sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ha...@apache.org
Subject [sentry] branch master updated: SENTRY-2440: Add a new thrift API for checking if a user is in admin group (Hao Hao, reviewed by Na Li)
Date Wed, 13 Feb 2019 19:46:21 GMT
This is an automated email from the ASF dual-hosted git repository.

hahao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sentry.git


The following commit(s) were added to refs/heads/master by this push:
     new d818793  SENTRY-2440: Add a new thrift API for checking if a user is in admin group (Hao Hao, reviewed by Na Li)
d818793 is described below

commit d818793374978f07c02b818a8a2ec23572e2c707
Author: Hao Hao <hao.hao@cloudera.com>
AuthorDate: Thu Feb 7 15:35:24 2019 -0800

    SENTRY-2440: Add a new thrift API for checking if a user is in admin group (Hao Hao, reviewed by Na Li)
---
 .../api/service/thrift/SentryPolicyService.java    | 858 +++++++++++++++++++++
 .../api/service/thrift/TIsSentryAdminRequest.java  | 490 ++++++++++++
 .../api/service/thrift/TIsSentryAdminResponse.java | 493 ++++++++++++
 .../service/thrift/SentryPolicyServiceClient.java  |   1 +
 .../SentryPolicyServiceClientDefaultImpl.java      |  15 +
 .../main/resources/sentry_policy_service.thrift    |  12 +
 .../sentry/api/service/thrift/SentryMetrics.java   |   3 +
 .../service/thrift/SentryPolicyStoreProcessor.java |  28 +
 .../thrift/TestSentryServiceIntegration.java       |  20 +
 9 files changed, 1920 insertions(+)

diff --git a/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/SentryPolicyService.java b/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/SentryPolicyService.java
index 7025653..df18706 100644
--- a/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/SentryPolicyService.java
+++ b/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/SentryPolicyService.java
@@ -39,6 +39,8 @@ public class SentryPolicyService {
 
   public interface Iface {
 
+    public TIsSentryAdminResponse is_sentry_admin(TIsSentryAdminRequest request) throws org.apache.thrift.TException;
+
     public TCreateSentryRoleResponse create_sentry_role(TCreateSentryRoleRequest request) throws org.apache.thrift.TException;
 
     public TDropSentryRoleResponse drop_sentry_role(TDropSentryRoleRequest request) throws org.apache.thrift.TException;
@@ -91,6 +93,8 @@ public class SentryPolicyService {
 
   public interface AsyncIface {
 
+    public void is_sentry_admin(TIsSentryAdminRequest request, org.apache.thrift.async.AsyncMethodCallback resultHandler) throws org.apache.thrift.TException;
+
     public void create_sentry_role(TCreateSentryRoleRequest request, org.apache.thrift.async.AsyncMethodCallback resultHandler) throws org.apache.thrift.TException;
 
     public void drop_sentry_role(TDropSentryRoleRequest request, org.apache.thrift.async.AsyncMethodCallback resultHandler) throws org.apache.thrift.TException;
@@ -161,6 +165,29 @@ public class SentryPolicyService {
       super(iprot, oprot);
     }
 
+    public TIsSentryAdminResponse is_sentry_admin(TIsSentryAdminRequest request) throws org.apache.thrift.TException
+    {
+      send_is_sentry_admin(request);
+      return recv_is_sentry_admin();
+    }
+
+    public void send_is_sentry_admin(TIsSentryAdminRequest request) throws org.apache.thrift.TException
+    {
+      is_sentry_admin_args args = new is_sentry_admin_args();
+      args.setRequest(request);
+      sendBase("is_sentry_admin", args);
+    }
+
+    public TIsSentryAdminResponse recv_is_sentry_admin() throws org.apache.thrift.TException
+    {
+      is_sentry_admin_result result = new is_sentry_admin_result();
+      receiveBase(result, "is_sentry_admin");
+      if (result.isSetSuccess()) {
+        return result.success;
+      }
+      throw new org.apache.thrift.TApplicationException(org.apache.thrift.TApplicationException.MISSING_RESULT, "is_sentry_admin failed: unknown result");
+    }
+
     public TCreateSentryRoleResponse create_sentry_role(TCreateSentryRoleRequest request) throws org.apache.thrift.TException
     {
       send_create_sentry_role(request);
@@ -731,6 +758,38 @@ public class SentryPolicyService {
       super(protocolFactory, clientManager, transport);
     }
 
+    public void is_sentry_admin(TIsSentryAdminRequest request, org.apache.thrift.async.AsyncMethodCallback resultHandler) throws org.apache.thrift.TException {
+      checkReady();
+      is_sentry_admin_call method_call = new is_sentry_admin_call(request, resultHandler, this, ___protocolFactory, ___transport);
+      this.___currentMethod = method_call;
+      ___manager.call(method_call);
+    }
+
+    public static class is_sentry_admin_call extends org.apache.thrift.async.TAsyncMethodCall {
+      private TIsSentryAdminRequest request;
+      public is_sentry_admin_call(TIsSentryAdminRequest request, org.apache.thrift.async.AsyncMethodCallback resultHandler, org.apache.thrift.async.TAsyncClient client, org.apache.thrift.protocol.TProtocolFactory protocolFactory, org.apache.thrift.transport.TNonblockingTransport transport) throws org.apache.thrift.TException {
+        super(client, protocolFactory, transport, resultHandler, false);
+        this.request = request;
+      }
+
+      public void write_args(org.apache.thrift.protocol.TProtocol prot) throws org.apache.thrift.TException {
+        prot.writeMessageBegin(new org.apache.thrift.protocol.TMessage("is_sentry_admin", org.apache.thrift.protocol.TMessageType.CALL, 0));
+        is_sentry_admin_args args = new is_sentry_admin_args();
+        args.setRequest(request);
+        args.write(prot);
+        prot.writeMessageEnd();
+      }
+
+      public TIsSentryAdminResponse getResult() throws org.apache.thrift.TException {
+        if (getState() != org.apache.thrift.async.TAsyncMethodCall.State.RESPONSE_READ) {
+          throw new IllegalStateException("Method call not finished!");
+        }
+        org.apache.thrift.transport.TMemoryInputTransport memoryTransport = new org.apache.thrift.transport.TMemoryInputTransport(getFrameBuffer().array());
+        org.apache.thrift.protocol.TProtocol prot = client.getProtocolFactory().getProtocol(memoryTransport);
+        return (new Client(prot)).recv_is_sentry_admin();
+      }
+    }
+
     public void create_sentry_role(TCreateSentryRoleRequest request, org.apache.thrift.async.AsyncMethodCallback resultHandler) throws org.apache.thrift.TException {
       checkReady();
       create_sentry_role_call method_call = new create_sentry_role_call(request, resultHandler, this, ___protocolFactory, ___transport);
@@ -1512,6 +1571,7 @@ public class SentryPolicyService {
     }
 
     private static <I extends Iface> Map<String,  org.apache.thrift.ProcessFunction<I, ? extends  org.apache.thrift.TBase>> getProcessMap(Map<String,  org.apache.thrift.ProcessFunction<I, ? extends  org.apache.thrift.TBase>> processMap) {
+      processMap.put("is_sentry_admin", new is_sentry_admin());
       processMap.put("create_sentry_role", new create_sentry_role());
       processMap.put("drop_sentry_role", new drop_sentry_role());
       processMap.put("alter_sentry_role_grant_privilege", new alter_sentry_role_grant_privilege());
@@ -1539,6 +1599,26 @@ public class SentryPolicyService {
       return processMap;
     }
 
+    public static class is_sentry_admin<I extends Iface> extends org.apache.thrift.ProcessFunction<I, is_sentry_admin_args> {
+      public is_sentry_admin() {
+        super("is_sentry_admin");
+      }
+
+      public is_sentry_admin_args getEmptyArgsInstance() {
+        return new is_sentry_admin_args();
+      }
+
+      protected boolean isOneway() {
+        return false;
+      }
+
+      public is_sentry_admin_result getResult(I iface, is_sentry_admin_args args) throws org.apache.thrift.TException {
+        is_sentry_admin_result result = new is_sentry_admin_result();
+        result.success = iface.is_sentry_admin(args.request);
+        return result;
+      }
+    }
+
     public static class create_sentry_role<I extends Iface> extends org.apache.thrift.ProcessFunction<I, create_sentry_role_args> {
       public create_sentry_role() {
         super("create_sentry_role");
@@ -2032,6 +2112,7 @@ public class SentryPolicyService {
     }
 
     private static <I extends AsyncIface> Map<String,  org.apache.thrift.AsyncProcessFunction<I, ? extends  org.apache.thrift.TBase,?>> getProcessMap(Map<String,  org.apache.thrift.AsyncProcessFunction<I, ? extends  org.apache.thrift.TBase, ?>> processMap) {
+      processMap.put("is_sentry_admin", new is_sentry_admin());
       processMap.put("create_sentry_role", new create_sentry_role());
       processMap.put("drop_sentry_role", new drop_sentry_role());
       processMap.put("alter_sentry_role_grant_privilege", new alter_sentry_role_grant_privilege());
@@ -2059,6 +2140,57 @@ public class SentryPolicyService {
       return processMap;
     }
 
