ATLAS-497 Simple Authorization (saqeeb.s via yhemanth)

a963e980 · Hemanth Yamijala · 34f51a2a · a963e980 · a963e980 · a963e980
Commit a963e980 authored 8 years ago by Hemanth Yamijala
22 changed files
--- a/distro/src/conf/atlas-application.properties
+++ b/distro/src/conf/atlas-application.properties
@@ -124,3 +124,6 @@ atlas.login.method=FILE
 ### File path of users-credentials
 atlas.login.credentials.file=${sys:atlas.home}/conf/users-credentials.properties

+#########POLICY FILE PATH #########
+atlas.auth.policy.file=${sys:atlas.home}/conf/policy-store.txt
+
--- a/distro/src/conf/policy-store.txt
+++ b/distro/src/conf/policy-store.txt
+##Policy Format
+##r-READ, w-WRITE, u-UPDATE, d-DELETE
+##Policy_Name;;User_Name1:Operations_Allowed,User_Name2:Operations_Allowed;;Group_Name1:Operations_Allowed,Group_Name2:Operations_Allowed;;Resource_Type1:Resource_Name,Resource_Type2:Resource_Name
+##
+adminPolicy;;admin:rwud;;ROLE_ADMIN:rwud;;type:*,entity:*,operation:*
+typeReadPolicy;;nixon:rw;;;;type:*,entity:*
+classReadPolicy;;saqeeb:r;;;;type:*,entity:*
+dataScientistPolicy;;;;DATA_SCIENTIST:r;;type:*,entity:*
+dataStewardPolicy;;;;DATA_STEWARD:rwu;;type:*,entity:*
--- a/pom.xml
+++ b/pom.xml
@@ -1668,6 +1668,7 @@
                        <!-- atlas data directory creates when tests are run from IDE -->
                        <exclude>**/atlas.data/**</exclude>
                        <exclude>**/${sys:atlas.data}/**</exclude>
+                        <exclude>**/policy-store.txt</exclude>
                    </excludes>
                </configuration>
                <executions>

--- a/release-log.txt
+++ b/release-log.txt
@@ -3,6 +3,7 @@ Apache Atlas Release Notes

 --trunk - unreleased
 INCOMPATIBLE CHANGES:
+ATLAS-497 Simple Authorization (saqeeb.s via yhemanth)
 ATLAS-661 REST API Authentication (nixonrodrigues via yhemanth)
 ATLAS-672 UI: Make dashboard v2 the default UI implementation (bergenholtz via yhemanth)
 ATLAS-532 Change Data types of all timestamps in Hive model(currently long)(sumasai via yhemanth)

--- a/webapp/src/main/java/org/apache/atlas/authorize/AtlasAccessRequest.java
+++ b/webapp/src/main/java/org/apache/atlas/authorize/AtlasAccessRequest.java
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.atlas.authorize;
+
+import java.util.Date;
+import java.util.List;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class AtlasAccessRequest {
+
+    private static Logger LOG = LoggerFactory.getLogger(AtlasAccessRequest.class);
+    private static boolean isDebugEnabled = LOG.isDebugEnabled();
+    private List<AtlasResourceTypes> resourceType = null;
+    private String resource = null;
+    private AtlasActionTypes action = null;
+    private String user = null;
+    private List<String> userGroups = null;
+    private Date accessTime = null;
+    private String clientIPAddress = null;
+
+    public AtlasAccessRequest(List<AtlasResourceTypes> resourceType, String resource, AtlasActionTypes action,
+        String user, List<String> userGroups) {
+        if (isDebugEnabled) {
+            LOG.debug("<== AtlasAccessRequestImpl-- Initializing AtlasAccessRequest");
+        }
+        setResource(resource);
+        setAction(action);
+        setUser(user);
+        setUserGroups(userGroups);
+        setResourceType(resourceType);
+
+        // set remaining fields to default value
+        setAccessTime(null);
+        setClientIPAddress(null);
+    }
+
+    public List<AtlasResourceTypes> getResourceTypes() {
+        return resourceType;
+    }
+
+    public void setResourceType(List<AtlasResourceTypes> resourceType) {
+        this.resourceType = resourceType;
+    }
+
+    public String getResource() {
+        return resource;
+    }
+
+    public void setResource(String resource) {
+        this.resource = resource;
+    }
+
+    public AtlasActionTypes getAction() {
+        return action;
+    }
+
+    public void setAction(AtlasActionTypes action) {
+        this.action = action;
+    }
+
+    public String getUser() {
+        return user;
+    }
+
+    public void setUser(String user) {
+        this.user = user;
+    }
+
+    public void setUserGroups(List<String> userGroups) {
+        this.userGroups = userGroups;
+    }
+
+    public List<String> getUserGroups() {
+        return userGroups;
+    }
+
+    public Date getAccessTime() {
+        return accessTime;
+    }
+
+    public void setAccessTime(Date accessTime) {
+        this.accessTime = accessTime;
+    }
+
+    public String getClientIPAddress() {
+        return clientIPAddress;
+    }
+
+    public void setClientIPAddress(String clientIPAddress) {
+        this.clientIPAddress = clientIPAddress;
+    }
+
+    @Override
+    public String toString() {
+        return "AtlasAccessRequest [resourceType=" + resourceType + ", resource=" + resource + ", action=" + action
+            + ", user=" + user + ", userGroups=" + userGroups + ", accessTime=" + accessTime + ", clientIPAddress="
+            + clientIPAddress + "]";
+    }
+
+}
--- a/webapp/src/main/java/org/apache/atlas/authorize/AtlasAccessorTypes.java
+++ b/webapp/src/main/java/org/apache/atlas/authorize/AtlasAccessorTypes.java
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.atlas.authorize;
+
+public enum AtlasAccessorTypes {
+    USER, GROUP;
+}
--- a/webapp/src/main/java/org/apache/atlas/authorize/AtlasActionTypes.java
+++ b/webapp/src/main/java/org/apache/atlas/authorize/AtlasActionTypes.java
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.atlas.authorize;
+
+public enum AtlasActionTypes {
+    READ, WRITE, UPDATE, DELETE;
+}
--- a/webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizationException.java
+++ b/webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizationException.java
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.atlas.authorize;
+
+public class AtlasAuthorizationException extends Exception {
+    private static final long serialVersionUID = 1L;
+
+    public AtlasAuthorizationException() {
+
+    }
+
+    public AtlasAuthorizationException(String message) {
+        super(message);
+    }
+
+    public AtlasAuthorizationException(String message, Throwable exception) {
+        super(message, exception);
+    }
+
+    public AtlasAuthorizationException(String message, Throwable exception, boolean enableSuppression,
+        boolean writableStackTrace) {
+        super(message, exception, enableSuppression, writableStackTrace);
+    }
+}
--- a/webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizationUtils.java
+++ b/webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizationUtils.java
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.atlas.authorize;
+
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.List;
