
         rollbackTransaction(pm);
@@ -2228,6 +2234,27 @@ public class SentryStore {
     return groupRolesMap;
   }
 
+  private Map<String, Set<String>> getUserRolesMap(List<MSentryRole> mSentryRoles) {
+    Map<String, Set<String>> userRolesMap = Maps.newHashMap();
+    if (mSentryRoles == null) {
+      return userRolesMap;
+    }
+    // change the List<MSentryRole> -> Map<userName, Set<roleName>>
+    for (MSentryRole mSentryRole : mSentryRoles) {
+      Set<MSentryUser> users = mSentryRole.getUsers();
+      for (MSentryUser user : users) {
+        String userName = user.getUserName();
+        Set<String> rNames = userRolesMap.get(userName);
+        if (rNames == null) {
+          rNames = new HashSet<String>();
+        }
+        rNames.add(mSentryRole.getRoleName());
+        userRolesMap.put(userName, rNames);
+      }
+    }
+    return userRolesMap;
+  }
+
   // get all mapping data for [role,privilege]
   public Map<String, Set<TSentryPrivilege>> getRoleNameTPrivilegesMap() throws Exception {
     return getRoleNameTPrivilegesMap(null, null);
@@ -2330,7 +2357,7 @@ public class SentryStore {
     List<MSentryGroup> mSentryGroups = (List<MSentryGroup>) query.execute();
     Map<String, MSentryGroup> existGroupsMap = Maps.newHashMap();
     if (mSentryGroups != null) {
-      // change the List<MSentryGroup> -> Map<roleName, Set<MSentryGroup>>
+      // change the List<MSentryGroup> -> Map<groupName, MSentryGroup>
       for (MSentryGroup mSentryGroup : mSentryGroups) {
         existGroupsMap.put(mSentryGroup.getGroupName(), mSentryGroup);
       }
@@ -2338,6 +2365,20 @@ public class SentryStore {
     return existGroupsMap;
   }
 
+  // get the all exist users
+  private Map<String, MSentryUser> getUserNameToUserMap(PersistenceManager pm) {
+    Query query = pm.newQuery(MSentryUser.class);
+    List<MSentryUser> users = (List<MSentryUser>) query.execute();
+    Map<String, MSentryUser> existUsersMap = Maps.newHashMap();
+    if (users != null) {
+      // change the List<MSentryUser> -> Map<userName, MSentryUser>
+      for (MSentryUser user : users) {
+        existUsersMap.put(user.getUserName(), user);
+      }
+    }
+    return existUsersMap;
+  }
+
   // get the all exist privileges
   private List<MSentryPrivilege> getPrivilegesList(PersistenceManager pm) {
     Query query = pm.newQuery(MSentryPrivilege.class);
@@ -2376,7 +2417,7 @@ public class SentryStore {
   }
 
   @VisibleForTesting
-  protected Map<String, MSentryGroup> getGroupNameTGroupMap() {
+  protected Map<String, MSentryGroup> getGroupNameToGroupMap() {
     boolean rollbackTransaction = true;
     PersistenceManager pm = null;
     try {
@@ -2393,6 +2434,23 @@ public class SentryStore {
   }
 
   @VisibleForTesting
+  protected Map<String, MSentryUser> getUserNameToUserMap() {
+    boolean rollbackTransaction = true;
+    PersistenceManager pm = null;
+    try {
+      pm = openTransaction();
+      Map<String, MSentryUser> resultMap = getUserNameToUserMap(pm);
+      commitTransaction(pm);
+      rollbackTransaction = false;
+      return resultMap;
+    } finally {
+      if (rollbackTransaction) {
+        rollbackTransaction(pm);
+      }
+    }
+  }
+
+  @VisibleForTesting
   protected List<MSentryPrivilege> getPrivilegesList() {
     boolean rollbackTransaction = true;
     PersistenceManager pm = null;
@@ -2411,22 +2469,29 @@ public class SentryStore {
 
   /**
    * Import the sentry mapping data.
-   * 
+   *
    * @param tSentryMappingData
    *        Include 2 maps to save the mapping data, the following is the example of the data
    *        structure:
    *        for the following mapping data:
+   *        user1=role1,role2
+   *        user2=role2,role3
    *        group1=role1,role2
    *        group2=role2,role3
    *        role1=server=server1->db=db1
    *        role2=server=server1->db=db1->table=tbl1,server=server1->db=db1->table=tbl2
    *        role3=server=server1->url=hdfs://localhost/path
-   * 
+   *
    *        The GroupRolesMap in TSentryMappingData will be saved as:
    *        {
    *        TSentryGroup(group1)={role1, role2},
    *        TSentryGroup(group2)={role2, role3}
    *        }
+   *        The UserRolesMap in TSentryMappingData will be saved as:
+   *        {
+   *        TSentryUser(user1)={role1, role2},
+   *        TSentryGroup(user2)={role2, role3}
+   *        }
    *        The RolePrivilegesMap in TSentryMappingData will be saved as:
    *        {
    *        role1={TSentryPrivilege(server=server1->db=db1)},
@@ -2450,6 +2515,8 @@ public class SentryStore {
       //
       Map<String, Set<TSentryGroup>> importedRoleGroupsMap = covertToRoleNameTGroupsMap(mappingData
           .getGroupRolesMap());
+      Map<String, Set<String>> importedRoleUsersMap = covertToRoleUsersMap(mappingData
+          .getUserRolesMap());
       Set<String> importedRoleNames = importedRoleGroupsMap.keySet();
       // if import with overwrite role, drop the duplicated roles in current DB first.
       if (isOverwriteForRole) {
@@ -2459,9 +2526,11 @@ public class SentryStore {
       }
 