+    public static class is_sentry_admin<I extends AsyncIface> extends org.apache.thrift.AsyncProcessFunction<I, is_sentry_admin_args, TIsSentryAdminResponse> {
+      public is_sentry_admin() {
+        super("is_sentry_admin");
+      }
+
+      public is_sentry_admin_args getEmptyArgsInstance() {
+        return new is_sentry_admin_args();
+      }
+
+      public AsyncMethodCallback<TIsSentryAdminResponse> getResultHandler(final AsyncFrameBuffer fb, final int seqid) {
+        final org.apache.thrift.AsyncProcessFunction fcall = this;
+        return new AsyncMethodCallback<TIsSentryAdminResponse>() { 
+          public void onComplete(TIsSentryAdminResponse o) {
+            is_sentry_admin_result result = new is_sentry_admin_result();
+            result.success = o;
+            try {
+              fcall.sendResponse(fb,result, org.apache.thrift.protocol.TMessageType.REPLY,seqid);
+              return;
+            } catch (Exception e) {
+              LOGGER.error("Exception writing to internal frame buffer", e);
+            }
+            fb.close();
+          }
+          public void onError(Exception e) {
+            byte msgType = org.apache.thrift.protocol.TMessageType.REPLY;
+            org.apache.thrift.TBase msg;
+            is_sentry_admin_result result = new is_sentry_admin_result();
+            {
+              msgType = org.apache.thrift.protocol.TMessageType.EXCEPTION;
+              msg = (org.apache.thrift.TBase)new org.apache.thrift.TApplicationException(org.apache.thrift.TApplicationException.INTERNAL_ERROR, e.getMessage());
+            }
+            try {
+              fcall.sendResponse(fb,msg,msgType,seqid);
+              return;
+            } catch (Exception ex) {
+              LOGGER.error("Exception writing to internal frame buffer", ex);
+            }
+            fb.close();
+          }
+        };
+      }
+
+      protected boolean isOneway() {
+        return false;
+      }
+
+      public void start(I iface, is_sentry_admin_args args, org.apache.thrift.async.AsyncMethodCallback<TIsSentryAdminResponse> resultHandler) throws TException {
+        iface.is_sentry_admin(args.request,resultHandler);
+      }
+    }
+
     public static class create_sentry_role<I extends AsyncIface> extends org.apache.thrift.AsyncProcessFunction<I, create_sentry_role_args, TCreateSentryRoleResponse> {
       public create_sentry_role() {
         super("create_sentry_role");
@@ -3285,6 +3417,732 @@ public class SentryPolicyService {
 