+import java.util.List;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.atlas.AtlasClient;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.common.base.Strings;
+
+public class AtlasAuthorizationUtils {
+    private static final Logger LOG = LoggerFactory.getLogger(AtlasAuthorizationUtils.class);
+    private static boolean isDebugEnabled = LOG.isDebugEnabled();
+    private static final String BASE_URL = "/" + AtlasClient.BASE_URI;
+
+    public static String parse(String fullPath, String subPath) {
+        String api = null;
+        if (!Strings.isNullOrEmpty(fullPath)) {
+            api = fullPath.substring(subPath.length(), fullPath.length());
+
+        }
+        if (isDebugEnabled) {
+            LOG.debug("Extracted " + api + " from path : " + fullPath);
+        }
+        return api;
+    }
+
+    public static String getApi(String u) {
+        if (isDebugEnabled) {
+            LOG.debug("getApi <=== from " + u);
+        }
+        if (u.startsWith(BASE_URL)) {
+            u = parse(u, BASE_URL);
+        }
+        String[] split = u.split("/");
+        return split[0];
+    }
+
+    public static AtlasActionTypes getAtlasAction(String method) {
+        AtlasActionTypes action = null;
+
+        switch (method.toUpperCase()) {
+            case "POST":
+                action = AtlasActionTypes.WRITE;
+                break;
+            case "GET":
+                action = AtlasActionTypes.READ;
+                break;
+            case "PUT":
+                action = AtlasActionTypes.UPDATE;
+                break;
+            case "DELETE":
+                action = AtlasActionTypes.DELETE;
+                break;
+            default:
+                if (isDebugEnabled) {
+                    LOG.debug("Invalid HTTP method in request : " + method + " this is serious!!!");
+                }
+                break;
+        }
+
+        if (isDebugEnabled) {
+            LOG.debug("==> AtlasAuthorizationFilter getAtlasAction HTTP Method " + method + " mapped to AtlasAction : "
+                + action);
+        }
+        return action;
+    }
+
+    public static List<AtlasResourceTypes> getAtlasResourceType(String contextPath) throws ServletException {
+        List<AtlasResourceTypes> resourceTypes = new ArrayList<AtlasResourceTypes>();
+        if (isDebugEnabled) {
+            LOG.debug("getAtlasResourceType <=== for " + contextPath);
+        }
+        String api = getApi(contextPath);
+
+        if (api.startsWith("types")) {
+            resourceTypes.add(AtlasResourceTypes.TYPE);
+        } else if ((api.startsWith("discovery") && api.contains("gremlin")) || api.startsWith("admin")
+            || api.startsWith("graph")) {
+            resourceTypes.add(AtlasResourceTypes.OPERATION);
+        } else if ((api.startsWith("entities") && contextPath.contains("traits")) || api.startsWith("discovery")) {
+            resourceTypes.add(AtlasResourceTypes.ENTITY);
+            resourceTypes.add(AtlasResourceTypes.TYPE);
+        } else if (api.startsWith("entities") || api.startsWith("lineage")) {
+            resourceTypes.add(AtlasResourceTypes.ENTITY);
+        } else {
+            LOG.error("Unable to find Atlas Resource corresponding to : " + api);
+            throw new ServletException("Unable to find Atlas Resource corresponding to : " + api);
+        }
+
+        if (isDebugEnabled) {
+            LOG.debug("Returning AtlasResources " + resourceTypes + " for api " + api);
+        }
+        return resourceTypes;
+    }
+
+    /*
+     * This implementation will be changed for Resource level Authorization.
+     */
+    public static String getAtlasResource(HttpServletRequest requeset, AtlasActionTypes action) {
+        if (isDebugEnabled) {
+            LOG.debug("getAtlasResource <=== "
+                + "This implementation will be changed for Resource level Authorization.");
+        }
+        return "*";
+    }
+
+}
--- a/webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizer.java
+++ b/webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizer.java
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.atlas.authorize;
+
+
+public interface AtlasAuthorizer {
+    /**
+     * This method will load the policy file and would initialize the required data-structures.
+     */
+    public void init();
+
+    /**
+     * This method is responsible to perform the actual authorization for every REST API call. It will check the if the
+     * user:u can perform action:a on resource:r.
+     * 
+     * @param request
+     * @return
+     */
+    public boolean isAccessAllowed(AtlasAccessRequest request) throws AtlasAuthorizationException;
+
+    /**
+     * This method is responsible to perform the cleanup and release activities. It must be called when you are done
+     * with the Authorization activity and once it's called a restart would be required. Try to invoke this while
+     * destroying the context.
+     */
+    public void cleanUp();
+}
--- a/webapp/src/main/java/org/apache/atlas/authorize/AtlasResourceTypes.java
+++ b/webapp/src/main/java/org/apache/atlas/authorize/AtlasResourceTypes.java
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.atlas.authorize;
+
+public enum AtlasResourceTypes {
+    ENTITY, TYPE, OPERATION;
+}
--- a/webapp/src/main/java/org/apache/atlas/authorize/PolicyDef.java
+++ b/webapp/src/main/java/org/apache/atlas/authorize/PolicyDef.java
+/** Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.atlas.authorize;
+
+import java.util.List;
+import java.util.Map;
+
+public class PolicyDef {
+
+    private String policyName;
+    private Map<String, List<AtlasActionTypes>> users;
+    private Map<String, List<AtlasActionTypes>> groups;
+    private Map<AtlasResourceTypes, List<String>> resources;
+
+    public String getPolicyName() {
+        return policyName;
+    }
+
+    public void setPolicyName(String policyName) {
+        this.policyName = policyName;
+    }
+
+    public Map<String, List<AtlasActionTypes>> getUsers() {
+        return users;
+    }
+
+    public void setUsers(Map<String, List<AtlasActionTypes>> users) {
+        this.users = users;
+    }
+
+    public Map<String, List<AtlasActionTypes>> getGroups() {
+        return groups;
+    }
+
+    public void setGroups(Map<String, List<AtlasActionTypes>> groups) {
+        this.groups = groups;
+    }
+
+    public Map<AtlasResourceTypes, List<String>> getResources() {
+        return resources;
+    }
+
+    public void setResources(Map<AtlasResourceTypes, List<String>> resources) {
+        this.resources = resources;
+    }
+
+    @Override
+    public String toString() {
+        return "PolicyDef [policyName=" + policyName + ", users=" + users + ", groups=" + groups + ", resources="
+            + resources + "]";