       // import the mapping data for [role,privilege], the existRoleNames will be updated
-      importSentryRolePrivilegeMapping(pm, existRoleNames, mappingData.getRolePrivilegesMap());
-
-      importSentryGroupRoleMapping(pm, existRoleNames, importedRoleGroupsMap);
+      importRolePrivilegeMapping(pm, existRoleNames, mappingData.getRolePrivilegesMap());
+      // import the mapping data for [role,group], the existRoleNames will be updated
+      importRoleGroupMapping(pm, existRoleNames, importedRoleGroupsMap);
+      // import the mapping data for [role,user], the existRoleNames will be updated
+      importRoleUserMapping(pm, existRoleNames, importedRoleUsersMap);
 
       commitTransaction(pm);
       rollbackTransaction = false;
@@ -2494,19 +2563,50 @@ public class SentryStore {
     return roleGroupsMap;
   }
 
-  private void importSentryGroupRoleMapping(PersistenceManager pm, Set<String> existRoleNames,
+  // covert the Map[user->roles] to Map[role->users]
+  private Map<String, Set<String>> covertToRoleUsersMap(
+      Map<String, Set<String>> userRolesMap) {
+    Map<String, Set<String>> roleUsersMap = Maps.newHashMap();
+    if (userRolesMap != null) {
+      for (Map.Entry<String, Set<String>> entry : userRolesMap.entrySet()) {
+        Set<String> roleNames = entry.getValue();
+        if (roleNames != null) {
+          for (String roleName : roleNames) {
+            Set<String> users = roleUsersMap.get(roleName);
+            if (users == null) {
+              users = Sets.newHashSet();
+            }
+            users.add(entry.getKey());
+            roleUsersMap.put(roleName, users);
+          }
+        }
+      }
+    }
+    return roleUsersMap;
+  }
+
+  private void importRoleGroupMapping(PersistenceManager pm, Set<String> existRoleNames,
       Map<String, Set<TSentryGroup>> importedRoleGroupsMap) throws Exception {
     if (importedRoleGroupsMap == null || importedRoleGroupsMap.keySet() == null) {
       return;
     }
     for (Map.Entry<String, Set<TSentryGroup>> entry : importedRoleGroupsMap.entrySet()) {
-      if (!existRoleNames.contains(entry.getKey())) {
-        createSentryRoleCore(pm, entry.getKey());
-      }
+      createRoleIfNotExist(pm, existRoleNames, entry.getKey());
       alterSentryRoleAddGroupsCore(pm, entry.getKey(), entry.getValue());
     }
   }
 
+  private void importRoleUserMapping(PersistenceManager pm, Set<String> existRoleNames,
+      Map<String, Set<String>> importedRoleUsersMap) throws Exception {
+    if (importedRoleUsersMap == null || importedRoleUsersMap.keySet() == null) {
+      return;
+    }
+    for (Map.Entry<String, Set<String>> entry : importedRoleUsersMap.entrySet()) {
+      createRoleIfNotExist(pm, existRoleNames, entry.getKey());
+      alterSentryRoleAddUsersCore(pm, entry.getKey(), entry.getValue());
+    }
+  }
+
   // drop all duplicated with the imported role
   private void dropDuplicatedRoleForImport(PersistenceManager pm, Set<String> existRoleNames,
       Set<String> importedRoleNames) throws Exception {
@@ -2547,15 +2647,12 @@ public class SentryStore {
   }
 
   // import the mapping data for [role,privilege]
-  private void importSentryRolePrivilegeMapping(PersistenceManager pm, Set<String> existRoleNames,
+  private void importRolePrivilegeMapping(PersistenceManager pm, Set<String> existRoleNames,
       Map<String, Set<TSentryPrivilege>> sentryRolePrivilegesMap) throws Exception {
     if (sentryRolePrivilegesMap != null) {
       for (Map.Entry<String, Set<TSentryPrivilege>> entry : sentryRolePrivilegesMap.entrySet()) {
-        // if the rolenName doesn't exist, create it.
-        if (!existRoleNames.contains(entry.getKey())) {
-          createSentryRoleCore(pm, entry.getKey());
-          existRoleNames.add(entry.getKey());
-        }
+        // if the rolenName doesn't exist, create it and add it to existRoleNames
+        createRoleIfNotExist(pm, existRoleNames, entry.getKey());
         // get the privileges for the role
         Set<TSentryPrivilege> tSentryPrivileges = entry.getValue();
         for (TSentryPrivilege tSentryPrivilege : tSentryPrivileges) {
@@ -2564,4 +2661,15 @@ public class SentryStore {
       }
     }
   }
+
+  private void createRoleIfNotExist(PersistenceManager pm,
+      Set<String> existRoleNames, String roleName) throws Exception {
+    String lowerRoleName = trimAndLower(roleName);
+    // if the rolenName doesn't exist, create it.
+    if (!existRoleNames.contains(lowerRoleName)) {
+      createSentryRoleCore(pm, lowerRoleName);
+      // update the exist role name set
+      existRoleNames.add(lowerRoleName);
+    }
+  }
 }

http://git-wip-us.apache.org/repos/asf/sentry/blob/0adf2934/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
index a922d3b..79ac24b 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java
@@ -1068,8 +1068,11 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface {
       if (databaseName == null && tableName == null) {
         roleNames = null;
       }
-      tSentryMappingData.setGroupRolesMap(
-          sentryStore.getGroupNameRoleNamesMap(roleNames));
+      List<Map<String, Set<String>>> mapList = sentryStore.getGroupUserRoleMapList(
+          roleNames);
+      tSentryMappingData.setGroupRolesMap(mapList.get(
+          SentryStore.INDEX_GROUP_ROLES_MAP));
+      tSentryMappingData.setUserRolesMap(mapList.get(SentryStore.INDEX_USER_ROLES_MAP));
 
       response.setMappingData(tSentryMappingData);
       response.setStatus(Status.OK());

http://git-wip-us.apache.org/repos/asf/sentry/blob/0adf2934/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift b/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift
index 2088eae..82cd947 100644
--- a/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift
+++ b/sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift
@@ -265,8 +265,9 @@ struct TSentryConfigValueResponse {
 