   }
 
+  public static class is_sentry_admin_args implements org.apache.thrift.TBase<is_sentry_admin_args, is_sentry_admin_args._Fields>, java.io.Serializable, Cloneable, Comparable<is_sentry_admin_args>   {
+    private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("is_sentry_admin_args");
+
+    private static final org.apache.thrift.protocol.TField REQUEST_FIELD_DESC = new org.apache.thrift.protocol.TField("request", org.apache.thrift.protocol.TType.STRUCT, (short)1);
+
+    private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+    static {
+      schemes.put(StandardScheme.class, new is_sentry_admin_argsStandardSchemeFactory());
+      schemes.put(TupleScheme.class, new is_sentry_admin_argsTupleSchemeFactory());
+    }
+
+    private TIsSentryAdminRequest request; // required
+
+    /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+    public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+      REQUEST((short)1, "request");
+
+      private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+      static {
+        for (_Fields field : EnumSet.allOf(_Fields.class)) {
+          byName.put(field.getFieldName(), field);
+        }
+      }
+
+      /**
+       * Find the _Fields constant that matches fieldId, or null if its not found.
+       */
+      public static _Fields findByThriftId(int fieldId) {
+        switch(fieldId) {
+          case 1: // REQUEST
+            return REQUEST;
+          default:
+            return null;
+        }
+      }
+
+      /**
+       * Find the _Fields constant that matches fieldId, throwing an exception
+       * if it is not found.
+       */
+      public static _Fields findByThriftIdOrThrow(int fieldId) {
+        _Fields fields = findByThriftId(fieldId);
+        if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+        return fields;
+      }
+
+      /**
+       * Find the _Fields constant that matches name, or null if its not found.
+       */
+      public static _Fields findByName(String name) {
+        return byName.get(name);
+      }
+
+      private final short _thriftId;
+      private final String _fieldName;
+
+      _Fields(short thriftId, String fieldName) {
+        _thriftId = thriftId;
+        _fieldName = fieldName;
+      }
+
+      public short getThriftFieldId() {
+        return _thriftId;
+      }
+
+      public String getFieldName() {
+        return _fieldName;
+      }
+    }
+
+    // isset id assignments
+    public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+    static {
+      Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+      tmpMap.put(_Fields.REQUEST, new org.apache.thrift.meta_data.FieldMetaData("request", org.apache.thrift.TFieldRequirementType.DEFAULT, 
+          new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, TIsSentryAdminRequest.class)));
+      metaDataMap = Collections.unmodifiableMap(tmpMap);
+      org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(is_sentry_admin_args.class, metaDataMap);
+    }
+
+    public is_sentry_admin_args() {
+    }
+
+    public is_sentry_admin_args(
+      TIsSentryAdminRequest request)
+    {
+      this();
+      this.request = request;
+    }
+
+    /**
+     * Performs a deep copy on <i>other</i>.
+     */
+    public is_sentry_admin_args(is_sentry_admin_args other) {
+      if (other.isSetRequest()) {
+        this.request = new TIsSentryAdminRequest(other.request);
+      }
+    }
+
+    public is_sentry_admin_args deepCopy() {
+      return new is_sentry_admin_args(this);
+    }
+
+    @Override
+    public void clear() {
+      this.request = null;
+    }
+
+    public TIsSentryAdminRequest getRequest() {
+      return this.request;
+    }
+
+    public void setRequest(TIsSentryAdminRequest request) {
+      this.request = request;
+    }
+
+    public void unsetRequest() {
+      this.request = null;
+    }
+
+    /** Returns true if field request is set (has been assigned a value) and false otherwise */
+    public boolean isSetRequest() {
+      return this.request != null;
+    }
+
+    public void setRequestIsSet(boolean value) {
+      if (!value) {
+        this.request = null;
+      }
+    }
+
+    public void setFieldValue(_Fields field, Object value) {
+      switch (field) {
+      case REQUEST:
+        if (value == null) {
+          unsetRequest();
+        } else {
+          setRequest((TIsSentryAdminRequest)value);
+        }
+        break;
+
+      }
+    }
+
+    public Object getFieldValue(_Fields field) {
+      switch (field) {
+      case REQUEST:
+        return getRequest();
+
+      }
+      throw new IllegalStateException();
+    }
+
+    /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+    public boolean isSet(_Fields field) {
+      if (field == null) {
+        throw new IllegalArgumentException();
+      }
+
+      switch (field) {
+      case REQUEST:
+        return isSetRequest();
+      }
+      throw new IllegalStateException();
+    }
+
+    @Override
+    public boolean equals(Object that) {
+      if (that == null)
+        return false;
+      if (that instanceof is_sentry_admin_args)
+        return this.equals((is_sentry_admin_args)that);
+      return false;
+    }
+
+    public boolean equals(is_sentry_admin_args that) {
+      if (that == null)
+        return false;
+
+      boolean this_present_request = true && this.isSetRequest();
+      boolean that_present_request = true && that.isSetRequest();
+      if (this_present_request || that_present_request) {
+        if (!(this_present_request && that_present_request))
+          return false;
+        if (!this.request.equals(that.request))
+          return false;
+      }
+
+      return true;
+    }
+
+    @Override
+    public int hashCode() {
+      List<Object> list = new ArrayList<Object>();
+
+      boolean present_request = true && (isSetRequest());
+      list.add(present_request);
+      if (present_request)
+        list.add(request);
+
+      return list.hashCode();
+    }
+
+    @Override
+    public int compareTo(is_sentry_admin_args other) {
+      if (!getClass().equals(other.getClass())) {
+        return getClass().getName().compareTo(other.getClass().getName());
+      }
+
+      int lastComparison = 0;
+
+      lastComparison = Boolean.valueOf(isSetRequest()).compareTo(other.isSetRequest());
+      if (lastComparison != 0) {
+        return lastComparison;
+      }
+      if (isSetRequest()) {
+        lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.request, other.request);
+        if (lastComparison != 0) {
+          return lastComparison;
+        }
+      }
+      return 0;
+    }
+
+    public _Fields fieldForId(int fieldId) {
+      return _Fields.findByThriftId(fieldId);
+    }
+
+    public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+      schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+    }
+
+    public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+      schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+    }
+
+    @Override
+    public String toString() {
+      StringBuilder sb = new StringBuilder("is_sentry_admin_args(");
+      boolean first = true;
+
+      sb.append("request:");
+      if (this.request == null) {
+        sb.append("null");
+      } else {
+        sb.append(this.request);
+      }
+      first = false;
+      sb.append(")");
+      return sb.toString();
+    }
+
+    public void validate() throws org.apache.thrift.TException {
+      // check for required fields
+      // check for sub-struct validity
+      if (request != null) {
+        request.validate();
+      }
+    }
+
+    private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+      try {
+        write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+      } catch (org.apache.thrift.TException te) {
+        throw new java.io.IOException(te);
+      }
+    }
+
+    private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+      try {
+        read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+      } catch (org.apache.thrift.TException te) {
+        throw new java.io.IOException(te);
+      }
+    }
+
+    private static class is_sentry_admin_argsStandardSchemeFactory implements SchemeFactory {
+      public is_sentry_admin_argsStandardScheme getScheme() {
+        return new is_sentry_admin_argsStandardScheme();
+      }
+    }
+
+    private static class is_sentry_admin_argsStandardScheme extends StandardScheme<is_sentry_admin_args> {
+
+      public void read(org.apache.thrift.protocol.TProtocol iprot, is_sentry_admin_args struct) throws org.apache.thrift.TException {
+        org.apache.thrift.protocol.TField schemeField;
+        iprot.readStructBegin();
+        while (true)
+        {
+          schemeField = iprot.readFieldBegin();
+          if (schemeField.type == org.apache.thrift.protocol.TType.STOP) { 
+            break;
+          }
+          switch (schemeField.id) {
+            case 1: // REQUEST
+              if (schemeField.type == org.apache.thrift.protocol.TType.STRUCT) {
+                struct.request = new TIsSentryAdminRequest();
+                struct.request.read(iprot);
+                struct.setRequestIsSet(true);
+              } else { 
+                org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+              }
+              break;
+            default:
+              org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+          }
+          iprot.readFieldEnd();
+        }
+        iprot.readStructEnd();
+        struct.validate();
+      }
+
+      public void write(org.apache.thrift.protocol.TProtocol oprot, is_sentry_admin_args struct) throws org.apache.thrift.TException {
+        struct.validate();
+
+        oprot.writeStructBegin(STRUCT_DESC);
+        if (struct.request != null) {
+          oprot.writeFieldBegin(REQUEST_FIELD_DESC);
+          struct.request.write(oprot);
+          oprot.writeFieldEnd();
+        }
+        oprot.writeFieldStop();
+        oprot.writeStructEnd();
+      }
+
+    }
+
+    private static class is_sentry_admin_argsTupleSchemeFactory implements SchemeFactory {
+      public is_sentry_admin_argsTupleScheme getScheme() {
+        return new is_sentry_admin_argsTupleScheme();
+      }
+    }
+
+    private static class is_sentry_admin_argsTupleScheme extends TupleScheme<is_sentry_admin_args> {
+
+      @Override
+      public void write(org.apache.thrift.protocol.TProtocol prot, is_sentry_admin_args struct) throws org.apache.thrift.TException {
+        TTupleProtocol oprot = (TTupleProtocol) prot;
+        BitSet optionals = new BitSet();
+        if (struct.isSetRequest()) {
+          optionals.set(0);
+        }
+        oprot.writeBitSet(optionals, 1);
+        if (struct.isSetRequest()) {
+          struct.request.write(oprot);
+        }
+      }
+
+      @Override
+      public void read(org.apache.thrift.protocol.TProtocol prot, is_sentry_admin_args struct) throws org.apache.thrift.TException {
+        TTupleProtocol iprot = (TTupleProtocol) prot;
+        BitSet incoming = iprot.readBitSet(1);
+        if (incoming.get(0)) {
+          struct.request = new TIsSentryAdminRequest();
+          struct.request.read(iprot);
+          struct.setRequestIsSet(true);
+        }
+      }
+    }
+
+  }
+
+  public static class is_sentry_admin_result implements org.apache.thrift.TBase<is_sentry_admin_result, is_sentry_admin_result._Fields>, java.io.Serializable, Cloneable, Comparable<is_sentry_admin_result>   {