+    }
+
+}
--- a/webapp/src/main/java/org/apache/atlas/authorize/PolicyParser.java
+++ b/webapp/src/main/java/org/apache/atlas/authorize/PolicyParser.java
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.atlas.authorize;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.regex.Pattern;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class PolicyParser {
+
+    private static Logger LOG = LoggerFactory.getLogger(PolicyParser.class);
+    private static boolean isDebugEnabled = LOG.isDebugEnabled();
+    public static final int POLICYNAME = 0;
+
+    public static final int USER_INDEX = 1;
+    public static final int USERNAME = 0;
+    public static final int USER_AUTHORITIES = 1;
+
+    public static final int GROUP_INDEX = 2;
+    public static final int GROUPNAME = 0;
+    public static final int GROUP_AUTHORITIES = 1;
+
+    public static final int RESOURCE_INDEX = 3;
+    public static final int RESOURCE_TYPE = 0;
+    public static final int RESOURCE_NAME = 1;
+
+    private List<AtlasActionTypes> getListOfAutorities(String auth) {
+        if (isDebugEnabled) {
+            LOG.debug("<== PolicyParser getListOfAutorities");
+        }
+        List<AtlasActionTypes> authorities = new ArrayList<AtlasActionTypes>();
+
+        for (int i = 0; i < auth.length(); i++) {
+            char access = auth.toLowerCase().charAt(i);
+            switch (access) {
+                case 'r':
+                    authorities.add(AtlasActionTypes.READ);
+                    break;
+                case 'w':
+                    authorities.add(AtlasActionTypes.WRITE);
+                    break;
+                case 'u':
+                    authorities.add(AtlasActionTypes.UPDATE);
+                    break;
+                case 'd':
+                    authorities.add(AtlasActionTypes.DELETE);
+                    break;
+
+                default:
+                    if (LOG.isErrorEnabled()) {
+                        LOG.error("Invalid Action");
+                    }
+                    break;
+            }
+        }
+        if (isDebugEnabled) {
+            LOG.debug("==> PolicyParser getListOfAutorities");
+        }
+        return authorities;
+    }
+
+    public List<PolicyDef> parsePolicies(List<String> policies) {
+        if (isDebugEnabled) {
+            LOG.debug("<== PolicyParser parsePolicies");
+        }
+        List<PolicyDef> policyDefs = new ArrayList<PolicyDef>();
+        for (String policy : policies) {
+            PolicyDef policyDef = parsePolicy(policy);
+            policyDefs.add(policyDef);
+        }
+        if (isDebugEnabled) {
+            LOG.debug("==> PolicyParser parsePolicies");
+            LOG.debug(policyDefs.toString());
+        }
+        return policyDefs;
+    }
+
+    private PolicyDef parsePolicy(String data) {
+        if (isDebugEnabled) {
+            LOG.debug("<== PolicyParser parsePolicy");
+        }
+        PolicyDef def = new PolicyDef();
+        String[] props = data.split(";;");
+        def.setPolicyName(props[POLICYNAME]);
+        parseUsers(props[USER_INDEX], def);
+        parseGroups(props[GROUP_INDEX], def);
+        parseResources(props[RESOURCE_INDEX], def);
+        if (isDebugEnabled) {
+            LOG.debug("policy successfully parsed!!!");
+            LOG.debug("==> PolicyParser parsePolicy");
+        }
+        return def;
+    }
+
+    private boolean validateEntity(String entity) {
+        if (isDebugEnabled) {
+            LOG.debug("<== PolicyParser validateEntity");
+        }
+        boolean isValidEntity = Pattern.matches("(.+:.+)+", entity);
+        boolean isEmpty = entity.isEmpty();
+        if (isValidEntity == false || isEmpty == true) {
+            if (isDebugEnabled) {
+                LOG.debug("group/user/resource not properly define in Policy");
+                LOG.debug("==> PolicyParser validateEntity");
+            }
+            return false;
+        } else {
+            if (isDebugEnabled) {
+                LOG.debug("==> PolicyParser validateEntity");
+            }
+            return true;
+        }
+
+    }
+
+    private void parseUsers(String usersDef, PolicyDef def) {
+        if (isDebugEnabled) {
+            LOG.debug("<== PolicyParser parseUsers");
+        }
+        String[] users = usersDef.split(",");
+        String[] userAndRole = null;
+        Map<String, List<AtlasActionTypes>> usersMap = new HashMap<String, List<AtlasActionTypes>>();
+        if (validateEntity(usersDef)) {
+            for (String user : users) {
+                if (!Pattern.matches("(.+:.+)+", user)) {
+                    continue;
+                }
+                userAndRole = user.split(":");
+                if (def.getUsers() != null) {
+                    usersMap = def.getUsers();
+                }
+                List<AtlasActionTypes> userAutorities = usersMap.get(userAndRole[USERNAME]);
+                if (userAutorities == null) {
+
+                    userAutorities = new ArrayList<AtlasActionTypes>();
+                }
+                userAutorities = getListOfAutorities(userAndRole[USER_AUTHORITIES]);
+                usersMap.put(userAndRole[USERNAME], userAutorities);
+                def.setUsers(usersMap);
+            }
+
+        } else {
+            def.setUsers(usersMap);
+        }
+        if (isDebugEnabled) {
+            LOG.debug("==> PolicyParser parseUsers");
+        }
+    }
+
+    private void parseGroups(String groupsDef, PolicyDef def) {
+        if (isDebugEnabled) {
+            LOG.debug("<== PolicyParser parseGroups");
+        }
+        String[] groups = groupsDef.split("\\,");
+        String[] groupAndRole = null;
+        Map<String, List<AtlasActionTypes>> groupsMap = new HashMap<String, List<AtlasActionTypes>>();
+        if (validateEntity(groupsDef.trim())) {
+            for (String group : groups) {
+                if (!Pattern.matches("(.+:.+)+", group)) {
+                    continue;
+                }
+                groupAndRole = group.split("[:]");
+                if (def.getGroups() != null) {
+                    groupsMap = def.getGroups();
+                }
+                List<AtlasActionTypes> groupAutorities = groupsMap.get(groupAndRole[GROUPNAME]);
+                if (groupAutorities == null) {
+                    groupAutorities = new ArrayList<AtlasActionTypes>();
+                }
+                groupAutorities = getListOfAutorities(groupAndRole[GROUP_AUTHORITIES]);
+                groupsMap.put(groupAndRole[GROUPNAME], groupAutorities);
+                def.setGroups(groupsMap);
+            }
+
+        } else {
+            def.setGroups(groupsMap);
+        }
+        if (isDebugEnabled) {
+            LOG.debug("==> PolicyParser parseGroups");