 # struct for the mapping data like group to role, role to privilege
 struct TSentryMappingData {
-1: optional map<string, set<string>> groupRolesMap,          	   # for the groupName -> role mapping
-2: optional map<string, set<TSentryPrivilege>>  rolePrivilegesMap  # for the roleName -> privilege mapping
+1: optional map<string, set<string>> groupRolesMap,                # for the groupName -> role mapping
+2: optional map<string, set<TSentryPrivilege>>  rolePrivilegesMap, # for the roleName -> privilege mapping
+3: optional map<string, set<string>> userRolesMap                  # for the userName -> role mapping
 }
 
 struct TSentryExportMappingDataRequest {

http://git-wip-us.apache.org/repos/asf/sentry/blob/0adf2934/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreImportExport.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreImportExport.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreImportExport.java
index 8dadc2a..3ff97df 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreImportExport.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStoreImportExport.java
@@ -32,6 +32,7 @@ import org.apache.sentry.core.model.db.AccessConstants;
 import org.apache.sentry.provider.db.service.model.MSentryGroup;
 import org.apache.sentry.provider.db.service.model.MSentryPrivilege;
 import org.apache.sentry.provider.db.service.model.MSentryRole;
+import org.apache.sentry.provider.db.service.model.MSentryUser;
 import org.apache.sentry.provider.db.service.thrift.TSentryGrantOption;
 import org.apache.sentry.provider.db.service.thrift.TSentryMappingData;
 import org.apache.sentry.provider.db.service.thrift.TSentryPrivilege;
@@ -176,7 +177,7 @@ public class TestSentryStoreImportExport {
     sentryStore.importSentryMetaData(tSentryMappingData, false);
 
     Map<String, MSentryRole> rolesMap = sentryStore.getRolesMap();
-    Map<String, MSentryGroup> groupsMap = sentryStore.getGroupNameTGroupMap();
+    Map<String, MSentryGroup> groupsMap = sentryStore.getGroupNameToGroupMap();
     List<MSentryPrivilege> privilegesList = sentryStore.getPrivilegesList();
 
     // test the result data for the role
@@ -191,12 +192,14 @@ public class TestSentryStoreImportExport {
         tSentryPrivilege7, tSentryPrivilege8));
 
     // test the mapping data for group and role
-    Map<String, Set<String>> actualGroupRolesMap = sentryStore.getGroupNameRoleNamesMap();
+    List<Map<String, Set<String>>> mapList = sentryStore.getGroupUserRoleMapList(null);
+    Map<String, Set<String>> actualGroupRolesMap = mapList.get(
+        SentryStore.INDEX_GROUP_ROLES_MAP);
     Map<String, Set<String>> exceptedGroupRolesMap = Maps.newHashMap();
     exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1", "role2", "role3"));
     exceptedGroupRolesMap.put("group2", Sets.newHashSet("role1", "role2", "role3"));
     exceptedGroupRolesMap.put("group3", Sets.newHashSet("role1", "role2", "role3"));
-    verifyGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap);
+    verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap);
 
     // test the mapping data for role and privilege
     Map<String, Set<TSentryPrivilege>> actualRolePrivilegesMap = sentryStore
@@ -234,7 +237,7 @@ public class TestSentryStoreImportExport {
     sentryGroupRolesMap1.put("group1", Sets.newHashSet("role1"));
     sentryRolePrivilegesMap1
         .put("role1", Sets.newHashSet(tSentryPrivilege1, tSentryPrivilege2, tSentryPrivilege3,
-            tSentryPrivilege4));
+        tSentryPrivilege4));
     tSentryMappingData1.setGroupRolesMap(sentryGroupRolesMap1);
     tSentryMappingData1.setRolePrivilegesMap(sentryRolePrivilegesMap1);
     sentryStore.importSentryMetaData(tSentryMappingData1, false);
@@ -246,16 +249,16 @@ public class TestSentryStoreImportExport {
     sentryGroupRolesMap2.put("group3", Sets.newHashSet("role2", "role3"));
     sentryRolePrivilegesMap2
         .put("role2", Sets.newHashSet(tSentryPrivilege5, tSentryPrivilege6, tSentryPrivilege7,
-            tSentryPrivilege8));
+        tSentryPrivilege8));
     sentryRolePrivilegesMap2
         .put("role3", Sets.newHashSet(tSentryPrivilege5, tSentryPrivilege6, tSentryPrivilege7,
-            tSentryPrivilege8));
+        tSentryPrivilege8));
     tSentryMappingData2.setGroupRolesMap(sentryGroupRolesMap2);
     tSentryMappingData2.setRolePrivilegesMap(sentryRolePrivilegesMap2);
     sentryStore.importSentryMetaData(tSentryMappingData2, false);
 
     Map<String, MSentryRole> rolesMap = sentryStore.getRolesMap();
-    Map<String, MSentryGroup> groupsMap = sentryStore.getGroupNameTGroupMap();
+    Map<String, MSentryGroup> groupsMap = sentryStore.getGroupNameToGroupMap();
     List<MSentryPrivilege> privilegesList = sentryStore.getPrivilegesList();
 
     // test the result data for the role
@@ -270,12 +273,14 @@ public class TestSentryStoreImportExport {
         tSentryPrivilege7, tSentryPrivilege8));
 
     // test the mapping data for group and role
-    Map<String, Set<String>> actualGroupRolesMap = sentryStore.getGroupNameRoleNamesMap();
+    List<Map<String, Set<String>>> mapList = sentryStore.getGroupUserRoleMapList(null);
+    Map<String, Set<String>> actualGroupRolesMap = mapList.get(
+        SentryStore.INDEX_GROUP_ROLES_MAP);
     Map<String, Set<String>> exceptedGroupRolesMap = Maps.newHashMap();
     exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1"));
     exceptedGroupRolesMap.put("group2", Sets.newHashSet("role2", "role3"));
     exceptedGroupRolesMap.put("group3", Sets.newHashSet("role2", "role3"));
-    verifyGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap);
+    verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap);
 