+    private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("is_sentry_admin_result");
+
+    private static final org.apache.thrift.protocol.TField SUCCESS_FIELD_DESC = new org.apache.thrift.protocol.TField("success", org.apache.thrift.protocol.TType.STRUCT, (short)0);
+
+    private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+    static {
+      schemes.put(StandardScheme.class, new is_sentry_admin_resultStandardSchemeFactory());
+      schemes.put(TupleScheme.class, new is_sentry_admin_resultTupleSchemeFactory());
+    }
+
+    private TIsSentryAdminResponse success; // required
+
+    /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+    public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+      SUCCESS((short)0, "success");
+
+      private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+      static {
+        for (_Fields field : EnumSet.allOf(_Fields.class)) {
+          byName.put(field.getFieldName(), field);
+        }
+      }
+
+      /**
+       * Find the _Fields constant that matches fieldId, or null if its not found.
+       */
+      public static _Fields findByThriftId(int fieldId) {
+        switch(fieldId) {
+          case 0: // SUCCESS
+            return SUCCESS;
+          default:
+            return null;
+        }
+      }
+
+      /**
+       * Find the _Fields constant that matches fieldId, throwing an exception
+       * if it is not found.
+       */
+      public static _Fields findByThriftIdOrThrow(int fieldId) {
+        _Fields fields = findByThriftId(fieldId);
+        if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+        return fields;
+      }
+
+      /**
+       * Find the _Fields constant that matches name, or null if its not found.
+       */
+      public static _Fields findByName(String name) {
+        return byName.get(name);
+      }
+
+      private final short _thriftId;
+      private final String _fieldName;
+
+      _Fields(short thriftId, String fieldName) {
+        _thriftId = thriftId;
+        _fieldName = fieldName;
+      }
+
+      public short getThriftFieldId() {
+        return _thriftId;
+      }
+
+      public String getFieldName() {
+        return _fieldName;
+      }
+    }
+
+    // isset id assignments
+    public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+    static {
+      Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+      tmpMap.put(_Fields.SUCCESS, new org.apache.thrift.meta_data.FieldMetaData("success", org.apache.thrift.TFieldRequirementType.DEFAULT, 
+          new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, TIsSentryAdminResponse.class)));
+      metaDataMap = Collections.unmodifiableMap(tmpMap);
+      org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(is_sentry_admin_result.class, metaDataMap);
+    }
+
+    public is_sentry_admin_result() {
+    }
+
+    public is_sentry_admin_result(
+      TIsSentryAdminResponse success)
+    {
+      this();
+      this.success = success;
+    }
+
+    /**
+     * Performs a deep copy on <i>other</i>.
+     */
+    public is_sentry_admin_result(is_sentry_admin_result other) {
+      if (other.isSetSuccess()) {
+        this.success = new TIsSentryAdminResponse(other.success);
+      }
+    }
+
+    public is_sentry_admin_result deepCopy() {
+      return new is_sentry_admin_result(this);
+    }
+
+    @Override
+    public void clear() {
+      this.success = null;
+    }
+
+    public TIsSentryAdminResponse getSuccess() {
+      return this.success;
+    }
+
+    public void setSuccess(TIsSentryAdminResponse success) {
+      this.success = success;
+    }
+
+    public void unsetSuccess() {
+      this.success = null;
+    }
+
+    /** Returns true if field success is set (has been assigned a value) and false otherwise */
+    public boolean isSetSuccess() {
+      return this.success != null;
+    }
+
+    public void setSuccessIsSet(boolean value) {
+      if (!value) {
+        this.success = null;
+      }
+    }
+
+    public void setFieldValue(_Fields field, Object value) {
+      switch (field) {
+      case SUCCESS:
+        if (value == null) {
+          unsetSuccess();
+        } else {
+          setSuccess((TIsSentryAdminResponse)value);
+        }
+        break;
+
+      }
+    }
+
+    public Object getFieldValue(_Fields field) {
+      switch (field) {
+      case SUCCESS:
+        return getSuccess();
+
+      }
+      throw new IllegalStateException();
+    }
+
+    /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+    public boolean isSet(_Fields field) {
+      if (field == null) {
+        throw new IllegalArgumentException();
+      }
+
+      switch (field) {
+      case SUCCESS:
+        return isSetSuccess();
+      }
+      throw new IllegalStateException();
+    }
+
+    @Override
+    public boolean equals(Object that) {
+      if (that == null)
+        return false;
+      if (that instanceof is_sentry_admin_result)
+        return this.equals((is_sentry_admin_result)that);
+      return false;
+    }
+
+    public boolean equals(is_sentry_admin_result that) {
+      if (that == null)
+        return false;
+
+      boolean this_present_success = true && this.isSetSuccess();
+      boolean that_present_success = true && that.isSetSuccess();
+      if (this_present_success || that_present_success) {
+        if (!(this_present_success && that_present_success))
+          return false;
+        if (!this.success.equals(that.success))
+          return false;
+      }
+
+      return true;
+    }
+
+    @Override
+    public int hashCode() {
+      List<Object> list = new ArrayList<Object>();
+
+      boolean present_success = true && (isSetSuccess());
+      list.add(present_success);
+      if (present_success)
+        list.add(success);
+
+      return list.hashCode();
+    }
+
+    @Override
+    public int compareTo(is_sentry_admin_result other) {
+      if (!getClass().equals(other.getClass())) {
+        return getClass().getName().compareTo(other.getClass().getName());
+      }
+
+      int lastComparison = 0;
+
+      lastComparison = Boolean.valueOf(isSetSuccess()).compareTo(other.isSetSuccess());
+      if (lastComparison != 0) {
+        return lastComparison;
+      }
+      if (isSetSuccess()) {
+        lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.success, other.success);
+        if (lastComparison != 0) {
+          return lastComparison;
+        }
+      }
+      return 0;
+    }
+
+    public _Fields fieldForId(int fieldId) {
+      return _Fields.findByThriftId(fieldId);
+    }
+
+    public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+      schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+    }
+
+    public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+      schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+      }
+
+    @Override
+    public String toString() {
+      StringBuilder sb = new StringBuilder("is_sentry_admin_result(");
+      boolean first = true;
+
+      sb.append("success:");
+      if (this.success == null) {
+        sb.append("null");
+      } else {
+        sb.append(this.success);
+      }
+      first = false;
+      sb.append(")");
+      return sb.toString();
+    }
+
+    public void validate() throws org.apache.thrift.TException {
+      // check for required fields
+      // check for sub-struct validity
+      if (success != null) {
+        success.validate();
+      }
+    }
+
+    private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+      try {
+        write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+      } catch (org.apache.thrift.TException te) {
+        throw new java.io.IOException(te);
+      }
+    }
+
+    private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+      try {
+        read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+      } catch (org.apache.thrift.TException te) {
+        throw new java.io.IOException(te);
+      }
+    }
+
+    private static class is_sentry_admin_resultStandardSchemeFactory implements SchemeFactory {
+      public is_sentry_admin_resultStandardScheme getScheme() {
+        return new is_sentry_admin_resultStandardScheme();
+      }
+    }
+
+    private static class is_sentry_admin_resultStandardScheme extends StandardScheme<is_sentry_admin_result> {
+
+      public void read(org.apache.thrift.protocol.TProtocol iprot, is_sentry_admin_result struct) throws org.apache.thrift.TException {
+        org.apache.thrift.protocol.TField schemeField;
+        iprot.readStructBegin();
+        while (true)
+        {
+          schemeField = iprot.readFieldBegin();
+          if (schemeField.type == org.apache.thrift.protocol.TType.STOP) { 
+            break;
+          }
+          switch (schemeField.id) {
+            case 0: // SUCCESS
+              if (schemeField.type == org.apache.thrift.protocol.TType.STRUCT) {
+                struct.success = new TIsSentryAdminResponse();
+                struct.success.read(iprot);
+                struct.setSuccessIsSet(true);
+              } else { 
+                org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+              }
+              break;
+            default:
+              org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+          }
+          iprot.readFieldEnd();
+        }
+        iprot.readStructEnd();
+        struct.validate();
+      }
+
+      public void write(org.apache.thrift.protocol.TProtocol oprot, is_sentry_admin_result struct) throws org.apache.thrift.TException {
+        struct.validate();
+
+        oprot.writeStructBegin(STRUCT_DESC);
+        if (struct.success != null) {
+          oprot.writeFieldBegin(SUCCESS_FIELD_DESC);
+          struct.success.write(oprot);
+          oprot.writeFieldEnd();
+        }
+        oprot.writeFieldStop();
+        oprot.writeStructEnd();
+      }
+
+    }
+
+    private static class is_sentry_admin_resultTupleSchemeFactory implements SchemeFactory {
+      public is_sentry_admin_resultTupleScheme getScheme() {
+        return new is_sentry_admin_resultTupleScheme();
+      }
+    }
+
+    private static class is_sentry_admin_resultTupleScheme extends TupleScheme<is_sentry_admin_result> {
+
+      @Override
+      public void write(org.apache.thrift.protocol.TProtocol prot, is_sentry_admin_result struct) throws org.apache.thrift.TException {
+        TTupleProtocol oprot = (TTupleProtocol) prot;
+        BitSet optionals = new BitSet();
+        if (struct.isSetSuccess()) {
+          optionals.set(0);
+        }
+        oprot.writeBitSet(optionals, 1);
+        if (struct.isSetSuccess()) {
+          struct.success.write(oprot);
+        }
+      }
+
+      @Override
+      public void read(org.apache.thrift.protocol.TProtocol prot, is_sentry_admin_result struct) throws org.apache.thrift.TException {
+        TTupleProtocol iprot = (TTupleProtocol) prot;
+        BitSet incoming = iprot.readBitSet(1);
+        if (incoming.get(0)) {
+          struct.success = new TIsSentryAdminResponse();
+          struct.success.read(iprot);
+          struct.setSuccessIsSet(true);
+        }
+      }
+    }
+
+  }
+
   public static class create_sentry_role_args implements org.apache.thrift.TBase<create_sentry_role_args, create_sentry_role_args._Fields>, java.io.Serializable, Cloneable, Comparable<create_sentry_role_args>   {
     private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("create_sentry_role_args");
 