+        }
+
+    }
+
+    private void parseResources(String resourceDef, PolicyDef def) {
+        if (isDebugEnabled) {
+            LOG.debug("<== PolicyParser parseResources");
+        }
+        String[] resources = resourceDef.split(",");
+        String[] resourceTypeAndName = null;
+        Map<AtlasResourceTypes, List<String>> resourcesMap = new HashMap<AtlasResourceTypes, List<String>>();
+        if (validateEntity(resourceDef)) {
+            for (String resource : resources) {
+                if (!Pattern.matches("(.+:.+)+", resource)) {
+                    continue;
+                }
+                resourceTypeAndName = resource.split("[:]");
+                if (def.getResources() != null) {
+                    resourcesMap = def.getResources();
+                }
+                AtlasResourceTypes resourceType =
+                    AtlasResourceTypes.valueOf(resourceTypeAndName[RESOURCE_TYPE].toUpperCase());
+                List<String> resourceList = resourcesMap.get(resourceType);
+                if (resourceList == null) {
+                    resourceList = new ArrayList<String>();
+                }
+                resourceList.add(resourceTypeAndName[RESOURCE_NAME]);
+                resourcesMap.put(resourceType, resourceList);
+                def.setResources(resourcesMap);
+            }
+        } else {
+            def.setResources(resourcesMap);
+        }
+        if (isDebugEnabled) {
+            LOG.debug("==> PolicyParser parseResources");
+        }
+    }
+
+}
--- a/webapp/src/main/java/org/apache/atlas/authorize/PolicyUtil.java
+++ b/webapp/src/main/java/org/apache/atlas/authorize/PolicyUtil.java
+/** Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.atlas.authorize;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class PolicyUtil {
+
+    private static Logger LOG = LoggerFactory.getLogger(PolicyUtil.class);
+    private static boolean isDebugEnabled = LOG.isDebugEnabled();
+    private Map<String, Map<AtlasResourceTypes, List<String>>> userReadMap;
+    private Map<String, Map<AtlasResourceTypes, List<String>>> userWriteMap;
+    private Map<String, Map<AtlasResourceTypes, List<String>>> userUpdateMap;
+    private Map<String, Map<AtlasResourceTypes, List<String>>> userDeleteMap;
+
+    private Map<String, Map<AtlasResourceTypes, List<String>>> groupReadMap;
+    private Map<String, Map<AtlasResourceTypes, List<String>>> groupWriteMap;
+    private Map<String, Map<AtlasResourceTypes, List<String>>> groupUpdateMap;
+    private Map<String, Map<AtlasResourceTypes, List<String>>> groupDeleteMap;
+
+    /**
+     * @return the userReadMap
+     */
+    public Map<String, Map<AtlasResourceTypes, List<String>>> getUserReadMap() {
+        return userReadMap;
+    }
+
+    /**
+     * @return the userWriteMap
+     */
+    public Map<String, Map<AtlasResourceTypes, List<String>>> getUserWriteMap() {
+        return userWriteMap;
+    }
+
+    /**
+     * @return the userUpdateMap
+     */
+    public Map<String, Map<AtlasResourceTypes, List<String>>> getUserUpdateMap() {
+        return userUpdateMap;
+    }
+
+    /**
+     * @return the userDeleteMap
+     */
+    public Map<String, Map<AtlasResourceTypes, List<String>>> getUserDeleteMap() {
+        return userDeleteMap;
+    }
+
+    /**
+     * @return the groupReadMap
+     */
+    public Map<String, Map<AtlasResourceTypes, List<String>>> getGroupReadMap() {
+        return groupReadMap;
+    }
+
+    /**
+     * @return the groupWriteMap
+     */
+    public Map<String, Map<AtlasResourceTypes, List<String>>> getGroupWriteMap() {
+        return groupWriteMap;
+    }
+
+    /**
+     * @return the groupUpdateMap
+     */
+    public Map<String, Map<AtlasResourceTypes, List<String>>> getGroupUpdateMap() {
+        return groupUpdateMap;
+    }
+
+    /**
+     * @return the groupDeleteMap
+     */
+    public Map<String, Map<AtlasResourceTypes, List<String>>> getGroupDeleteMap() {
+        return groupDeleteMap;
+    }
+
+    public Map<String, Map<AtlasResourceTypes, List<String>>> createPermissionMap(List<PolicyDef> policyDefList,
+        AtlasActionTypes permissionType, AtlasAccessorTypes principalType) {
+        if (isDebugEnabled) {
+            LOG.debug("<== PolicyUtil createPermissionMap");
+            LOG.debug("Creating Permission Map for :: " + permissionType + " & " + principalType);
+        }
+        Map<String, Map<AtlasResourceTypes, List<String>>> userReadMap =
+            new HashMap<String, Map<AtlasResourceTypes, List<String>>>();
+
+        // Iterate over the list of policies to create map
+        for (PolicyDef policyDef : policyDefList) {
+            LOG.info("Processing policy def : " + policyDef);
+            Map<String, List<AtlasActionTypes>> principalMap =
+                principalType.equals(AtlasAccessorTypes.USER) ? policyDef.getUsers() : policyDef.getGroups();
+            // For every policy extract the resource list and populate the user map
+            for (Entry<String, List<AtlasActionTypes>> e : principalMap.entrySet()) {
+                // Check if the user has passed permission type like READ
+                if (!e.getValue().contains(permissionType)) {
+                    continue;
+                }
+                // See if the current user is already added to map
+                String username = e.getKey();
+                Map<AtlasResourceTypes, List<String>> userResourceList = userReadMap.get(username);
+
+                // If its not added then create a new resource list
+                if (userResourceList == null) {
+                    if (isDebugEnabled) {
+                        LOG.debug("Resource list not found for " + username + ", creating it");
+                    }
+                    userResourceList = new HashMap<AtlasResourceTypes, List<String>>();
+                }
+                /*
+                 * Iterate over resources from the current policy def and update the resource list for the current user
+                 */
+                for (Entry<AtlasResourceTypes, List<String>> resourceTypeMap : policyDef.getResources().entrySet()) {
+                    // For the current resourceType in the policyDef, get the
+                    // current list of resources already added
+                    AtlasResourceTypes type = resourceTypeMap.getKey();
+                    List<String> resourceList = userResourceList.get(type);
+
+                    if (resourceList == null) {
+                        // if the resource list was not added for this type then
+                        // create and add all the resources in this policy
+                        resourceList = new ArrayList<String>();
+                        resourceList.addAll(resourceTypeMap.getValue());
