AMBARI-13814. Add (descriptive) label to permission resource and database schema (rlevas)

ambari-server/docs/api/v1/index.md

@@ -367,6 +367,11 @@ Credential resources are principal (or username) and password pairs that are tag
 
 [Credential Resources](credential-resources.md)
 
+#### permissions
+Permission resources are used to help determine authorization rights for a user.  A permission is assigned to a user by setting up a privilege relationship between a user and the permission to be projected onto some resource.  
+
+[Permission Resources](permission-resources.md)
+
 Partial Response
 ----
 

ambari-server/docs/api/v1/permission-create.md

@@ -0,0 +1,41 @@
+
+<!---
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+
+Create Permission
+=====
+
+[Back to Permission Resources](permission-resources.md)
+
+**Summary**
+
+Create a new permission resource. This operation is not supported, permissions are read-only resources.
+
+    POST /permissions/:permission_id
+
+**Response**
+
+<table>
+  <tr>
+    <th>HTTP CODE</th>
+    <th>Description</th>
+  </tr>
+  <tr>
+    <td>500</td>
+    <td>Internal Server Error</td>  
+  </tr>
+</table>

ambari-server/docs/api/v1/permission-delete.md

@@ -0,0 +1,41 @@
+
+<!---
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+
+Delete Permission
+=====
+
+[Back to Permission Resources](permission-resources.md)
+
+**Summary**
+
+Removes an existing permission resource. This operation is not supported, permissions are read-only resources.
+
+    DELETE /permissions/:permission_id
+
+**Response**
+
+<table>
+  <tr>
+    <th>HTTP CODE</th>
+    <th>Description</th>
+  </tr>
+  <tr>
+    <td>500</td>
+    <td>Internal Server Error</td>  
+  </tr>
+</table>

ambari-server/docs/api/v1/permission-get.md

@@ -0,0 +1,79 @@
+
+<!---
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+
+List Permissions
+=====
+
+[Back to Permission Resources](permission-resources.md)
+
+**Summary**
+
+Gets the details about an existing permission. 
+
+    GET /permissions/:permission_id
+
+**Response**
+
+<table>
+  <tr>
+    <th>HTTP CODE</th>
+    <th>Description</th>
+  </tr>
+  <tr>
+    <td>200</td>
+    <td>OK</td>  
+  </tr>
+  <tr>
+    <td>400</td>
+    <td>Bad Request</td>  
+  </tr>
+  <tr>
+    <td>401</td>
+    <td>Unauthorized</td>  
+  </tr>
+  <tr>
+    <td>403</td>
+    <td>Forbidden</td>  
+  </tr> 
+  <tr>
+    <td>404</td>
+    <td>Not Found</td>  
+  </tr>
+  <tr>
+    <td>500</td>
+    <td>Internal Server Error</td>  
+  </tr>
+</table>
+
+**Example**
+
+Get the permission with the permission_id of 1.
+
+    GET /permissions/1
+
+    200 OK
+    {
+      "href" : "http://your.ambari.server/api/v1/permissions/1",
+      "PermissionInfo" : {
+        "permission_id" : 1,
+        "permission_name" : "AMBARI.ADMIN",
+        "permission_label" : "Administrator",
+        "resource_name" : "AMBARI"
+      }
+    }
+    

ambari-server/docs/api/v1/permission-list.md

@@ -0,0 +1,98 @@
+
+<!---
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+
+List Permissions
+=====
+
+[Back to Permission Resources](permission-resources.md)
+
+**Summary**
+
+Returns a collection of the existing permissions.
+
+    GET /permissions
+
+**Response**
+
+<table>
+  <tr>
+    <th>HTTP CODE</th>
+    <th>Description</th>
+  </tr>
+  <tr>
+    <td>200</td>
+    <td>OK</td>  
+  </tr>
+  <tr>
+    <td>400</td>
+    <td>Bad Request</td>  
+  </tr>
+  <tr>
+    <td>401</td>
+    <td>Unauthorized</td>  
+  </tr>
+  <tr>
+    <td>403</td>
+    <td>Forbidden</td>  
+  </tr> 
+  <tr>
+    <td>404</td>
+    <td>Not Found</td>  
+  </tr>
+  <tr>
+    <td>500</td>
+    <td>Internal Server Error</td>  
+  </tr>
+</table>
+
+**Example**
+
+Get the collection of all currently stored permissions.
+
+    GET /permissions
+
+    200 OK
+    {
+      "href" : "http://your.ambari.server/api/v1/permissions",
+      "items" : [
+        {
+          "href" : "http://your.ambari.server/api/v1/permissions/1",
+          "PermissionInfo" : {
+            "permission_id" : 1
+          }
+        },
+        {
+          "href" : "http://your.ambari.server/api/v1/permissions/2",
+          "PermissionInfo" : {
+            "permission_id" : 2
+          }
+        },
+        {
+          "href" : "http://your.ambari.server/api/v1/permissions/3",
+          "PermissionInfo" : {
+            "permission_id" : 3
+          }
+        },
+        {
+          "href" : "http://your.ambari.server/api/v1/permissions/4",
+          "PermissionInfo" : {
+            "permission_id" : 4
+          }
+        }
+      ]
+    }