diff --git a/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TIsSentryAdminRequest.java b/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TIsSentryAdminRequest.java
new file mode 100644
index 0000000..a8634bb
--- /dev/null
+++ b/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TIsSentryAdminRequest.java
@@ -0,0 +1,490 @@
+/**
+ * Autogenerated by Thrift Compiler (0.9.3)
+ *
+ * DO NOT EDIT UNLESS YOU ARE SURE THAT YOU KNOW WHAT YOU ARE DOING
+ *  @generated
+ */
+package org.apache.sentry.api.service.thrift;
+
+import org.apache.thrift.scheme.IScheme;
+import org.apache.thrift.scheme.SchemeFactory;
+import org.apache.thrift.scheme.StandardScheme;
+
+import org.apache.thrift.scheme.TupleScheme;
+import org.apache.thrift.protocol.TTupleProtocol;
+import org.apache.thrift.protocol.TProtocolException;
+import org.apache.thrift.EncodingUtils;
+import org.apache.thrift.TException;
+import org.apache.thrift.async.AsyncMethodCallback;
+import org.apache.thrift.server.AbstractNonblockingServer.*;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.EnumMap;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.EnumSet;
+import java.util.Collections;
+import java.util.BitSet;
+import java.nio.ByteBuffer;
+import java.util.Arrays;
+import javax.annotation.Generated;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+@SuppressWarnings({"cast", "rawtypes", "serial", "unchecked"})
+@Generated(value = "Autogenerated by Thrift Compiler (0.9.3)")
+public class TIsSentryAdminRequest implements org.apache.thrift.TBase<TIsSentryAdminRequest, TIsSentryAdminRequest._Fields>, java.io.Serializable, Cloneable, Comparable<TIsSentryAdminRequest> {
+  private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("TIsSentryAdminRequest");
+
+  private static final org.apache.thrift.protocol.TField PROTOCOL_VERSION_FIELD_DESC = new org.apache.thrift.protocol.TField("protocol_version", org.apache.thrift.protocol.TType.I32, (short)1);
+  private static final org.apache.thrift.protocol.TField USER_NAME_FIELD_DESC = new org.apache.thrift.protocol.TField("userName", org.apache.thrift.protocol.TType.STRING, (short)2);
+
+  private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+  static {
+    schemes.put(StandardScheme.class, new TIsSentryAdminRequestStandardSchemeFactory());
+    schemes.put(TupleScheme.class, new TIsSentryAdminRequestTupleSchemeFactory());
+  }
+
+  private int protocol_version; // required
+  private String userName; // required
+
+  /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+  public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+    PROTOCOL_VERSION((short)1, "protocol_version"),
+    USER_NAME((short)2, "userName");
+
+    private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+    static {
+      for (_Fields field : EnumSet.allOf(_Fields.class)) {
+        byName.put(field.getFieldName(), field);
+      }
+    }
+
+    /**
+     * Find the _Fields constant that matches fieldId, or null if its not found.
+     */
+    public static _Fields findByThriftId(int fieldId) {
+      switch(fieldId) {
+        case 1: // PROTOCOL_VERSION
+          return PROTOCOL_VERSION;
+        case 2: // USER_NAME
+          return USER_NAME;
+        default:
+          return null;
+      }
+    }
+
+    /**
+     * Find the _Fields constant that matches fieldId, throwing an exception
+     * if it is not found.
+     */
+    public static _Fields findByThriftIdOrThrow(int fieldId) {
+      _Fields fields = findByThriftId(fieldId);
+      if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+      return fields;
+    }
+
+    /**
+     * Find the _Fields constant that matches name, or null if its not found.
+     */
+    public static _Fields findByName(String name) {
+      return byName.get(name);
+    }
+
+    private final short _thriftId;
+    private final String _fieldName;
+
+    _Fields(short thriftId, String fieldName) {
+      _thriftId = thriftId;
+      _fieldName = fieldName;
+    }
+
+    public short getThriftFieldId() {
+      return _thriftId;
+    }
+
+    public String getFieldName() {
+      return _fieldName;
+    }
+  }
+
+  // isset id assignments
+  private static final int __PROTOCOL_VERSION_ISSET_ID = 0;
+  private byte __isset_bitfield = 0;
+  public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+  static {
+    Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+    tmpMap.put(_Fields.PROTOCOL_VERSION, new org.apache.thrift.meta_data.FieldMetaData("protocol_version", org.apache.thrift.TFieldRequirementType.REQUIRED, 
+        new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.I32)));
+    tmpMap.put(_Fields.USER_NAME, new org.apache.thrift.meta_data.FieldMetaData("userName", org.apache.thrift.TFieldRequirementType.REQUIRED, 
+        new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.STRING)));
+    metaDataMap = Collections.unmodifiableMap(tmpMap);
+    org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(TIsSentryAdminRequest.class, metaDataMap);
+  }
+
+  public TIsSentryAdminRequest() {
+    this.protocol_version = 2;
+
+  }
+
+  public TIsSentryAdminRequest(
+    int protocol_version,
+    String userName)
+  {
+    this();
+    this.protocol_version = protocol_version;
+    setProtocol_versionIsSet(true);
+    this.userName = userName;
+  }
+
+  /**
+   * Performs a deep copy on <i>other</i>.
+   */
+  public TIsSentryAdminRequest(TIsSentryAdminRequest other) {
+    __isset_bitfield = other.__isset_bitfield;
+    this.protocol_version = other.protocol_version;
+    if (other.isSetUserName()) {
+      this.userName = other.userName;
+    }
+  }
+
+  public TIsSentryAdminRequest deepCopy() {
+    return new TIsSentryAdminRequest(this);
+  }
+
+  @Override
+  public void clear() {
+    this.protocol_version = 2;
+
+    this.userName = null;
+  }
+
+  public int getProtocol_version() {
+    return this.protocol_version;
+  }
+
+  public void setProtocol_version(int protocol_version) {
+    this.protocol_version = protocol_version;
+    setProtocol_versionIsSet(true);
+  }
+
+  public void unsetProtocol_version() {
+    __isset_bitfield = EncodingUtils.clearBit(__isset_bitfield, __PROTOCOL_VERSION_ISSET_ID);
+  }
+
+  /** Returns true if field protocol_version is set (has been assigned a value) and false otherwise */
+  public boolean isSetProtocol_version() {
+    return EncodingUtils.testBit(__isset_bitfield, __PROTOCOL_VERSION_ISSET_ID);
+  }
+
+  public void setProtocol_versionIsSet(boolean value) {
+    __isset_bitfield = EncodingUtils.setBit(__isset_bitfield, __PROTOCOL_VERSION_ISSET_ID, value);
+  }
+
+  public String getUserName() {
+    return this.userName;
+  }
+
+  public void setUserName(String userName) {
+    this.userName = userName;
+  }
+
+  public void unsetUserName() {
+    this.userName = null;
+  }
+
+  /** Returns true if field userName is set (has been assigned a value) and false otherwise */
+  public boolean isSetUserName() {
+    return this.userName != null;
+  }
+
+  public void setUserNameIsSet(boolean value) {
+    if (!value) {
+      this.userName = null;
+    }
+  }
+
+  public void setFieldValue(_Fields field, Object value) {
+    switch (field) {
+    case PROTOCOL_VERSION:
+      if (value == null) {
+        unsetProtocol_version();
+      } else {
+        setProtocol_version((Integer)value);
+      }
+      break;
+
+    case USER_NAME:
+      if (value == null) {
+        unsetUserName();
+      } else {
+        setUserName((String)value);
+      }
+      break;
+
+    }
+  }
+
+  public Object getFieldValue(_Fields field) {
+    switch (field) {
+    case PROTOCOL_VERSION:
+      return getProtocol_version();
+
+    case USER_NAME:
+      return getUserName();
+
+    }
+    throw new IllegalStateException();
+  }
+
+  /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+  public boolean isSet(_Fields field) {
+    if (field == null) {
+      throw new IllegalArgumentException();
+    }
+
+    switch (field) {
+    case PROTOCOL_VERSION:
+      return isSetProtocol_version();
+    case USER_NAME:
+      return isSetUserName();
+    }
+    throw new IllegalStateException();
+  }
+
+  @Override
+  public boolean equals(Object that) {
+    if (that == null)
+      return false;
+    if (that instanceof TIsSentryAdminRequest)
+      return this.equals((TIsSentryAdminRequest)that);
+    return false;
+  }
+
+  public boolean equals(TIsSentryAdminRequest that) {
+    if (that == null)
+      return false;
+
+    boolean this_present_protocol_version = true;
+    boolean that_present_protocol_version = true;
+    if (this_present_protocol_version || that_present_protocol_version) {
+      if (!(this_present_protocol_version && that_present_protocol_version))
+        return false;
+      if (this.protocol_version != that.protocol_version)
+        return false;
+    }
+
+    boolean this_present_userName = true && this.isSetUserName();
+    boolean that_present_userName = true && that.isSetUserName();
+    if (this_present_userName || that_present_userName) {
+      if (!(this_present_userName && that_present_userName))
+        return false;
+      if (!this.userName.equals(that.userName))
+        return false;
+    }
+
+    return true;
+  }
+
+  @Override
+  public int hashCode() {
+    List<Object> list = new ArrayList<Object>();
+
+    boolean present_protocol_version = true;
+    list.add(present_protocol_version);
+    if (present_protocol_version)
+      list.add(protocol_version);
+
+    boolean present_userName = true && (isSetUserName());
+    list.add(present_userName);
+    if (present_userName)
+      list.add(userName);
+
+    return list.hashCode();
+  }
+
+  @Override
+  public int compareTo(TIsSentryAdminRequest other) {
+    if (!getClass().equals(other.getClass())) {
+      return getClass().getName().compareTo(other.getClass().getName());
+    }
+
+    int lastComparison = 0;
+
+    lastComparison = Boolean.valueOf(isSetProtocol_version()).compareTo(other.isSetProtocol_version());
+    if (lastComparison != 0) {
+      return lastComparison;
+    }
+    if (isSetProtocol_version()) {
+      lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.protocol_version, other.protocol_version);
+      if (lastComparison != 0) {
+        return lastComparison;
+      }
+    }
+    lastComparison = Boolean.valueOf(isSetUserName()).compareTo(other.isSetUserName());
+    if (lastComparison != 0) {
+      return lastComparison;
+    }
+    if (isSetUserName()) {
+      lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.userName, other.userName);
+      if (lastComparison != 0) {
+        return lastComparison;
+      }
+    }
+    return 0;
+  }
+
+  public _Fields fieldForId(int fieldId) {
+    return _Fields.findByThriftId(fieldId);
+  }
+
+  public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+    schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+  }
+
+  public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+    schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+  }