+                    } else {
+                        // if the resource list is present then merge both the
+                        // list
+                        resourceList.removeAll(resourceTypeMap.getValue());
+                        resourceList.addAll(resourceTypeMap.getValue());
+                    }
+
+                    userResourceList.put(type, resourceList);
+                }
+                userReadMap.put(username, userResourceList);
+                LOG.info("userReadMap=====>>>>>> " + userReadMap);
+            }
+        }
+        if (isDebugEnabled) {
+            LOG.debug("Returning Map for " + principalType + " :: " + userReadMap);
+            LOG.debug("==> PolicyUtil createPermissionMap");
+        }
+        return userReadMap;
+
+    }
+
+}
--- a/webapp/src/main/java/org/apache/atlas/authorize/SimpleAtlasAuthorizer.java
+++ b/webapp/src/main/java/org/apache/atlas/authorize/SimpleAtlasAuthorizer.java
--- a/webapp/src/main/java/org/apache/atlas/util/FileReaderUtil.java
+++ b/webapp/src/main/java/org/apache/atlas/util/FileReaderUtil.java
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.atlas.util;
+
+import java.io.BufferedReader;
+import java.io.FileReader;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.regex.Pattern;
+
+import org.apache.log4j.Logger;
+
+public class FileReaderUtil {
+    private static Logger LOG = Logger.getLogger(FileReaderUtil.class);
+    private static boolean isDebugEnabled = LOG.isDebugEnabled();
+
+    public static List<String> readFile(String path) throws IOException {
+        if (isDebugEnabled) {
+            LOG.debug("<== FileReaderUtil readFile");
+        }
+        LOG.info("reading the file" + path);
+        BufferedReader br = new BufferedReader(new FileReader(path));
+        List<String> list = new ArrayList<String>();
+        String line = null;
+        while ((line = br.readLine()) != null) {
+            if ((!line.startsWith("##")) && Pattern.matches(".+;;.*;;.*;;.+", line))
+                list.add(line);
+        }
+
+        if (isDebugEnabled) {
+            LOG.debug("==> FileReaderUtil readFile");
+            LOG.debug("Policies read :: " + list);
+        }
+        if (br != null) {
+            br.close();
+        }
+        return list;
+    }
+}
\ No newline at end of file
--- a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthorizationFilter.java
+++ b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthorizationFilter.java
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.atlas.web.filters;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.atlas.AtlasClient;
+import org.apache.atlas.AtlasException;
+import org.apache.atlas.authorize.AtlasAccessRequest;
+import org.apache.atlas.authorize.AtlasActionTypes;
+import org.apache.atlas.authorize.AtlasAuthorizationException;
+import org.apache.atlas.authorize.AtlasAuthorizer;
+import org.apache.atlas.authorize.AtlasResourceTypes;
+import org.apache.atlas.authorize.SimpleAtlasAuthorizer;
+import org.json.simple.JSONObject;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.web.filter.GenericFilterBean;
+import static org.apache.atlas.authorize.AtlasAuthorizationUtils.*;
+
+import com.google.common.base.Strings;
+
+public class AtlasAuthorizationFilter extends GenericFilterBean {
+
+    private static final Logger LOG = LoggerFactory.getLogger(AtlasAuthorizationFilter.class);
+    private static boolean isDebugEnabled = LOG.isDebugEnabled();
+    private AtlasAuthorizer authorizer = SimpleAtlasAuthorizer.getInstance();
+
+    private final String BASE_URL = "/" + AtlasClient.BASE_URI;
+
+    public AtlasAuthorizationFilter() {
+        if (isDebugEnabled) {
+            LOG.debug("<== AtlasAuthorizationFilter() -- " + "Now initializing the Apache Atlas Authorizer!!!");
+        }
+        authorizer.init();
+    }
+
+    @Override
+    public void destroy() {
+        if (isDebugEnabled) {
+            LOG.debug("<== AtlasAuthorizationFilter destroy");
+        }
+        authorizer.cleanUp();
+        super.destroy();
+    }
+
+    @SuppressWarnings("unchecked")
+    @Override
+    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException,
+        ServletException {
+        if (isDebugEnabled) {
+            LOG.debug("==> AuthorizationFilter.doFilter");
+        }
+
+        HttpServletRequest request = (HttpServletRequest) req;
+        String pathInfo = request.getServletPath();
+        if (pathInfo.startsWith(BASE_URL)) {
+            if (isDebugEnabled) {
+                LOG.debug(pathInfo + " is a valid REST API request!!!");
+            }
+
+            AtlasActionTypes action = getAtlasAction(request.getMethod());
+            String userName = null;
+            List<String> groups = new ArrayList<String>();
+            StringBuilder sb = new StringBuilder();
+
+            Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+
+            if (auth != null) {
+                userName = String.valueOf(auth.getPrincipal());
+                Collection<? extends GrantedAuthority> authorities = auth.getAuthorities();
+                for (GrantedAuthority c : authorities) {
+                    groups.add(c.getAuthority());
+                }
+                sb.append("============================\n");
+                sb.append("UserName ==>> " + userName + "\nGroups ==>> " + groups);
+            } else {
+                if (LOG.isErrorEnabled()) {
+                    LOG.error("Cannot obtain Security Context : " + auth);
+                }
+                throw new ServletException("Cannot obtain Security Context : " + auth);
+            }
+
+            sb.append("\n" + "URL :: " + request.getRequestURL() + " Action :: " + action);
+            sb.append("\nrequest.getServletPath() :: " + pathInfo);
+            sb.append("\n============================\n");
+
+            if (isDebugEnabled) {
+                LOG.debug(sb.toString());
+            }
+            sb = null;
+            List<AtlasResourceTypes> atlasResourceType = getAtlasResourceType(pathInfo);
+            String resource = getAtlasResource(request, action);
+            AtlasAccessRequest atlasRequest =
+                new AtlasAccessRequest(atlasResourceType, resource, action, userName, groups);
+            boolean accessAllowed = false;
+            try {
+                accessAllowed = authorizer.isAccessAllowed(atlasRequest);
+            } catch (AtlasAuthorizationException e) {
+                if (LOG.isErrorEnabled()) {
+                    LOG.error("Access Restricted. Could not process the request due to : " + e);
+                }
+            }
+            if (isDebugEnabled) {
+                LOG.debug("Authorizer result :: " + accessAllowed);