     // test the mapping data for role and privilege
     Map<String, Set<TSentryPrivilege>> actualRolePrivilegesMap = sentryStore
@@ -339,7 +344,7 @@ public class TestSentryStoreImportExport {
     sentryStore.importSentryMetaData(tSentryMappingData2, false);
 
     Map<String, MSentryRole> rolesMap = sentryStore.getRolesMap();
-    Map<String, MSentryGroup> groupsMap = sentryStore.getGroupNameTGroupMap();
+    Map<String, MSentryGroup> groupsMap = sentryStore.getGroupNameToGroupMap();
     List<MSentryPrivilege> privilegesList = sentryStore.getPrivilegesList();
 
     // test the result data for the role
@@ -354,12 +359,14 @@ public class TestSentryStoreImportExport {
         tSentryPrivilege7, tSentryPrivilege8));
 
     // test the mapping data for group and role
-    Map<String, Set<String>> actualGroupRolesMap = sentryStore.getGroupNameRoleNamesMap();
+    List<Map<String, Set<String>>> mapList = sentryStore.getGroupUserRoleMapList(null);
+    Map<String, Set<String>> actualGroupRolesMap = mapList.get(
+        SentryStore.INDEX_GROUP_ROLES_MAP);
     Map<String, Set<String>> exceptedGroupRolesMap = Maps.newHashMap();
     exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1", "role2", "role3"));
     exceptedGroupRolesMap.put("group2", Sets.newHashSet("role1", "role2", "role3"));
     exceptedGroupRolesMap.put("group3", Sets.newHashSet("role1", "role2", "role3"));
-    verifyGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap);
+    verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap);
 
     // test the mapping data for role and privilege
     Map<String, Set<TSentryPrivilege>> actualRolePrivilegesMap = sentryStore
@@ -408,7 +415,7 @@ public class TestSentryStoreImportExport {
     sentryStore.importSentryMetaData(tSentryMappingData2, false);
 
     Map<String, MSentryRole> rolesMap = sentryStore.getRolesMap();
-    Map<String, MSentryGroup> groupsMap = sentryStore.getGroupNameTGroupMap();
+    Map<String, MSentryGroup> groupsMap = sentryStore.getGroupNameToGroupMap();
     List<MSentryPrivilege> privilegesList = sentryStore.getPrivilegesList();
 
     // test the result data for the role
@@ -423,11 +430,13 @@ public class TestSentryStoreImportExport {
         tSentryPrivilege7, tSentryPrivilege8));
 
     // test the mapping data for group and role
-    Map<String, Set<String>> actualGroupRolesMap = sentryStore.getGroupNameRoleNamesMap();
+    List<Map<String, Set<String>>> mapList = sentryStore.getGroupUserRoleMapList(null);
+    Map<String, Set<String>> actualGroupRolesMap = mapList.get(
+        SentryStore.INDEX_GROUP_ROLES_MAP);
     Map<String, Set<String>> exceptedGroupRolesMap = Maps.newHashMap();
     exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1", "role2"));
     exceptedGroupRolesMap.put("group2", Sets.newHashSet("role2"));
-    verifyGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap);
+    verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap);
 
     // test the mapping data for role and privilege
     Map<String, Set<TSentryPrivilege>> actualRolePrivilegesMap = sentryStore
@@ -436,7 +445,7 @@ public class TestSentryStoreImportExport {
     exceptedRolePrivilegesMap.put("role1", Sets.newHashSet(tSentryPrivilege1, tSentryPrivilege2));
     exceptedRolePrivilegesMap
         .put("role2", Sets.newHashSet(tSentryPrivilege3, tSentryPrivilege4, tSentryPrivilege5,
-            tSentryPrivilege6));
+        tSentryPrivilege6));
     exceptedRolePrivilegesMap.put("role3", Sets.newHashSet(tSentryPrivilege7, tSentryPrivilege8));
     verifyRolePrivilegesMap(actualRolePrivilegesMap, exceptedRolePrivilegesMap);
   }
@@ -454,7 +463,7 @@ public class TestSentryStoreImportExport {
     sentryStore.importSentryMetaData(tSentryMappingData1, false);
 
     Map<String, MSentryRole> rolesMap = sentryStore.getRolesMap();
-    Map<String, MSentryGroup> groupsMap = sentryStore.getGroupNameTGroupMap();
+    Map<String, MSentryGroup> groupsMap = sentryStore.getGroupNameToGroupMap();
     List<MSentryPrivilege> privilegesList = sentryStore.getPrivilegesList();
 
     // test the result data for the role
@@ -467,10 +476,12 @@ public class TestSentryStoreImportExport {
     assertTrue(privilegesList.isEmpty());
 
     // test the mapping data for group and role
-    Map<String, Set<String>> actualGroupRolesMap = sentryStore.getGroupNameRoleNamesMap();
+    List<Map<String, Set<String>>> mapList = sentryStore.getGroupUserRoleMapList(null);
+    Map<String, Set<String>> actualGroupRolesMap = mapList.get(
+        SentryStore.INDEX_GROUP_ROLES_MAP);
     Map<String, Set<String>> exceptedGroupRolesMap = Maps.newHashMap();
     exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1", "role2"));
-    verifyGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap);
+    verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap);
 
     // test the mapping data for role and privilege
     Map<String, Set<TSentryPrivilege>> actualRolePrivilegesMap = sentryStore
@@ -496,7 +507,7 @@ public class TestSentryStoreImportExport {
     sentryStore.dropSentryRole("role2");
 
     Map<String, MSentryRole> rolesMap = sentryStore.getRolesMap();
-    Map<String, MSentryGroup> groupsMap = sentryStore.getGroupNameTGroupMap();
+    Map<String, MSentryGroup> groupsMap = sentryStore.getGroupNameToGroupMap();
     List<MSentryPrivilege> privilegesList = sentryStore.getPrivilegesList();
 