+
+  @Override
+  public String toString() {
+    StringBuilder sb = new StringBuilder("TIsSentryAdminRequest(");
+    boolean first = true;
+
+    sb.append("protocol_version:");
+    sb.append(this.protocol_version);
+    first = false;
+    if (!first) sb.append(", ");
+    sb.append("userName:");
+    if (this.userName == null) {
+      sb.append("null");
+    } else {
+      sb.append(this.userName);
+    }
+    first = false;
+    sb.append(")");
+    return sb.toString();
+  }
+
+  public void validate() throws org.apache.thrift.TException {
+    // check for required fields
+    if (!isSetProtocol_version()) {
+      throw new org.apache.thrift.protocol.TProtocolException("Required field 'protocol_version' is unset! Struct:" + toString());
+    }
+
+    if (!isSetUserName()) {
+      throw new org.apache.thrift.protocol.TProtocolException("Required field 'userName' is unset! Struct:" + toString());
+    }
+
+    // check for sub-struct validity
+  }
+
+  private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+    try {
+      write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+    } catch (org.apache.thrift.TException te) {
+      throw new java.io.IOException(te);
+    }
+  }
+
+  private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+    try {
+      // it doesn't seem like you should have to do this, but java serialization is wacky, and doesn't call the default constructor.
+      __isset_bitfield = 0;
+      read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+    } catch (org.apache.thrift.TException te) {
+      throw new java.io.IOException(te);
+    }
+  }
+
+  private static class TIsSentryAdminRequestStandardSchemeFactory implements SchemeFactory {
+    public TIsSentryAdminRequestStandardScheme getScheme() {
+      return new TIsSentryAdminRequestStandardScheme();
+    }
+  }
+
+  private static class TIsSentryAdminRequestStandardScheme extends StandardScheme<TIsSentryAdminRequest> {
+
+    public void read(org.apache.thrift.protocol.TProtocol iprot, TIsSentryAdminRequest struct) throws org.apache.thrift.TException {
+      org.apache.thrift.protocol.TField schemeField;
+      iprot.readStructBegin();
+      while (true)
+      {
+        schemeField = iprot.readFieldBegin();
+        if (schemeField.type == org.apache.thrift.protocol.TType.STOP) { 
+          break;
+        }
+        switch (schemeField.id) {
+          case 1: // PROTOCOL_VERSION
+            if (schemeField.type == org.apache.thrift.protocol.TType.I32) {
+              struct.protocol_version = iprot.readI32();
+              struct.setProtocol_versionIsSet(true);
+            } else { 
+              org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+            }
+            break;
+          case 2: // USER_NAME
+            if (schemeField.type == org.apache.thrift.protocol.TType.STRING) {
+              struct.userName = iprot.readString();
+              struct.setUserNameIsSet(true);
+            } else { 
+              org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+            }
+            break;
+          default:
+            org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+        }
+        iprot.readFieldEnd();
+      }
+      iprot.readStructEnd();
+      struct.validate();
+    }
+
+    public void write(org.apache.thrift.protocol.TProtocol oprot, TIsSentryAdminRequest struct) throws org.apache.thrift.TException {
+      struct.validate();
+
+      oprot.writeStructBegin(STRUCT_DESC);
+      oprot.writeFieldBegin(PROTOCOL_VERSION_FIELD_DESC);
+      oprot.writeI32(struct.protocol_version);
+      oprot.writeFieldEnd();
+      if (struct.userName != null) {
+        oprot.writeFieldBegin(USER_NAME_FIELD_DESC);
+        oprot.writeString(struct.userName);
+        oprot.writeFieldEnd();
+      }
+      oprot.writeFieldStop();
+      oprot.writeStructEnd();
+    }
+
+  }
+
+  private static class TIsSentryAdminRequestTupleSchemeFactory implements SchemeFactory {
+    public TIsSentryAdminRequestTupleScheme getScheme() {
+      return new TIsSentryAdminRequestTupleScheme();
+    }
+  }
+
+  private static class TIsSentryAdminRequestTupleScheme extends TupleScheme<TIsSentryAdminRequest> {
+
+    @Override
+    public void write(org.apache.thrift.protocol.TProtocol prot, TIsSentryAdminRequest struct) throws org.apache.thrift.TException {
+      TTupleProtocol oprot = (TTupleProtocol) prot;
+      oprot.writeI32(struct.protocol_version);
+      oprot.writeString(struct.userName);
+    }
+
+    @Override
+    public void read(org.apache.thrift.protocol.TProtocol prot, TIsSentryAdminRequest struct) throws org.apache.thrift.TException {
+      TTupleProtocol iprot = (TTupleProtocol) prot;
+      struct.protocol_version = iprot.readI32();
+      struct.setProtocol_versionIsSet(true);
+      struct.userName = iprot.readString();
+      struct.setUserNameIsSet(true);
+    }
+  }
+
+}
+
diff --git a/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TIsSentryAdminResponse.java b/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TIsSentryAdminResponse.java
new file mode 100644
index 0000000..143d2d4
--- /dev/null
+++ b/sentry-service/sentry-service-api/src/gen/thrift/gen-javabean/org/apache/sentry/api/service/thrift/TIsSentryAdminResponse.java
@@ -0,0 +1,493 @@
+/**
+ * Autogenerated by Thrift Compiler (0.9.3)
+ *
+ * DO NOT EDIT UNLESS YOU ARE SURE THAT YOU KNOW WHAT YOU ARE DOING
+ *  @generated
+ */
+package org.apache.sentry.api.service.thrift;
+
+import org.apache.thrift.scheme.IScheme;
+import org.apache.thrift.scheme.SchemeFactory;
+import org.apache.thrift.scheme.StandardScheme;
+
+import org.apache.thrift.scheme.TupleScheme;
+import org.apache.thrift.protocol.TTupleProtocol;
+import org.apache.thrift.protocol.TProtocolException;
+import org.apache.thrift.EncodingUtils;
+import org.apache.thrift.TException;
+import org.apache.thrift.async.AsyncMethodCallback;
+import org.apache.thrift.server.AbstractNonblockingServer.*;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.EnumMap;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.EnumSet;
+import java.util.Collections;
+import java.util.BitSet;
+import java.nio.ByteBuffer;
+import java.util.Arrays;
+import javax.annotation.Generated;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+@SuppressWarnings({"cast", "rawtypes", "serial", "unchecked"})
+@Generated(value = "Autogenerated by Thrift Compiler (0.9.3)")
+public class TIsSentryAdminResponse implements org.apache.thrift.TBase<TIsSentryAdminResponse, TIsSentryAdminResponse._Fields>, java.io.Serializable, Cloneable, Comparable<TIsSentryAdminResponse> {
+  private static final org.apache.thrift.protocol.TStruct STRUCT_DESC = new org.apache.thrift.protocol.TStruct("TIsSentryAdminResponse");
+
+  private static final org.apache.thrift.protocol.TField STATUS_FIELD_DESC = new org.apache.thrift.protocol.TField("status", org.apache.thrift.protocol.TType.STRUCT, (short)1);
+  private static final org.apache.thrift.protocol.TField IS_ADMIN_FIELD_DESC = new org.apache.thrift.protocol.TField("isAdmin", org.apache.thrift.protocol.TType.BOOL, (short)2);
+
+  private static final Map<Class<? extends IScheme>, SchemeFactory> schemes = new HashMap<Class<? extends IScheme>, SchemeFactory>();
+  static {
+    schemes.put(StandardScheme.class, new TIsSentryAdminResponseStandardSchemeFactory());
+    schemes.put(TupleScheme.class, new TIsSentryAdminResponseTupleSchemeFactory());
+  }
+
+  private org.apache.sentry.service.thrift.TSentryResponseStatus status; // required
+  private boolean isAdmin; // required
+
+  /** The set of fields this struct contains, along with convenience methods for finding and manipulating them. */
+  public enum _Fields implements org.apache.thrift.TFieldIdEnum {
+    STATUS((short)1, "status"),
+    IS_ADMIN((short)2, "isAdmin");
+
+    private static final Map<String, _Fields> byName = new HashMap<String, _Fields>();
+
+    static {
+      for (_Fields field : EnumSet.allOf(_Fields.class)) {
+        byName.put(field.getFieldName(), field);
+      }
+    }
+
+    /**
+     * Find the _Fields constant that matches fieldId, or null if its not found.
+     */
+    public static _Fields findByThriftId(int fieldId) {
+      switch(fieldId) {
+        case 1: // STATUS
+          return STATUS;
+        case 2: // IS_ADMIN
+          return IS_ADMIN;
+        default:
+          return null;
+      }
+    }
+
+    /**
+     * Find the _Fields constant that matches fieldId, throwing an exception
+     * if it is not found.
+     */
+    public static _Fields findByThriftIdOrThrow(int fieldId) {
+      _Fields fields = findByThriftId(fieldId);
+      if (fields == null) throw new IllegalArgumentException("Field " + fieldId + " doesn't exist!");
+      return fields;
+    }
+
+    /**
+     * Find the _Fields constant that matches name, or null if its not found.
+     */
+    public static _Fields findByName(String name) {
+      return byName.get(name);
+    }
+
+    private final short _thriftId;
+    private final String _fieldName;
+
+    _Fields(short thriftId, String fieldName) {
+      _thriftId = thriftId;
+      _fieldName = fieldName;
+    }
+
+    public short getThriftFieldId() {
+      return _thriftId;
+    }
+
+    public String getFieldName() {
+      return _fieldName;
+    }
+  }
+
+  // isset id assignments
+  private static final int __ISADMIN_ISSET_ID = 0;
+  private byte __isset_bitfield = 0;
+  public static final Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> metaDataMap;
+  static {
+    Map<_Fields, org.apache.thrift.meta_data.FieldMetaData> tmpMap = new EnumMap<_Fields, org.apache.thrift.meta_data.FieldMetaData>(_Fields.class);
+    tmpMap.put(_Fields.STATUS, new org.apache.thrift.meta_data.FieldMetaData("status", org.apache.thrift.TFieldRequirementType.REQUIRED, 
+        new org.apache.thrift.meta_data.StructMetaData(org.apache.thrift.protocol.TType.STRUCT, org.apache.sentry.service.thrift.TSentryResponseStatus.class)));
+    tmpMap.put(_Fields.IS_ADMIN, new org.apache.thrift.meta_data.FieldMetaData("isAdmin", org.apache.thrift.TFieldRequirementType.REQUIRED, 
+        new org.apache.thrift.meta_data.FieldValueMetaData(org.apache.thrift.protocol.TType.BOOL)));
+    metaDataMap = Collections.unmodifiableMap(tmpMap);
+    org.apache.thrift.meta_data.FieldMetaData.addStructMetaDataMap(TIsSentryAdminResponse.class, metaDataMap);
+  }
+
+  public TIsSentryAdminResponse() {
+  }
+
+  public TIsSentryAdminResponse(
+    org.apache.sentry.service.thrift.TSentryResponseStatus status,
+    boolean isAdmin)
+  {
+    this();
+    this.status = status;
+    this.isAdmin = isAdmin;
+    setIsAdminIsSet(true);
+  }
+
+  /**
+   * Performs a deep copy on <i>other</i>.
+   */
+  public TIsSentryAdminResponse(TIsSentryAdminResponse other) {
+    __isset_bitfield = other.__isset_bitfield;
+    if (other.isSetStatus()) {
+      this.status = new org.apache.sentry.service.thrift.TSentryResponseStatus(other.status);