+            }
+            if (accessAllowed) {
+                if (isDebugEnabled) {
+                    LOG.debug("Access is allowed so forwarding the request!!!");
+                }
+                chain.doFilter(req, res);
+            } else {
+                JSONObject json = new JSONObject();
+                json.put("AuthorizationError", "Sorry you are not authorized for " + action.name() + " on "
+                    + atlasResourceType + " : " + resource);
+                HttpServletResponse response = (HttpServletResponse) res;
+                response.setContentType("application/json");
+                response.setStatus(HttpServletResponse.SC_FORBIDDEN);
+
+                response.sendError(HttpServletResponse.SC_FORBIDDEN, json.toString());
+                if (isDebugEnabled) {
+                    LOG.debug("Sorry you are not authorized for " + action.name() + " on " + atlasResourceType + " : "
+                        + resource);
+                    LOG.debug("Returning 403 since the access is blocked update!!!!");
+                }
+                return;
+            }
+
+        } else {
+            if (isDebugEnabled) {
+                LOG.debug("Ignoring request " + pathInfo);
+            }
+            chain.doFilter(req, res);
+        }
+    }
+
+}
\ No newline at end of file
--- a/webapp/src/main/resources/spring-security.xml
+++ b/webapp/src/main/resources/spring-security.xml
@@ -49,6 +49,7 @@
        <security:logout logout-success-url="/login.jsp" delete-cookies="JSESSIONID"
                         logout-url="/logout.html" />
        <http-basic />
+        <security:custom-filter position="LAST" ref="atlasAuthorizationFilter"/>        
    </security:http>

    <beans:bean id="formAuthenticationEntryPoint"
@@ -86,4 +87,6 @@
            pre-post-annotations="enabled" />

    <context:component-scan base-package="org.apache.atlas.web" />
+    
+    <beans:bean id = "atlasAuthorizationFilter" class="org.apache.atlas.web.filters.AtlasAuthorizationFilter"/>
 </beans:beans>
--- a/webapp/src/test/java/org/apache/atlas/authorize/PolicyParserTest.java
+++ b/webapp/src/test/java/org/apache/atlas/authorize/PolicyParserTest.java
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.atlas.authorize;
+
+import static org.junit.Assert.assertEquals;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import org.testng.annotations.Test;
+
+public class PolicyParserTest {
+
+    @Test
+    public void testParsePoliciesWithAllProperties() {
+        List<String> policies = new ArrayList<String>();
+        policies.add("hivePolicy;;usr1:r,usr2:rw;;grp1:rwu,grp2:u;;entity:*abc,operation:*xyz,type:PII");
+        /* Creating group data */
+        Map<String, List<AtlasActionTypes>> groupMap = new HashMap<String, List<AtlasActionTypes>>();
+        List<AtlasActionTypes> accessList1 = new ArrayList<AtlasActionTypes>();
+        accessList1.add(AtlasActionTypes.READ);
+        accessList1.add(AtlasActionTypes.WRITE);
+        accessList1.add(AtlasActionTypes.UPDATE);
+
+        groupMap.put("grp1", accessList1);
+        List<AtlasActionTypes> accessList2 = new ArrayList<AtlasActionTypes>();
+        accessList2.add(AtlasActionTypes.UPDATE);
+        groupMap.put("grp2", accessList2);
+
+        /* Creating user data */
+        Map<String, List<AtlasActionTypes>> usersMap = new HashMap<String, List<AtlasActionTypes>>();
+        List<AtlasActionTypes> usr1AccessList = new ArrayList<AtlasActionTypes>();
+        usr1AccessList.add(AtlasActionTypes.READ);
+        usersMap.put("usr1", usr1AccessList);
+
+        List<AtlasActionTypes> usr2AccessList = new ArrayList<AtlasActionTypes>();
+        usr2AccessList.add(AtlasActionTypes.READ);
+        usr2AccessList.add(AtlasActionTypes.WRITE);
+        usersMap.put("usr2", usr2AccessList);
+
+        /* Creating resources data */
+        Map<AtlasResourceTypes, List<String>> resourceMap = new HashMap<AtlasResourceTypes, List<String>>();
+        List<String> resource1List = new ArrayList<String>();
+        resource1List.add("*abc");
+        resourceMap.put(AtlasResourceTypes.ENTITY, resource1List);
+
+        List<String> resource2List = new ArrayList<String>();
+        resource2List.add("*xyz");
+        resourceMap.put(AtlasResourceTypes.OPERATION, resource2List);
+
+        List<String> resource3List = new ArrayList<String>();
+        resource3List.add("PII");
+        resourceMap.put(AtlasResourceTypes.TYPE, resource3List);
+
+        List<PolicyDef> policyDefs = new PolicyParser().parsePolicies(policies);
+        for (PolicyDef def : policyDefs) {
+
+            assertEquals(def.getPolicyName(), "hivePolicy");
+            assertEquals(def.getGroups(), groupMap);
+            assertEquals(def.getUsers(), usersMap);
+            assertEquals(def.getResources(), resourceMap);
+
+        }
+
+    }
+
+    @Test
+    public void testParsePoliciesWithOutUserProperties() {
+        List<String> policies = new ArrayList<String>();
+        policies.add("hivePolicy;;;;grp1:rwu,grp2:u;;entity:*abc,operation:*xyz,type:PII");
+        // Creating group data
+        Map<String, List<AtlasActionTypes>> groupMap = new HashMap<String, List<AtlasActionTypes>>();
+        List<AtlasActionTypes> accessList1 = new ArrayList<AtlasActionTypes>();
+        accessList1.add(AtlasActionTypes.READ);
+        accessList1.add(AtlasActionTypes.WRITE);
+        accessList1.add(AtlasActionTypes.UPDATE);
+
+        groupMap.put("grp1", accessList1);
+        List<AtlasActionTypes> accessList2 = new ArrayList<AtlasActionTypes>();
+        accessList2.add(AtlasActionTypes.UPDATE);
+        groupMap.put("grp2", accessList2);
+
+        // Creating user data
+        Map<String, List<AtlasActionTypes>> usersMap = new HashMap<String, List<AtlasActionTypes>>();
+
+        // Creating resources data
+        Map<AtlasResourceTypes, List<String>> resourceMap = new HashMap<AtlasResourceTypes, List<String>>();
+        List<String> resource1List = new ArrayList<String>();
+        resource1List.add("*abc");
+        resourceMap.put(AtlasResourceTypes.ENTITY, resource1List);
+
+        List<String> resource2List = new ArrayList<String>();
+        resource2List.add("*xyz");
+        resourceMap.put(AtlasResourceTypes.OPERATION, resource2List);
+
+        List<String> resource3List = new ArrayList<String>();
+        resource3List.add("PII");
+        resourceMap.put(AtlasResourceTypes.TYPE, resource3List);
+
+        List<PolicyDef> policyDefs = new PolicyParser().parsePolicies(policies);
+        for (PolicyDef def : policyDefs) {
+
+            assertEquals(def.getPolicyName(), "hivePolicy");
+            assertEquals(def.getGroups(), groupMap);
+            assertEquals(def.getUsers(), usersMap);