     // test the result data for the role
@@ -509,10 +520,12 @@ public class TestSentryStoreImportExport {
     assertTrue(privilegesList.isEmpty());
 
     // test the mapping data for group and role
-    Map<String, Set<String>> actualGroupRolesMap = sentryStore.getGroupNameRoleNamesMap();
+    List<Map<String, Set<String>>> mapList = sentryStore.getGroupUserRoleMapList(null);
+    Map<String, Set<String>> actualGroupRolesMap = mapList.get(
+        SentryStore.INDEX_GROUP_ROLES_MAP);
     Map<String, Set<String>> exceptedGroupRolesMap = Maps.newHashMap();
     exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1"));
-    verifyGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap);
+    verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap);
 
     // test the mapping data for role and privilege
     Map<String, Set<TSentryPrivilege>> actualRolePrivilegesMap = sentryStore
@@ -556,7 +569,7 @@ public class TestSentryStoreImportExport {
     sentryStore.importSentryMetaData(tSentryMappingData2, true);
 
     Map<String, MSentryRole> rolesMap = sentryStore.getRolesMap();
-    Map<String, MSentryGroup> groupsMap = sentryStore.getGroupNameTGroupMap();
+    Map<String, MSentryGroup> groupsMap = sentryStore.getGroupNameToGroupMap();
     List<MSentryPrivilege> privilegesList = sentryStore.getPrivilegesList();
 
     // test the result data for the role
@@ -569,12 +582,14 @@ public class TestSentryStoreImportExport {
     verifyPrivileges(privilegesList, Sets.newHashSet(tSentryPrivilege1, tSentryPrivilege2));
 
     // test the mapping data for group and role
-    Map<String, Set<String>> actualGroupRolesMap = sentryStore.getGroupNameRoleNamesMap();
+    List<Map<String, Set<String>>> mapList = sentryStore.getGroupUserRoleMapList(null);
+    Map<String, Set<String>> actualGroupRolesMap = mapList.get(
+        SentryStore.INDEX_GROUP_ROLES_MAP);
     Map<String, Set<String>> exceptedGroupRolesMap = Maps.newHashMap();
     exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1"));
     exceptedGroupRolesMap.put("group2", Sets.newHashSet("role2", "role3"));
     exceptedGroupRolesMap.put("group3", Sets.newHashSet("role2", "role3"));
-    verifyGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap);
+    verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap);
 
     // test the mapping data for role and privilege
     Map<String, Set<TSentryPrivilege>> actualRolePrivilegesMap = sentryStore
@@ -634,7 +649,7 @@ public class TestSentryStoreImportExport {
     sentryStore.importSentryMetaData(tSentryMappingData2, true);
 
     Map<String, MSentryRole> rolesMap = sentryStore.getRolesMap();
-    Map<String, MSentryGroup> groupsMap = sentryStore.getGroupNameTGroupMap();
+    Map<String, MSentryGroup> groupsMap = sentryStore.getGroupNameToGroupMap();
     List<MSentryPrivilege> privilegesList = sentryStore.getPrivilegesList();
 
     // test the result data for the role
@@ -649,12 +664,14 @@ public class TestSentryStoreImportExport {
         tSentryPrivilege7, tSentryPrivilege8));
 
     // test the mapping data for group and role
-    Map<String, Set<String>> actualGroupRolesMap = sentryStore.getGroupNameRoleNamesMap();
+    List<Map<String, Set<String>>> mapList = sentryStore.getGroupUserRoleMapList(null);
+    Map<String, Set<String>> actualGroupRolesMap = mapList.get(
+        SentryStore.INDEX_GROUP_ROLES_MAP);
     Map<String, Set<String>> exceptedGroupRolesMap = Maps.newHashMap();
     exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1", "role2", "role3"));
     exceptedGroupRolesMap.put("group2", Sets.newHashSet("role1", "role2", "role3"));
     exceptedGroupRolesMap.put("group3", Sets.newHashSet("role1", "role2", "role3"));
-    verifyGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap);
+    verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap);
 
     // test the mapping data for role and privilege
     Map<String, Set<TSentryPrivilege>> actualRolePrivilegesMap = sentryStore
@@ -711,7 +728,7 @@ public class TestSentryStoreImportExport {
     sentryStore.importSentryMetaData(tSentryMappingData1, true);
 
     Map<String, MSentryRole> rolesMap = sentryStore.getRolesMap();
-    Map<String, MSentryGroup> groupsMap = sentryStore.getGroupNameTGroupMap();
+    Map<String, MSentryGroup> groupsMap = sentryStore.getGroupNameToGroupMap();
 
     // test the result data for the role
     verifyRoles(rolesMap, Sets.newHashSet("role1", "role2"));
@@ -720,10 +737,12 @@ public class TestSentryStoreImportExport {
     verifyGroups(groupsMap, Sets.newHashSet("group1"));
 
     // test the mapping data for group and role
-    Map<String, Set<String>> actualGroupRolesMap = sentryStore.getGroupNameRoleNamesMap();
+    List<Map<String, Set<String>>> mapList = sentryStore.getGroupUserRoleMapList(null);
+    Map<String, Set<String>> actualGroupRolesMap = mapList.get(
+        SentryStore.INDEX_GROUP_ROLES_MAP);
     Map<String, Set<String>> exceptedGroupRolesMap = Maps.newHashMap();
     exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1", "role2"));
-    verifyGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap);
+    verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap);
 