ambari-server/docs/api/v1/permission-resources.md

@@ -0,0 +1,60 @@
+<!---
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+
+# Permission Resources
+Permission resources help to determine access control for a user upon a resource (Ambari, a cluster, a view, etc...).
+
+###API Summary
+
+- [List permissions](permission-list.md)
+- [Get permission](permission-get.md)
+- [Create permission](permission-create.md)
+- [Update permission](permission-update.md)
+- [Delete permission](permission-delete.md)
+
+###Properties
+
+<table>
+  <tr>
+    <th>Property</th>
+    <th>Description</th>
+  </tr>
+  <tr>
+    <td>PermissionInfo/permission_id</td>
+    <td>The permission's unique id - this value may be used to uniquely identify a permission.</td>  
+  </tr>
+  <tr>
+    <td>PermissionInfo/permission_name</td>
+    <td>The permission's unique name -this value may be used to uniquely identify a permission.</td>  
+  </tr>
+  <tr>
+    <td>PermissionInfo/permission_label</td>
+    <td>The permission's descriptive label - this value may be used to present the permission in a user interface.</td>  
+  </tr>
+  <tr>
+    <td>PermissionInfo/resource_name</td>
+    <td>
+    The resource type this permission is related to. Possible values include:
+    <ul>
+    <li>AMBARI - the Ambari server, itself</li>
+    <li>CLUSTER - a cluster managed by the Ambari server</li>
+    <li>VIEW - a view managed by the Ambari server</li>
+    </ul>
+    </td>  
+  </tr>
+</table>
+

ambari-server/docs/api/v1/permission-update.md

@@ -0,0 +1,41 @@
+
+<!---
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+
+Create Permission
+=====
+
+[Back to Permission Resources](permission-resources.md)
+
+**Summary**
+
+Update an existing permission resource. This operation is not supported, permissions are read-only resources.
+
+    PUT /permissions/:permission_id
+
+**Response**
+
+<table>
+  <tr>
+    <th>HTTP CODE</th>
+    <th>Description</th>
+  </tr>
+  <tr>
+    <td>500</td>
+    <td>Internal Server Error</td>  
+  </tr>
+</table>

ambari-server/src/main/java/org/apache/ambari/server/controller/internal/PermissionResourceProvider.java

@@ -50,6 +50,7 @@ public class PermissionResourceProvider extends AbstractResourceProvider {
    */
   public static final String PERMISSION_ID_PROPERTY_ID   = "PermissionInfo/permission_id";
   public static final String PERMISSION_NAME_PROPERTY_ID = "PermissionInfo/permission_name";
+  public static final String PERMISSION_LABEL_PROPERTY_ID = "PermissionInfo/permission_label";
   public static final String RESOURCE_NAME_PROPERTY_ID   = "PermissionInfo/resource_name";
 
 
@@ -68,6 +69,7 @@ public class PermissionResourceProvider extends AbstractResourceProvider {
   static {
     propertyIds.add(PERMISSION_ID_PROPERTY_ID);
     propertyIds.add(PERMISSION_NAME_PROPERTY_ID);
+    propertyIds.add(PERMISSION_LABEL_PROPERTY_ID);
     propertyIds.add(RESOURCE_NAME_PROPERTY_ID);
   }
 
@@ -152,6 +154,7 @@ public class PermissionResourceProvider extends AbstractResourceProvider {
 
     setResourceProperty(resource, PERMISSION_ID_PROPERTY_ID, entity.getId(), requestedIds);
     setResourceProperty(resource, PERMISSION_NAME_PROPERTY_ID, entity.getPermissionName(), requestedIds);
+    setResourceProperty(resource, PERMISSION_LABEL_PROPERTY_ID, entity.getPermissionLabel(), requestedIds);
     setResourceProperty(resource, RESOURCE_NAME_PROPERTY_ID, entity.getResourceType().getName(), requestedIds);
 
     return resource;

ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PermissionEntity.java

@@ -73,6 +73,12 @@ public class PermissionEntity {
   @Column(name = "permission_name")
   private String permissionName;
 
+  /**
+   * The permission's (descriptive) label
+   */
+  @Column(name = "permission_label")
+  private String permissionLabel;
+
   @ManyToOne
   @JoinColumns({
       @JoinColumn(name = "resource_type_id", referencedColumnName = "resource_type_id", nullable = false),
@@ -118,6 +124,24 @@ public class PermissionEntity {
     this.permissionName = permissionName;
   }
 
+  /**
+   * Get the permission's label.
+   *
+   * @return the permission's label
+   */
+  public String getPermissionLabel() {
+    return permissionLabel;
+  }
+
+  /**
+   * Set the permission's label.
+   *
+   * @param permissionLabel  the permission's label
+   */
+  public void setPermissionLabel(String permissionLabel) {
+    this.permissionLabel = permissionLabel;
+  }
+
   /**
    * Get the resource type entity.
    *
@@ -148,6 +172,7 @@ public class PermissionEntity {
 
     return !(id != null ? !id.equals(that.id) : that.id != null) &&
         !(permissionName != null ? !permissionName.equals(that.permissionName) : that.permissionName != null) &&
+        !(permissionLabel != null ? !permissionLabel.equals(that.permissionLabel) : that.permissionLabel != null) &&
         !(resourceType != null ? !resourceType.equals(that.resourceType) : that.resourceType != null);
   }
 
@@ -155,6 +180,7 @@ public class PermissionEntity {
   public int hashCode() {
     int result = id != null ? id.hashCode() : 0;
     result = 31 * result + (permissionName != null ? permissionName.hashCode() : 0);
+    result = 31 * result + (permissionLabel != null ? permissionLabel.hashCode() : 0);
     result = 31 * result + (resourceType != null ? resourceType.hashCode() : 0);
     return result;
   }

ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog220.java

@@ -43,6 +43,9 @@ public class UpgradeCatalog220 extends AbstractUpgradeCatalog {
   private static final String HOST_ID_COL = "host_id";
   private static final String USER_TYPE_COL = "user_type";
 
+  private static final String ADMIN_PERMISSION_TABLE = "adminpermission";
+  private static final String PERMISSION_LABEL_COL = "permission_label";
+
   @Inject
   DaoUtils daoUtils;
 
@@ -97,6 +100,8 @@ public class UpgradeCatalog220 extends AbstractUpgradeCatalog {
 
     dbAccessor.addUniqueConstraint(USERS_TABLE, "UNQ_users_0", "user_name", "user_type");
 
+
+    updateAdminPermissionTable();
   }
 
   @Override
@@ -105,9 +110,26 @@ public class UpgradeCatalog220 extends AbstractUpgradeCatalog {
 
   @Override
   protected void executeDMLUpdates() throws AmbariException, SQLException {
+    setPermissionLabels();
   }
 
 
   // ----- UpgradeCatalog ----------------------------------------------------
 
+  private void updateAdminPermissionTable() throws SQLException {
+    // Add the permission_label column to the adminpermission table
+    dbAccessor.addColumn(ADMIN_PERMISSION_TABLE, new DBColumnInfo(PERMISSION_LABEL_COL, String.class, 255, null, true));
+  }
+
+  private void setPermissionLabels() throws SQLException {
+    String updateStatement = "UPDATE " + ADMIN_PERMISSION_TABLE + " SET " + PERMISSION_LABEL_COL + "='%s' WHERE permission_id=%d";
+
+    dbAccessor.executeUpdate(String.format(updateStatement, "Administrator", 1));
+    dbAccessor.executeUpdate(String.format(updateStatement, "Read-Only", 2));
+    dbAccessor.executeUpdate(String.format(updateStatement, "Operator", 3));
+    dbAccessor.executeUpdate(String.format(updateStatement, "Use View", 4));
+  }
+
+
+
 }

ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql

@@ -531,6 +531,7 @@ CREATE TABLE adminpermission (
   permission_id BIGINT NOT NULL,
   permission_name VARCHAR(255) NOT NULL,
   resource_type_id INTEGER NOT NULL,
+  permission_label VARCHAR(255),
   PRIMARY KEY(permission_id));
 
 CREATE TABLE adminprivilege (
@@ -990,14 +991,14 @@ insert into adminprincipal (principal_id, principal_type_id)
 insert into users(user_id, principal_id, user_name, user_password)
   select 1, 1, 'admin','538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00';
 
-insert into adminpermission(permission_id, permission_name, resource_type_id)
-  select 1, 'AMBARI.ADMIN', 1
+insert into adminpermission(permission_id, permission_name, resource_type_id, permission_label)
+  select 1, 'AMBARI.ADMIN', 1, 'Administrator'
   union all
-  select 2, 'CLUSTER.READ', 2
+  select 2, 'CLUSTER.READ', 2, 'Read-Only'
   union all
-  select 3, 'CLUSTER.OPERATE', 2
+  select 3, 'CLUSTER.OPERATE', 2, 'Operator'
   union all
-  select 4, 'VIEW.USE', 3;
+  select 4, 'VIEW.USE', 3, 'Use View';
 
 insert into adminprivilege (privilege_id, permission_id, resource_id, principal_id)
   select 1, 1, 1, 1;

ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql

@@ -520,6 +520,7 @@ CREATE TABLE adminpermission (
   permission_id NUMBER(19) NOT NULL,
   permission_name VARCHAR(255) NOT NULL,
   resource_type_id NUMBER(10) NOT NULL,
+  permission_label VARCHAR(255),
   PRIMARY KEY(permission_id));
 
 CREATE TABLE adminprivilege (
@@ -982,14 +983,14 @@ insert into adminprincipal (principal_id, principal_type_id)
 insert into users(user_id, principal_id, user_name, user_password)
 select 1,1,'admin','538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00' from dual;
 
-insert into adminpermission(permission_id, permission_name, resource_type_id)
-  select 1, 'AMBARI.ADMIN', 1 from dual
+insert into adminpermission(permission_id, permission_name, resource_type_id, permission_label)
+  select 1, 'AMBARI.ADMIN', 1, 'Administrator' from dual
   union all
-  select 2, 'CLUSTER.READ', 2 from dual
+  select 2, 'CLUSTER.READ', 2, 'Read-Only' from dual
   union all
-  select 3, 'CLUSTER.OPERATE', 2 from dual
+  select 3, 'CLUSTER.OPERATE', 2, 'Operator' from dual
   union all
-  select 4, 'VIEW.USE', 3 from dual;
+  select 4, 'VIEW.USE', 3, 'Use View' from dual;
 
 insert into adminprivilege (privilege_id, permission_id, resource_id, principal_id)
   select 1, 1, 1, 1 from dual;

ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql

@@ -523,6 +523,7 @@ CREATE TABLE adminpermission (
   permission_id BIGINT NOT NULL,
   permission_name VARCHAR(255) NOT NULL,
   resource_type_id INTEGER NOT NULL,
+  permission_label VARCHAR(255),
   PRIMARY KEY(permission_id));
 
 CREATE TABLE adminprivilege (
@@ -1026,14 +1027,14 @@ INSERT INTO adminprincipal (principal_id, principal_type_id)
 INSERT INTO Users (user_id, principal_id, user_name, user_password)
   SELECT 1, 1, 'admin', '538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00';
 
-INSERT INTO adminpermission(permission_id, permission_name, resource_type_id)
-  SELECT 1, 'AMBARI.ADMIN', 1
+insert into adminpermission(permission_id, permission_name, resource_type_id, permission_label)
+  SELECT 1, 'AMBARI.ADMIN', 1, 'Administrator'
   UNION ALL
-  SELECT 2, 'CLUSTER.READ', 2
+  SELECT 2, 'CLUSTER.READ', 2, 'Read-Only'
   UNION ALL
-  SELECT 3, 'CLUSTER.OPERATE', 2
+  SELECT 3, 'CLUSTER.OPERATE', 2, 'Operator'
   UNION ALL
-  SELECT 4, 'VIEW.USE', 3;
+  SELECT 4, 'VIEW.USE', 3, 'Use View';
 
 INSERT INTO adminprivilege (privilege_id, permission_id, resource_id, principal_id)
   SELECT 1, 1, 1, 1;

ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql

@@ -584,6 +584,7 @@ CREATE TABLE ambari.adminpermission (
   permission_id BIGINT NOT NULL,
   permission_name VARCHAR(255) NOT NULL,
   resource_type_id INTEGER NOT NULL,
+  permission_label VARCHAR(255),
   PRIMARY KEY(permission_id));
 
 CREATE TABLE ambari.adminprivilege (
@@ -1122,14 +1123,14 @@ INSERT INTO ambari.adminprincipal (principal_id, principal_type_id)
 INSERT INTO ambari.Users (user_id, principal_id, user_name, user_password)
   SELECT 1, 1, 'admin', '538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00';
 
-INSERT INTO ambari.adminpermission(permission_id, permission_name, resource_type_id)
-  SELECT 1, 'AMBARI.ADMIN', 1
+insert into ambari.adminpermission(permission_id, permission_name, resource_type_id, permission_label)
+  SELECT 1, 'AMBARI.ADMIN', 1, 'Administrator'
   UNION ALL
-  SELECT 2, 'CLUSTER.READ', 2
+  SELECT 2, 'CLUSTER.READ', 2, 'Read-Only'
   UNION ALL
-  SELECT 3, 'CLUSTER.OPERATE', 2
+  SELECT 3, 'CLUSTER.OPERATE', 2, 'Operator'
   UNION ALL
-  SELECT 4, 'VIEW.USE', 3;
+  SELECT 4, 'VIEW.USE', 3, 'Use View';
 
 INSERT INTO ambari.adminprivilege (privilege_id, permission_id, resource_id, principal_id)
   SELECT 1, 1, 1, 1;

ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql

@@ -520,6 +520,7 @@ CREATE TABLE adminpermission (
   permission_id NUMERIC(19) NOT NULL,
   permission_name VARCHAR(255) NOT NULL,
   resource_type_id INTEGER NOT NULL,
+  permission_label VARCHAR(255),
   PRIMARY KEY(permission_id));
 
 CREATE TABLE adminprivilege (
@@ -978,14 +979,14 @@ insert into adminprincipal (principal_id, principal_type_id)
 insert into users(user_id, principal_id, user_name, user_password)
   select 1, 1, 'admin','538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00';
 
-insert into adminpermission(permission_id, permission_name, resource_type_id)
-  select 1, 'AMBARI.ADMIN', 1
+insert into adminpermission(permission_id, permission_name, resource_type_id, permission_label)
+  select 1, 'AMBARI.ADMIN', 1, 'Administrator'
   union all
-  select 2, 'CLUSTER.READ', 2
+  select 2, 'CLUSTER.READ', 2, 'Read-Only'
   union all
-  select 3, 'CLUSTER.OPERATE', 2
+  select 3, 'CLUSTER.OPERATE', 2, 'Operator'
   union all
-  select 4, 'VIEW.USE', 3;
+  select 4, 'VIEW.USE', 3, 'Use View';
 
 insert into adminprivilege (privilege_id, permission_id, resource_id, principal_id)
   select 1, 1, 1, 1;

ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql

@@ -617,6 +617,7 @@ CREATE TABLE adminpermission (
   permission_id BIGINT NOT NULL,
   permission_name VARCHAR(255) NOT NULL,
   resource_type_id INTEGER NOT NULL,
+  permission_label VARCHAR(255),
   PRIMARY KEY CLUSTERED (permission_id)
   );
 
@@ -1094,12 +1095,12 @@ BEGIN TRANSACTION
   insert into users(user_id, principal_id, user_name, user_password)
     select 1, 1, 'admin','538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00';
 
-  insert into adminpermission(permission_id, permission_name, resource_type_id)
+  insert into adminpermission(permission_id, permission_name, resource_type_id, permission_label)
   values
-    (1, 'AMBARI.ADMIN', 1),
-    (2, 'CLUSTER.READ', 2),
-    (3, 'CLUSTER.OPERATE', 2),
-    (4, 'VIEW.USE', 3);
+    (1, 'AMBARI.ADMIN', 1, 'Administrator'),
+    (2, 'CLUSTER.READ', 2, 'Read-Only'),
+    (3, 'CLUSTER.OPERATE', 2, 'Operator'),
+    (4, 'VIEW.USE', 3, 'Use View');
 
   insert into adminprivilege (privilege_id, permission_id, resource_id, principal_id)
     select 1, 1, 1, 1;

ambari-server/src/test/java/org/apache/ambari/server/controller/internal/PermissionResourceProviderTest.java