+            assertEquals(def.getResources(), resourceMap);
+
+        }
+
+    }
+
+    @Test
+    public void testParsePoliciesWithOutGroupProperties() {
+        List<String> policies = new ArrayList<String>();
+        policies.add("hivePolicy;;usr1:r,usr2:rw;;;;entity:*abc,operation:*xyz,type:PII");
+        // Creating group data
+        Map<String, List<AtlasActionTypes>> groupMap = new HashMap<String, List<AtlasActionTypes>>();
+
+        // Creating user data
+        Map<String, List<AtlasActionTypes>> usersMap = new HashMap<String, List<AtlasActionTypes>>();
+        List<AtlasActionTypes> usr1AccessList = new ArrayList<AtlasActionTypes>();
+        usr1AccessList.add(AtlasActionTypes.READ);
+        usersMap.put("usr1", usr1AccessList);
+
+        List<AtlasActionTypes> usr2AccessList = new ArrayList<AtlasActionTypes>();
+        usr2AccessList.add(AtlasActionTypes.READ);
+        usr2AccessList.add(AtlasActionTypes.WRITE);
+        usersMap.put("usr2", usr2AccessList);
+
+        // Creating resources data
+        Map<AtlasResourceTypes, List<String>> resourceMap = new HashMap<AtlasResourceTypes, List<String>>();
+        List<String> resource1List = new ArrayList<String>();
+        resource1List.add("*abc");
+        resourceMap.put(AtlasResourceTypes.ENTITY, resource1List);
+
+        List<String> resource2List = new ArrayList<String>();
+        resource2List.add("*xyz");
+        resourceMap.put(AtlasResourceTypes.OPERATION, resource2List);
+
+        List<String> resource3List = new ArrayList<String>();
+        resource3List.add("PII");
+        resourceMap.put(AtlasResourceTypes.TYPE, resource3List);
+
+        List<PolicyDef> policyDefs = new PolicyParser().parsePolicies(policies);
+        for (PolicyDef def : policyDefs) {
+            assertEquals(def.getPolicyName(), "hivePolicy");
+            assertEquals(def.getGroups(), groupMap);
+            assertEquals(def.getUsers(), usersMap);
+            assertEquals(def.getResources(), resourceMap);
+        }
+    }
+}
\ No newline at end of file
--- a/webapp/src/test/java/org/apache/atlas/authorize/PolicyUtilTest.java
+++ b/webapp/src/test/java/org/apache/atlas/authorize/PolicyUtilTest.java
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.atlas.authorize;
+
+import static org.junit.Assert.assertEquals;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.testng.annotations.Test;
+
+public class PolicyUtilTest {
+
+    @Test
+    public void testCreatePermissionMap() {
+
+        HashMap<AtlasResourceTypes, List<String>> resourceMap = new HashMap<AtlasResourceTypes, List<String>>();
+        List<String> resource1List = new ArrayList<String>();
+        resource1List.add("*abc");
+        resourceMap.put(AtlasResourceTypes.ENTITY, resource1List);
+
+        List<String> resource2List = new ArrayList<String>();
+        resource2List.add("*xyz");
+        resourceMap.put(AtlasResourceTypes.OPERATION, resource2List);
+
+        List<String> resource3List = new ArrayList<String>();
+        resource3List.add("PII");
+        resourceMap.put(AtlasResourceTypes.TYPE, resource3List);
+
+        Map<String, HashMap<AtlasResourceTypes, List<String>>> permissionMap =
+            new HashMap<String, HashMap<AtlasResourceTypes, List<String>>>();
+        permissionMap.put("grp1", resourceMap);
+
+        List<String> policies = new ArrayList<String>();
+        policies.add("hivePolicy;;usr1:r,usr2:rw;;grp1:rwu,grp2:u;;entity:*abc,operation:*xyz,type:PII");
+        List<PolicyDef> policyDefList = new PolicyParser().parsePolicies(policies);
+
+        Map<String, Map<AtlasResourceTypes, List<String>>> createdPermissionMap =
+            new PolicyUtil().createPermissionMap(policyDefList, AtlasActionTypes.READ, AtlasAccessorTypes.GROUP);
+
+        assertEquals(permissionMap, createdPermissionMap);
+
+    }
+
+    @Test
+    public void testMergeCreatePermissionMap() {
+
+        HashMap<AtlasResourceTypes, List<String>> resourceMap = new HashMap<AtlasResourceTypes, List<String>>();
+        List<String> resource1List = new ArrayList<String>();
+        resource1List.add("*abc");
+        resourceMap.put(AtlasResourceTypes.ENTITY, resource1List);
+
+        List<String> resource2List = new ArrayList<String>();
+        resource2List.add("*x");
+        resource2List.add("*xyz");
+        resourceMap.put(AtlasResourceTypes.OPERATION, resource2List);
+
+        List<String> resource3List = new ArrayList<String>();
+        resource3List.add("PII");
+        resourceMap.put(AtlasResourceTypes.TYPE, resource3List);
+
+        Map<String, HashMap<AtlasResourceTypes, List<String>>> permissionMap =
+            new HashMap<String, HashMap<AtlasResourceTypes, List<String>>>();
+        permissionMap.put("grp1", resourceMap);
+
+        List<String> policies = new ArrayList<String>();
+        policies.add("hivePolicys;;;;grp1:rwu;;entity:*abc,operation:*xyz,operation:*x");
+        policies.add("hivePolicy;;;;grp1:rwu;;entity:*abc,operation:*xyz");
+        policies.add("hivePolicy;;usr1:r,usr2:rw;;grp1:rwu;;entity:*abc,operation:*xyz");
+        policies.add("hivePolicy;;usr1:r,usr2:rw;;grp1:rwu,grp2:u;;entity:*abc,operation:*xyz,type:PII");
+        List<PolicyDef> policyDefList = new PolicyParser().parsePolicies(policies);
+
+        Map<String, Map<AtlasResourceTypes, List<String>>> createdPermissionMap =
+            new PolicyUtil().createPermissionMap(policyDefList, AtlasActionTypes.READ, AtlasAccessorTypes.GROUP);
+
+        assertEquals(permissionMap, createdPermissionMap);
+
+    }
+}
--- a/webapp/src/test/java/org/apache/atlas/authorize/SimpleAtlasAuthorizerTest.java
+++ b/webapp/src/test/java/org/apache/atlas/authorize/SimpleAtlasAuthorizerTest.java
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.atlas.authorize;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.testng.AssertJUnit;
+import org.testng.annotations.Test;
+
+
+public class SimpleAtlasAuthorizerTest {
+
+    private static Logger LOG = LoggerFactory.getLogger(SimpleAtlasAuthorizerTest.class);
+    
+    @Test
+    public void testAccessAllowedForUserAndGroup() {
+
+        Map<String, Map<AtlasResourceTypes, List<String>>> userReadMap = null;
+        Map<String, Map<AtlasResourceTypes, List<String>>> groupReadMap = null;
+        List<String> policies = new ArrayList<String>();
+        policies.add("hivePolicy;;usr1:r,usr2:rw;;grp1:rwu,grp2:u;;type:*abc,type:PII");
+
+        List<PolicyDef> policyDefs = new PolicyParser().parsePolicies(policies);
+        PolicyUtil policyUtil = new PolicyUtil();
+        // group read map
+        groupReadMap = policyUtil.createPermissionMap(policyDefs, AtlasActionTypes.READ, AtlasAccessorTypes.GROUP);
+        // creating user readMap