     // test the mapping data for role and privilege
     Map<String, Set<TSentryPrivilege>> actualRolePrivilegesMap = sentryStore
@@ -754,13 +773,13 @@ public class TestSentryStoreImportExport {
     sentryGroupRolesMap.put("group3", Sets.newHashSet("role2", "role3"));
     sentryGroupRolesMap.put("group4", Sets.newHashSet("role1", "role2", "role3"));
     sentryRolePrivilegesMap.put("role1", Sets.newHashSet(
-            tSentryPrivilege3, tSentryPrivilege4, tSentryPrivilege9));
+        tSentryPrivilege3, tSentryPrivilege4, tSentryPrivilege9));
     sentryRolePrivilegesMap.put("role2", Sets.newHashSet(
-            tSentryPrivilege3, tSentryPrivilege4, tSentryPrivilege5, tSentryPrivilege6,
-            tSentryPrivilege7));
+        tSentryPrivilege3, tSentryPrivilege4, tSentryPrivilege5, tSentryPrivilege6,
+        tSentryPrivilege7));
     sentryRolePrivilegesMap.put("role3", Sets.newHashSet(
-            tSentryPrivilege4, tSentryPrivilege5, tSentryPrivilege6,
-            tSentryPrivilege7, tSentryPrivilege8));
+        tSentryPrivilege4, tSentryPrivilege5, tSentryPrivilege6,
+        tSentryPrivilege7, tSentryPrivilege8));
     tSentryMappingData.setGroupRolesMap(sentryGroupRolesMap);
     tSentryMappingData.setRolePrivilegesMap(sentryRolePrivilegesMap);
     sentryStore.importSentryMetaData(tSentryMappingData, false);
@@ -771,19 +790,21 @@ public class TestSentryStoreImportExport {
     Map<String, Set<TSentryPrivilege>> exceptedRolePrivilegesMap = Maps.newHashMap();
     exceptedRolePrivilegesMap.put("role1", Sets.newHashSet(tSentryPrivilege4));
     exceptedRolePrivilegesMap.put("role2", Sets.newHashSet(tSentryPrivilege4,
-            tSentryPrivilege5, tSentryPrivilege6, tSentryPrivilege7));
+        tSentryPrivilege5, tSentryPrivilege6, tSentryPrivilege7));
     exceptedRolePrivilegesMap.put("role3", Sets.newHashSet(tSentryPrivilege4,
-            tSentryPrivilege5, tSentryPrivilege6, tSentryPrivilege7));
+        tSentryPrivilege5, tSentryPrivilege6, tSentryPrivilege7));
     verifyRolePrivilegesMap(actualRolePrivilegesMap, exceptedRolePrivilegesMap);
 
-    Map<String, Set<String>> actualGroupRolesMap = sentryStore.getGroupNameRoleNamesMap(
-            actualRolePrivilegesMap.keySet());
+    List<Map<String, Set<String>>> mapList = sentryStore.getGroupUserRoleMapList(
+        actualRolePrivilegesMap.keySet());
+    Map<String, Set<String>> actualGroupRolesMap = mapList.get(
+        SentryStore.INDEX_GROUP_ROLES_MAP);
     Map<String, Set<String>> exceptedGroupRolesMap = Maps.newHashMap();
     exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1"));
     exceptedGroupRolesMap.put("group2", Sets.newHashSet("role1", "role2"));
     exceptedGroupRolesMap.put("group3", Sets.newHashSet("role2", "role3"));
     exceptedGroupRolesMap.put("group4", Sets.newHashSet("role1", "role2", "role3"));
-    verifyGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap);
+    verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap);
 
     // verify the rolePrivilegesMap and groupRolesMap for db=db2
     actualRolePrivilegesMap = sentryStore.getRoleNameTPrivilegesMap("db2", "");
@@ -792,14 +813,14 @@ public class TestSentryStoreImportExport {
     exceptedRolePrivilegesMap.put("role2", Sets.newHashSet(tSentryPrivilege3));
     verifyRolePrivilegesMap(actualRolePrivilegesMap, exceptedRolePrivilegesMap);
 
-    actualGroupRolesMap = sentryStore.getGroupNameRoleNamesMap(
-            actualRolePrivilegesMap.keySet());
+    mapList = sentryStore.getGroupUserRoleMapList(actualRolePrivilegesMap.keySet());
+    actualGroupRolesMap = mapList.get(SentryStore.INDEX_GROUP_ROLES_MAP);
     exceptedGroupRolesMap = Maps.newHashMap();
     exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1"));
     exceptedGroupRolesMap.put("group2", Sets.newHashSet("role1", "role2"));
     exceptedGroupRolesMap.put("group3", Sets.newHashSet("role2"));
     exceptedGroupRolesMap.put("group4", Sets.newHashSet("role1", "role2"));
-    verifyGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap);
+    verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap);
 
     // verify the rolePrivilegesMap and groupRolesMap for db=db1 and table=tbl1
     actualRolePrivilegesMap = sentryStore.getRoleNameTPrivilegesMap("db1", "tbl1");
@@ -809,14 +830,14 @@ public class TestSentryStoreImportExport {
     exceptedRolePrivilegesMap.put("role3", Sets.newHashSet(tSentryPrivilege4));
     verifyRolePrivilegesMap(actualRolePrivilegesMap, exceptedRolePrivilegesMap);
 
-    actualGroupRolesMap = sentryStore.getGroupNameRoleNamesMap(
-                actualRolePrivilegesMap.keySet());
+    mapList = sentryStore.getGroupUserRoleMapList(actualRolePrivilegesMap.keySet());
+    actualGroupRolesMap = mapList.get(SentryStore.INDEX_GROUP_ROLES_MAP);
     exceptedGroupRolesMap = Maps.newHashMap();
     exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1"));
     exceptedGroupRolesMap.put("group2", Sets.newHashSet("role1", "role2"));
     exceptedGroupRolesMap.put("group3", Sets.newHashSet("role2", "role3"));
     exceptedGroupRolesMap.put("group4", Sets.newHashSet("role1", "role2", "role3"));
-    verifyGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap);
+    verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap);
 