+    }
+    this.isAdmin = other.isAdmin;
+  }
+
+  public TIsSentryAdminResponse deepCopy() {
+    return new TIsSentryAdminResponse(this);
+  }
+
+  @Override
+  public void clear() {
+    this.status = null;
+    setIsAdminIsSet(false);
+    this.isAdmin = false;
+  }
+
+  public org.apache.sentry.service.thrift.TSentryResponseStatus getStatus() {
+    return this.status;
+  }
+
+  public void setStatus(org.apache.sentry.service.thrift.TSentryResponseStatus status) {
+    this.status = status;
+  }
+
+  public void unsetStatus() {
+    this.status = null;
+  }
+
+  /** Returns true if field status is set (has been assigned a value) and false otherwise */
+  public boolean isSetStatus() {
+    return this.status != null;
+  }
+
+  public void setStatusIsSet(boolean value) {
+    if (!value) {
+      this.status = null;
+    }
+  }
+
+  public boolean isIsAdmin() {
+    return this.isAdmin;
+  }
+
+  public void setIsAdmin(boolean isAdmin) {
+    this.isAdmin = isAdmin;
+    setIsAdminIsSet(true);
+  }
+
+  public void unsetIsAdmin() {
+    __isset_bitfield = EncodingUtils.clearBit(__isset_bitfield, __ISADMIN_ISSET_ID);
+  }
+
+  /** Returns true if field isAdmin is set (has been assigned a value) and false otherwise */
+  public boolean isSetIsAdmin() {
+    return EncodingUtils.testBit(__isset_bitfield, __ISADMIN_ISSET_ID);
+  }
+
+  public void setIsAdminIsSet(boolean value) {
+    __isset_bitfield = EncodingUtils.setBit(__isset_bitfield, __ISADMIN_ISSET_ID, value);
+  }
+
+  public void setFieldValue(_Fields field, Object value) {
+    switch (field) {
+    case STATUS:
+      if (value == null) {
+        unsetStatus();
+      } else {
+        setStatus((org.apache.sentry.service.thrift.TSentryResponseStatus)value);
+      }
+      break;
+
+    case IS_ADMIN:
+      if (value == null) {
+        unsetIsAdmin();
+      } else {
+        setIsAdmin((Boolean)value);
+      }
+      break;
+
+    }
+  }
+
+  public Object getFieldValue(_Fields field) {
+    switch (field) {
+    case STATUS:
+      return getStatus();
+
+    case IS_ADMIN:
+      return isIsAdmin();
+
+    }
+    throw new IllegalStateException();
+  }
+
+  /** Returns true if field corresponding to fieldID is set (has been assigned a value) and false otherwise */
+  public boolean isSet(_Fields field) {
+    if (field == null) {
+      throw new IllegalArgumentException();
+    }
+
+    switch (field) {
+    case STATUS:
+      return isSetStatus();
+    case IS_ADMIN:
+      return isSetIsAdmin();
+    }
+    throw new IllegalStateException();
+  }
+
+  @Override
+  public boolean equals(Object that) {
+    if (that == null)
+      return false;
+    if (that instanceof TIsSentryAdminResponse)
+      return this.equals((TIsSentryAdminResponse)that);
+    return false;
+  }
+
+  public boolean equals(TIsSentryAdminResponse that) {
+    if (that == null)
+      return false;
+
+    boolean this_present_status = true && this.isSetStatus();
+    boolean that_present_status = true && that.isSetStatus();
+    if (this_present_status || that_present_status) {
+      if (!(this_present_status && that_present_status))
+        return false;
+      if (!this.status.equals(that.status))
+        return false;
+    }
+
+    boolean this_present_isAdmin = true;
+    boolean that_present_isAdmin = true;
+    if (this_present_isAdmin || that_present_isAdmin) {
+      if (!(this_present_isAdmin && that_present_isAdmin))
+        return false;
+      if (this.isAdmin != that.isAdmin)
+        return false;
+    }
+
+    return true;
+  }
+
+  @Override
+  public int hashCode() {
+    List<Object> list = new ArrayList<Object>();
+
+    boolean present_status = true && (isSetStatus());
+    list.add(present_status);
+    if (present_status)
+      list.add(status);
+
+    boolean present_isAdmin = true;
+    list.add(present_isAdmin);
+    if (present_isAdmin)
+      list.add(isAdmin);
+
+    return list.hashCode();
+  }
+
+  @Override
+  public int compareTo(TIsSentryAdminResponse other) {
+    if (!getClass().equals(other.getClass())) {
+      return getClass().getName().compareTo(other.getClass().getName());
+    }
+
+    int lastComparison = 0;
+
+    lastComparison = Boolean.valueOf(isSetStatus()).compareTo(other.isSetStatus());
+    if (lastComparison != 0) {
+      return lastComparison;
+    }
+    if (isSetStatus()) {
+      lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.status, other.status);
+      if (lastComparison != 0) {
+        return lastComparison;
+      }
+    }
+    lastComparison = Boolean.valueOf(isSetIsAdmin()).compareTo(other.isSetIsAdmin());
+    if (lastComparison != 0) {
+      return lastComparison;
+    }
+    if (isSetIsAdmin()) {
+      lastComparison = org.apache.thrift.TBaseHelper.compareTo(this.isAdmin, other.isAdmin);
+      if (lastComparison != 0) {
+        return lastComparison;
+      }
+    }
+    return 0;
+  }
+
+  public _Fields fieldForId(int fieldId) {
+    return _Fields.findByThriftId(fieldId);
+  }
+
+  public void read(org.apache.thrift.protocol.TProtocol iprot) throws org.apache.thrift.TException {
+    schemes.get(iprot.getScheme()).getScheme().read(iprot, this);
+  }
+
+  public void write(org.apache.thrift.protocol.TProtocol oprot) throws org.apache.thrift.TException {
+    schemes.get(oprot.getScheme()).getScheme().write(oprot, this);
+  }
+
+  @Override
+  public String toString() {
+    StringBuilder sb = new StringBuilder("TIsSentryAdminResponse(");
+    boolean first = true;
+
+    sb.append("status:");
+    if (this.status == null) {
+      sb.append("null");
+    } else {
+      sb.append(this.status);
+    }
+    first = false;
+    if (!first) sb.append(", ");
+    sb.append("isAdmin:");
+    sb.append(this.isAdmin);
+    first = false;
+    sb.append(")");
+    return sb.toString();
+  }
+
+  public void validate() throws org.apache.thrift.TException {
+    // check for required fields
+    if (!isSetStatus()) {
+      throw new org.apache.thrift.protocol.TProtocolException("Required field 'status' is unset! Struct:" + toString());
+    }
+
+    if (!isSetIsAdmin()) {
+      throw new org.apache.thrift.protocol.TProtocolException("Required field 'isAdmin' is unset! Struct:" + toString());
+    }
+
+    // check for sub-struct validity
+    if (status != null) {
+      status.validate();
+    }
+  }
+
+  private void writeObject(java.io.ObjectOutputStream out) throws java.io.IOException {
+    try {
+      write(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(out)));
+    } catch (org.apache.thrift.TException te) {
+      throw new java.io.IOException(te);
+    }
+  }
+
+  private void readObject(java.io.ObjectInputStream in) throws java.io.IOException, ClassNotFoundException {
+    try {
+      // it doesn't seem like you should have to do this, but java serialization is wacky, and doesn't call the default constructor.
+      __isset_bitfield = 0;
+      read(new org.apache.thrift.protocol.TCompactProtocol(new org.apache.thrift.transport.TIOStreamTransport(in)));
+    } catch (org.apache.thrift.TException te) {
+      throw new java.io.IOException(te);
+    }
+  }
+
+  private static class TIsSentryAdminResponseStandardSchemeFactory implements SchemeFactory {
+    public TIsSentryAdminResponseStandardScheme getScheme() {
+      return new TIsSentryAdminResponseStandardScheme();
+    }
+  }
+
+  private static class TIsSentryAdminResponseStandardScheme extends StandardScheme<TIsSentryAdminResponse> {
+
+    public void read(org.apache.thrift.protocol.TProtocol iprot, TIsSentryAdminResponse struct) throws org.apache.thrift.TException {
+      org.apache.thrift.protocol.TField schemeField;
+      iprot.readStructBegin();
+      while (true)
+      {
+        schemeField = iprot.readFieldBegin();
+        if (schemeField.type == org.apache.thrift.protocol.TType.STOP) { 
+          break;
+        }
+        switch (schemeField.id) {
+          case 1: // STATUS
+            if (schemeField.type == org.apache.thrift.protocol.TType.STRUCT) {
+              struct.status = new org.apache.sentry.service.thrift.TSentryResponseStatus();
+              struct.status.read(iprot);
+              struct.setStatusIsSet(true);
+            } else { 
+              org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+            }
+            break;
+          case 2: // IS_ADMIN
+            if (schemeField.type == org.apache.thrift.protocol.TType.BOOL) {
+              struct.isAdmin = iprot.readBool();
+              struct.setIsAdminIsSet(true);
+            } else { 
+              org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+            }
+            break;
+          default:
+            org.apache.thrift.protocol.TProtocolUtil.skip(iprot, schemeField.type);
+        }
+        iprot.readFieldEnd();
+      }
+      iprot.readStructEnd();
+      struct.validate();
+    }
+
+    public void write(org.apache.thrift.protocol.TProtocol oprot, TIsSentryAdminResponse struct) throws org.apache.thrift.TException {
+      struct.validate();
+
+      oprot.writeStructBegin(STRUCT_DESC);
+      if (struct.status != null) {
+        oprot.writeFieldBegin(STATUS_FIELD_DESC);
+        struct.status.write(oprot);
+        oprot.writeFieldEnd();
+      }
+      oprot.writeFieldBegin(IS_ADMIN_FIELD_DESC);
+      oprot.writeBool(struct.isAdmin);
+      oprot.writeFieldEnd();
+      oprot.writeFieldStop();
+      oprot.writeStructEnd();
+    }
+
+  }
+
+  private static class TIsSentryAdminResponseTupleSchemeFactory implements SchemeFactory {
+    public TIsSentryAdminResponseTupleScheme getScheme() {
+      return new TIsSentryAdminResponseTupleScheme();
+    }
+  }
+
+  private static class TIsSentryAdminResponseTupleScheme extends TupleScheme<TIsSentryAdminResponse> {
+
+    @Override
+    public void write(org.apache.thrift.protocol.TProtocol prot, TIsSentryAdminResponse struct) throws org.apache.thrift.TException {
+      TTupleProtocol oprot = (TTupleProtocol) prot;
+      struct.status.write(oprot);
+      oprot.writeBool(struct.isAdmin);
+    }
+
+    @Override
+    public void read(org.apache.thrift.protocol.TProtocol prot, TIsSentryAdminResponse struct) throws org.apache.thrift.TException {
+      TTupleProtocol iprot = (TTupleProtocol) prot;
+      struct.status = new org.apache.sentry.service.thrift.TSentryResponseStatus();
+      struct.status.read(iprot);
+      struct.setStatusIsSet(true);
+      struct.isAdmin = iprot.readBool();
+      struct.setIsAdminIsSet(true);
+    }
+  }
+
+}
+
diff --git a/sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClient.java b/sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClient.java
index 5fc299b..a142c47 100644
--- a/sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClient.java
+++ b/sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClient.java
@@ -27,6 +27,7 @@ import org.apache.sentry.core.common.ActiveRoleSet;
 import org.apache.sentry.core.common.Authorizable;
 