@@ -83,6 +83,7 @@ public class PermissionResourceProviderTest {
     expect(dao.findAll()).andReturn(permissionEntities);
     expect(permissionEntity.getId()).andReturn(99);
     expect(permissionEntity.getPermissionName()).andReturn("AMBARI.ADMIN");
+    expect(permissionEntity.getPermissionLabel()).andReturn("Administrator");
     expect(permissionEntity.getResourceType()).andReturn(resourceTypeEntity);
     expect(resourceTypeEntity.getName()).andReturn("AMBARI");
 
@@ -95,6 +96,7 @@ public class PermissionResourceProviderTest {
 
     Assert.assertEquals(99, resource.getPropertyValue(PermissionResourceProvider.PERMISSION_ID_PROPERTY_ID));
     Assert.assertEquals("AMBARI.ADMIN", resource.getPropertyValue(PermissionResourceProvider.PERMISSION_NAME_PROPERTY_ID));
+    Assert.assertEquals("Administrator", resource.getPropertyValue(PermissionResourceProvider.PERMISSION_LABEL_PROPERTY_ID));
     Assert.assertEquals("AMBARI", resource.getPropertyValue(PermissionResourceProvider.RESOURCE_NAME_PROPERTY_ID));
     verify(dao, permissionEntity, resourceTypeEntity);
   }

ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog220Test.java

@@ -24,6 +24,7 @@ import static org.easymock.EasyMock.expect;
 import static org.easymock.EasyMock.expectLastCall;
 import static org.easymock.EasyMock.replay;
 import static org.easymock.EasyMock.verify;
+import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
 
 import java.lang.reflect.Field;
@@ -32,6 +33,7 @@ import org.apache.ambari.server.configuration.Configuration;
 import org.apache.ambari.server.orm.DBAccessor;
 import org.apache.ambari.server.state.stack.OsFamily;
 import org.easymock.Capture;
+import org.easymock.EasyMock;
 import org.junit.Assert;
 import org.junit.Test;
 
@@ -55,8 +57,10 @@ public class UpgradeCatalog220Test {
     expect(configuration.getDatabaseUrl()).andReturn(Configuration.JDBC_IN_MEMORY_URL).anyTimes();
 
     Capture<DBAccessor.DBColumnInfo> columnCapture = new Capture<DBAccessor.DBColumnInfo>();
+    Capture<DBAccessor.DBColumnInfo> columnCapturePermissionLabel = EasyMock.newCapture();
 
     dbAccessor.alterColumn(eq("host_role_command"), capture(columnCapture));
+    dbAccessor.addColumn(eq("adminpermission"), capture(columnCapturePermissionLabel));
     expectLastCall();
 
 
@@ -71,6 +75,11 @@ public class UpgradeCatalog220Test {
     verify(dbAccessor, configuration);
 
     assertTrue(columnCapture.getValue().isNullable());
+
+    assertEquals(columnCapturePermissionLabel.getValue().getName(), "permission_label");
+    assertEquals(columnCapturePermissionLabel.getValue().getType(), String.class);
+    assertEquals(columnCapturePermissionLabel.getValue().getLength(), Integer.valueOf(255));
+    assertEquals(columnCapturePermissionLabel.getValue().isNullable(), true);
   }
 
   @Test
@@ -78,7 +87,18 @@ public class UpgradeCatalog220Test {
     final DBAccessor dbAccessor     = createNiceMock(DBAccessor.class);
     UpgradeCatalog220 upgradeCatalog = (UpgradeCatalog220) getUpgradeCatalog(dbAccessor);
 
+    expect(dbAccessor.executeUpdate("UPDATE adminpermission SET permission_label='Administrator' WHERE permission_id=1"))
+    .andReturn(1).once();
+    expect(dbAccessor.executeUpdate("UPDATE adminpermission SET permission_label='Read-Only' WHERE permission_id=2"))
+    .andReturn(1).once();
+    expect(dbAccessor.executeUpdate("UPDATE adminpermission SET permission_label='Operator' WHERE permission_id=3"))
+    .andReturn(1).once();
+    expect(dbAccessor.executeUpdate("UPDATE adminpermission SET permission_label='Use View' WHERE permission_id=4"))
+    .andReturn(1).once();
+
+    replay(dbAccessor);
     upgradeCatalog.executeDMLUpdates();
+    verify(dbAccessor);
   }
 
   @Test