     // verify the rolePrivilegesMap and groupRolesMap for db=db1 and table=tbl2
     actualRolePrivilegesMap = sentryStore.getRoleNameTPrivilegesMap("db1", "tbl2");
@@ -825,13 +846,13 @@ public class TestSentryStoreImportExport {
     exceptedRolePrivilegesMap.put("role3", Sets.newHashSet(tSentryPrivilege5));
     verifyRolePrivilegesMap(actualRolePrivilegesMap, exceptedRolePrivilegesMap);
 
-    actualGroupRolesMap = sentryStore.getGroupNameRoleNamesMap(
-            actualRolePrivilegesMap.keySet());
+    mapList = sentryStore.getGroupUserRoleMapList(actualRolePrivilegesMap.keySet());
+    actualGroupRolesMap = mapList.get(SentryStore.INDEX_GROUP_ROLES_MAP);
     exceptedGroupRolesMap = Maps.newHashMap();
     exceptedGroupRolesMap.put("group2", Sets.newHashSet("role2"));
     exceptedGroupRolesMap.put("group3", Sets.newHashSet("role2", "role3"));
     exceptedGroupRolesMap.put("group4", Sets.newHashSet("role2", "role3"));
-    verifyGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap);
+    verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap);
 
     // verify the rolePrivilegesMap and groupRolesMap for table=tbl1
     actualRolePrivilegesMap = sentryStore.getRoleNameTPrivilegesMap("", "tbl1");
@@ -841,36 +862,113 @@ public class TestSentryStoreImportExport {
     exceptedRolePrivilegesMap.put("role3", Sets.newHashSet(tSentryPrivilege4));
     verifyRolePrivilegesMap(actualRolePrivilegesMap, exceptedRolePrivilegesMap);
 
-    actualGroupRolesMap = sentryStore.getGroupNameRoleNamesMap(
-            actualRolePrivilegesMap.keySet());
+    mapList = sentryStore.getGroupUserRoleMapList(actualRolePrivilegesMap.keySet());
+    actualGroupRolesMap = mapList.get(SentryStore.INDEX_GROUP_ROLES_MAP);
     exceptedGroupRolesMap = Maps.newHashMap();
     exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1"));
     exceptedGroupRolesMap.put("group2", Sets.newHashSet("role1", "role2"));
     exceptedGroupRolesMap.put("group3", Sets.newHashSet("role2", "role3"));
     exceptedGroupRolesMap.put("group4", Sets.newHashSet("role1", "role2", "role3"));
-    verifyGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap);
+    verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap);
 
     // verify the rolePrivilegesMap and groupRolesMap for empty parameter
     actualRolePrivilegesMap = sentryStore.getRoleNameTPrivilegesMap("", "");
     exceptedRolePrivilegesMap = Maps.newHashMap();
     exceptedRolePrivilegesMap.put("role1", Sets.newHashSet(tSentryPrivilege3,
-            tSentryPrivilege4, tSentryPrivilege9));
+        tSentryPrivilege4, tSentryPrivilege9));
     exceptedRolePrivilegesMap.put("role2", Sets.newHashSet(tSentryPrivilege3,
-            tSentryPrivilege4, tSentryPrivilege5, tSentryPrivilege6,
-            tSentryPrivilege7));
+        tSentryPrivilege4, tSentryPrivilege5, tSentryPrivilege6, tSentryPrivilege7));
     exceptedRolePrivilegesMap.put("role3", Sets.newHashSet(tSentryPrivilege4,
-            tSentryPrivilege5, tSentryPrivilege6,
-            tSentryPrivilege7, tSentryPrivilege8));
+        tSentryPrivilege5, tSentryPrivilege6,
+        tSentryPrivilege7, tSentryPrivilege8));
     verifyRolePrivilegesMap(actualRolePrivilegesMap, exceptedRolePrivilegesMap);
 