 public interface SentryPolicyServiceClient extends AutoCloseable {
+  boolean isAdmin(String userName) throws SentryUserException;
 
   void createRole(String requestorUserName, String roleName) throws SentryUserException;
 
diff --git a/sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClientDefaultImpl.java b/sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClientDefaultImpl.java
index 102228b..04540ea 100644
--- a/sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClientDefaultImpl.java
+++ b/sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClientDefaultImpl.java
@@ -106,6 +106,21 @@ public class SentryPolicyServiceClientDefaultImpl implements SentryPolicyService
   }
 
   @Override
+  public boolean isAdmin(String userName)
+    throws SentryUserException {
+    TIsSentryAdminRequest request = new TIsSentryAdminRequest();
+    request.setProtocol_version(ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT);
+    request.setUserName(userName);
+    try {
+      TIsSentryAdminResponse response = client.is_sentry_admin(request);
+      Status.throwIfNotOk(response.getStatus());
+      return response.isIsAdmin();
+    } catch (TException e) {
+      throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
+    }
+  }
+
+  @Override
   public void createRole(String requestorUserName, String roleName)
     throws SentryUserException {
     TCreateSentryRoleRequest request = new TCreateSentryRoleRequest();
diff --git a/sentry-service/sentry-service-api/src/main/resources/sentry_policy_service.thrift b/sentry-service/sentry-service-api/src/main/resources/sentry_policy_service.thrift
index 74b5b03..74837a8 100644
--- a/sentry-service/sentry-service-api/src/main/resources/sentry_policy_service.thrift
+++ b/sentry-service/sentry-service-api/src/main/resources/sentry_policy_service.thrift
@@ -62,6 +62,15 @@ struct TSentryGroup {
 1: required string groupName
 }
 
+struct TIsSentryAdminRequest {
+1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V2,
+2: required string userName,
+}
+struct TIsSentryAdminResponse {
+1: required sentry_common_service.TSentryResponseStatus status,
+2: required bool isAdmin,
+}
+
 # CREATE ROLE r1
 struct TCreateSentryRoleRequest {
 1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V2,
@@ -392,6 +401,9 @@ struct TSentryPrivilegesResponse {
 
 service SentryPolicyService
 {
+  # Check if the given user is in the Sentry admin group.
+  TIsSentryAdminResponse is_sentry_admin(1:TIsSentryAdminRequest request)
+
   TCreateSentryRoleResponse create_sentry_role(1:TCreateSentryRoleRequest request)
   TDropSentryRoleResponse drop_sentry_role(1:TDropSentryRoleRequest request)
 
diff --git a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryMetrics.java b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryMetrics.java
index 405629b..7626e2c 100644
--- a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryMetrics.java
+++ b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryMetrics.java
@@ -86,6 +86,9 @@ public final class SentryMetrics {
   private boolean gaugesAdded = false;
   private boolean sentryServiceGaugesAdded = false;
 
+  final Timer isSentryAdminTimer = METRIC_REGISTRY.timer(
+    name(SentryPolicyStoreProcessor.class, "is-sentry-admin"));
+
   final Timer createRoleTimer = METRIC_REGISTRY.timer(
       name(SentryPolicyStoreProcessor.class, "create-role"));
   final Timer dropRoleTimer = METRIC_REGISTRY.timer(
diff --git a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java
index a232923..b2731b1 100644
--- a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java
+++ b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java
@@ -209,6 +209,34 @@ public class SentryPolicyStoreProcessor implements SentryPolicyService.Iface {
   }
 
   @Override
+  public TIsSentryAdminResponse is_sentry_admin(TIsSentryAdminRequest request)
+      throws TException {
+    final Timer.Context timerContext = sentryMetrics.isSentryAdminTimer.time();
+    TIsSentryAdminResponse response = new TIsSentryAdminResponse();
+    String user = request.getUserName();
+
+    try {
+      validateClientVersion(request.getProtocol_version());
+      Set<String> groups = getRequestorGroups(user);
+      response.setIsAdmin(inAdminGroups(groups));
+      response.setStatus(Status.OK());
+    } catch (SentryThriftAPIMismatchException e) {
+      LOGGER.error(e.getMessage(), e);
+      response.setStatus(Status.THRIFT_VERSION_MISMATCH(e.getMessage(), e));
+    } catch (SentryUserException e) {
+      LOGGER.error(e.getMessage(), e);
+      response.setStatus(Status.AccessDenied(e.getMessage(), e));
+    } catch (Exception e) {
+      String msg = "Unknown error for request: " + request + ", message: " + e.getMessage();
+      LOGGER.error(msg, e);
+      response.setStatus(Status.RuntimeError(msg, e));
+    } finally {
+      timerContext.stop();
+    }
+    return response;
+  }
+
+  @Override
   public TCreateSentryRoleResponse create_sentry_role(
     TCreateSentryRoleRequest request) throws TException {
     final Timer.Context timerContext = sentryMetrics.createRoleTimer.time();
diff --git a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServiceIntegration.java b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServiceIntegration.java
index bfafa7d..2d3721d 100644
--- a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServiceIntegration.java
+++ b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryServiceIntegration.java
@@ -73,6 +73,26 @@ public class TestSentryServiceIntegration extends SentryServiceIntegrationBase {
   }
 
   @Test
+  public void testIsAdmin() throws Exception {
+    runTestAsSubject(new TestOperation() {
+      @Override
+      public void runTestAsSubject() throws Exception {
+        String requestorUserName = ADMIN_USER;
+        Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
+        setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
+        requestorUserName = "non_admin";
+        requestorUserGroupNames = Sets.newHashSet("non_admin_group");
+        setLocalGroupMapping(requestorUserName, requestorUserGroupNames);
+        writePolicyFile();
+
+        boolean admin = client.isAdmin(ADMIN_USER);
+        assertTrue(admin);
+        admin = client.isAdmin("non_admin");
+        assertTrue(!admin);
+      }});
+  }
+
+  @Test
   public void testGranRevokePrivilegeOnTableForRole() throws Exception {
     runTestAsSubject(new TestOperation(){
       @Override


Mime
View raw message