-    actualGroupRolesMap = sentryStore.getGroupNameRoleNamesMap(
-            actualRolePrivilegesMap.keySet());
+    mapList = sentryStore.getGroupUserRoleMapList(actualRolePrivilegesMap.keySet());
+    actualGroupRolesMap = mapList.get(SentryStore.INDEX_GROUP_ROLES_MAP);
     exceptedGroupRolesMap = Maps.newHashMap();
     exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1"));
     exceptedGroupRolesMap.put("group2", Sets.newHashSet("role1", "role2"));
     exceptedGroupRolesMap.put("group3", Sets.newHashSet("role2", "role3"));
     exceptedGroupRolesMap.put("group4", Sets.newHashSet("role1", "role2", "role3"));
-    verifyGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap);
+    verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap);
+  }
+
+  // Befor import, database is empty.
+  // The following information is imported:
+  // group1=role1,role2,role3
+  // user1=role1,role2
+  // user2=role2,role3
+  // role1=privilege1,privilege2,privilege3,privilege4
+  // role2=privilege5,privilege6,privilege7,privilege8
+  // role3=privilege3,privilege4,privilege5,privilege6
+  // Both import API importSentryMetaData and export APIs getRolesMap, getGroupsMap,
+  // getUsersMap getPrivilegesList are tested.
+  @Test
+  public void testImportExportWithUser() throws Exception {
+    TSentryMappingData tSentryMappingData = new TSentryMappingData();
+    Map<String, Set<String>> groupRolesMap = Maps.newHashMap();
+    Map<String, Set<String>> userRolesMap = Maps.newHashMap();
+    Map<String, Set<TSentryPrivilege>> sentryRolePrivilegesMap = Maps.newHashMap();
+    groupRolesMap.put("group1", Sets.newHashSet("Role1", "role2", "role3"));
+    userRolesMap.put("user1", Sets.newHashSet("Role1", "role2"));
+    userRolesMap.put("user2", Sets.newHashSet("role2", "role3"));
+    sentryRolePrivilegesMap.put("Role1", Sets.newHashSet(tSentryPrivilege1, tSentryPrivilege2,
+        tSentryPrivilege3, tSentryPrivilege4));
+    sentryRolePrivilegesMap.put("role2", Sets.newHashSet(tSentryPrivilege5, tSentryPrivilege6,
+        tSentryPrivilege7, tSentryPrivilege8));
+    sentryRolePrivilegesMap.put("role3", Sets.newHashSet(tSentryPrivilege3,
+        tSentryPrivilege4, tSentryPrivilege5, tSentryPrivilege6));
+    tSentryMappingData.setGroupRolesMap(groupRolesMap);
+    tSentryMappingData.setRolePrivilegesMap(sentryRolePrivilegesMap);
+    tSentryMappingData.setUserRolesMap(userRolesMap);
+    sentryStore.importSentryMetaData(tSentryMappingData, false);
+
+    Map<String, MSentryRole> rolesMap = sentryStore.getRolesMap();
+    Map<String, MSentryGroup> groupsMap = sentryStore.getGroupNameToGroupMap();
+    Map<String, MSentryUser> usersMap = sentryStore.getUserNameToUserMap();
+    List<MSentryPrivilege> privilegesList = sentryStore.getPrivilegesList();
+
+    // test the result data for the role
+    verifyRoles(rolesMap, Sets.newHashSet("role1", "role2", "role3"));
+
+    // test the result data for the group
+    verifyGroups(groupsMap, Sets.newHashSet("group1"));
+
+    // test the result data for the user
+    verifyUsers(usersMap, Sets.newHashSet("user1", "user2"));
+
+    // test the result data for the privilege
+    verifyPrivileges(privilegesList, Sets.newHashSet(tSentryPrivilege1, tSentryPrivilege2,
+        tSentryPrivilege3, tSentryPrivilege4, tSentryPrivilege5, tSentryPrivilege6,
+        tSentryPrivilege7, tSentryPrivilege8));
+
+    // test the mapping data for group and role
+    List<Map<String, Set<String>>> mapList = sentryStore.getGroupUserRoleMapList(null);
+    Map<String, Set<String>> actualGroupRolesMap = mapList.get(
+        SentryStore.INDEX_GROUP_ROLES_MAP);
+    Map<String, Set<String>> exceptedGroupRolesMap = Maps.newHashMap();
+    exceptedGroupRolesMap.put("group1", Sets.newHashSet("role1", "role2", "role3"));
+    verifyUserGroupRolesMap(actualGroupRolesMap, exceptedGroupRolesMap);
+
+    Map<String, Set<String>> actualUserRolesMap = mapList.get(
+        SentryStore.INDEX_USER_ROLES_MAP);
+    Map<String, Set<String>> exceptedUserRolesMap = Maps.newHashMap();
+    exceptedUserRolesMap.put("user1", Sets.newHashSet("role1", "role2"));
+    exceptedUserRolesMap.put("user2", Sets.newHashSet("role2", "role3"));
+    verifyUserGroupRolesMap(actualUserRolesMap, exceptedUserRolesMap);
+
+    // test the mapping data for role and privilege
+    Map<String, Set<TSentryPrivilege>> actualRolePrivilegesMap = sentryStore
+        .getRoleNameTPrivilegesMap();
+    Map<String, Set<TSentryPrivilege>> exceptedRolePrivilegesMap = Maps.newHashMap();
+    exceptedRolePrivilegesMap.put("role1", Sets.newHashSet(tSentryPrivilege1, tSentryPrivilege2,
+        tSentryPrivilege3, tSentryPrivilege4));
+    exceptedRolePrivilegesMap.put("role2", Sets.newHashSet(tSentryPrivilege5, tSentryPrivilege6,
+        tSentryPrivilege7, tSentryPrivilege8));
+    exceptedRolePrivilegesMap.put("role3", Sets.newHashSet(tSentryPrivilege3,
+        tSentryPrivilege4, tSentryPrivilege5, tSentryPrivilege6));
+
+    verifyRolePrivilegesMap(actualRolePrivilegesMap, exceptedRolePrivilegesMap);
   }
 
   private void verifyRoles(Map<String, MSentryRole> actualRoleMap, Set<String> expectedRoleNameSet) {
@@ -888,6 +986,14 @@ public class TestSentryStoreImportExport {
     }
   }
 
+  private void verifyUsers(Map<String, MSentryUser> actualUsersMap,
+                            Set<String> expectedUserNameSet) {
+    assertEquals(expectedUserNameSet.size(), actualUsersMap.keySet().size());
+    for (String userName : actualUsersMap.keySet()) {
+      assertTrue(expectedUserNameSet.contains(userName));
+    }
+  }
+
   private void verifyPrivileges(List<MSentryPrivilege> actualPrivileges,
       Set<TSentryPrivilege> expectedTSentryPrivilegeSet) {
     assertEquals(expectedTSentryPrivilegeSet.size(), actualPrivileges.size());
@@ -904,12 +1010,12 @@ public class TestSentryStoreImportExport {
     }
   }
 
-  private void verifyGroupRolesMap(Map<String, Set<String>> actualGroupRolesMap,
-      Map<String, Set<String>> exceptedGroupRolesMap) {
-    assertEquals(exceptedGroupRolesMap.keySet().size(), actualGroupRolesMap.keySet().size());
-    for (String groupName : actualGroupRolesMap.keySet()) {
-      Set<String> exceptedRoles = exceptedGroupRolesMap.get(groupName);
-      Set<String> actualRoles = actualGroupRolesMap.get(groupName);
+  private void verifyUserGroupRolesMap(Map<String, Set<String>> actualMap,
+      Map<String, Set<String>> exceptedMap) {
+    assertEquals(exceptedMap.keySet().size(), actualMap.keySet().size());
+    for (String name : actualMap.keySet()) {
+      Set<String> exceptedRoles = exceptedMap.get(name);
+      Set<String> actualRoles = actualMap.get(name);
       assertEquals(actualRoles.size(), exceptedRoles.size());
       assertTrue(actualRoles.equals(exceptedRoles));
     }


Mime
View raw message