+        userReadMap = policyUtil.createPermissionMap(policyDefs, AtlasActionTypes.READ, AtlasAccessorTypes.USER);
+
+        List<AtlasResourceTypes> resourceType = new ArrayList<AtlasResourceTypes>();
+        resourceType.add(AtlasResourceTypes.TYPE);
+        String resource = "xsdfhjabc";
+        AtlasActionTypes action = AtlasActionTypes.READ;
+        String user = "usr1";
+
+        List<String> userGroups = new ArrayList<String>();
+        userGroups.add("grp3");
+        AtlasAccessRequest request = new AtlasAccessRequest(resourceType, resource, action, user, userGroups);
+        SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) SimpleAtlasAuthorizer.getInstance();
+
+        authorizer.setResourcesForTesting(userReadMap, groupReadMap, action);
+
+        try {
+            boolean isAccessAllowed = authorizer.isAccessAllowed(request);
+            // getUserReadMap
+            AssertJUnit.assertEquals(true, isAccessAllowed);
+        } catch (AtlasAuthorizationException e) {
+            if (LOG.isErrorEnabled()) {
+                LOG.error("AtlasAuthorizationException in Unit Test", e);
+            }
+        }
+
+    }
+
+    @Test
+    public void testAccessAllowedForGroup() {
+
+        Map<String, Map<AtlasResourceTypes, List<String>>> userReadMap = null;
+        Map<String, Map<AtlasResourceTypes, List<String>>> groupReadMap = null;
+        List<String> policies = new ArrayList<String>();
+        policies.add("hivePolicy;;usr1:r,usr2:rw;;grp1:rwu,grp2:u;;type:PII");
+
+        List<PolicyDef> policyDefs = new PolicyParser().parsePolicies(policies);
+        PolicyUtil policyUtil = new PolicyUtil();
+        // creating group read map
+        groupReadMap = policyUtil.createPermissionMap(policyDefs, AtlasActionTypes.READ, AtlasAccessorTypes.GROUP);
+        // creating user readMap
+        userReadMap = policyUtil.createPermissionMap(policyDefs, AtlasActionTypes.READ, AtlasAccessorTypes.USER);
+
+        List<AtlasResourceTypes> resourceType = new ArrayList<AtlasResourceTypes>();
+        resourceType.add(AtlasResourceTypes.TYPE);
+        String resource = "PII";
+        AtlasActionTypes action = AtlasActionTypes.READ;
+        String user = "usr3";
+        List<String> userGroups = new ArrayList<String>();
+        userGroups.add("grp1");
+        AtlasAccessRequest request = new AtlasAccessRequest(resourceType, resource, action, user, userGroups);
+        SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) SimpleAtlasAuthorizer.getInstance();
+        authorizer.setResourcesForTesting(userReadMap, groupReadMap, action);
+
+        try {
+            boolean isAccessAllowed = authorizer.isAccessAllowed(request);
+            AssertJUnit.assertEquals(true, isAccessAllowed);
+        } catch (AtlasAuthorizationException e) {
+            if (LOG.isErrorEnabled()) {
+                LOG.error("AtlasAuthorizationException in Unit Test", e);
+            }
+           
+        }
+
+    }
+
+    @Test
+    public void testResourceNotAvailableInPolicy() {
+
+        Map<String, Map<AtlasResourceTypes, List<String>>> userReadMap = null;
+        Map<String, Map<AtlasResourceTypes, List<String>>> groupReadMap = null;
+        List<String> policies = new ArrayList<String>();
+        policies.add("hivePolicy;;usr1:r,usr2:rw;;grp1:rwu,grp2:u;;type:PII");
+
+        List<PolicyDef> policyDefs = new PolicyParser().parsePolicies(policies);
+        PolicyUtil policyUtil = new PolicyUtil();
+        // group read map
+        groupReadMap = policyUtil.createPermissionMap(policyDefs, AtlasActionTypes.READ, AtlasAccessorTypes.GROUP);
+        // creating user readMap
+        userReadMap = policyUtil.createPermissionMap(policyDefs, AtlasActionTypes.READ, AtlasAccessorTypes.USER);
+
+        List<AtlasResourceTypes> resourceType = new ArrayList<AtlasResourceTypes>();
+        resourceType.add(AtlasResourceTypes.TYPE);
+        String resource = "abc";
+        AtlasActionTypes action = AtlasActionTypes.READ;
+        String user = "usr1";
+        List<String> userGroups = new ArrayList<String>();
+        userGroups.add("grp1");
+        AtlasAccessRequest request = new AtlasAccessRequest(resourceType, resource, action, user, userGroups);
+        SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) SimpleAtlasAuthorizer.getInstance();
+        authorizer.setResourcesForTesting(userReadMap, groupReadMap, action);
+
+        try {
+            boolean isAccessAllowed = authorizer.isAccessAllowed(request);
+            AssertJUnit.assertEquals(false, isAccessAllowed);
+        } catch (AtlasAuthorizationException e) {
+            if (LOG.isErrorEnabled()) {
+                LOG.error("AtlasAuthorizationException in Unit Test", e);
+            }
+        }
+
+    }
+
+    @Test
+    public void testAccessNotAllowedForUserAndGroup() {
+
+        Map<String, Map<AtlasResourceTypes, List<String>>> userReadMap = null;
+        Map<String, Map<AtlasResourceTypes, List<String>>> groupReadMap = null;
+        List<String> policies = new ArrayList<String>();
+        policies.add("hivePolicy;;usr1:r,usr2:rw;;grp1:rwu,grp2:u;;type:PII");
+
+        List<PolicyDef> policyDefs = new PolicyParser().parsePolicies(policies);
+        PolicyUtil policyUtil = new PolicyUtil();
+        // group read map
+        groupReadMap = policyUtil.createPermissionMap(policyDefs, AtlasActionTypes.READ, AtlasAccessorTypes.GROUP);
+        // creating user readMap
+        userReadMap = policyUtil.createPermissionMap(policyDefs, AtlasActionTypes.READ, AtlasAccessorTypes.USER);
+
+        List<AtlasResourceTypes> resourceType = new ArrayList<AtlasResourceTypes>();
+        resourceType.add(AtlasResourceTypes.TYPE);
+        String resource = "PII";
+        AtlasActionTypes action = AtlasActionTypes.READ;
+        String user = "usr3";
+        List<String> userGroups = new ArrayList<String>();
+        userGroups.add("grp3");
+        AtlasAccessRequest request = new AtlasAccessRequest(resourceType, resource, action, user, userGroups);
+        SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) SimpleAtlasAuthorizer.getInstance();
+        authorizer.setResourcesForTesting(userReadMap, groupReadMap, action);
+
+        try {
+            boolean isAccessAllowed = authorizer.isAccessAllowed(request);
+            AssertJUnit.assertEquals(false, isAccessAllowed);
+        } catch (AtlasAuthorizationException e) {
+            if (LOG.isErrorEnabled()) {
+                LOG.error("AtlasAuthorizationException in Unit Test", e);
+            }
+        }
+
+    }
+
+}
--- a/webapp/src/test/java/org/apache/atlas/web/security/FileAuthenticationTest.java
+++ b/webapp/src/test/java/org/apache/atlas/web/security/FileAuthenticationTest.java
@@ -60,7 +60,7 @@ public class FileAuthenticationTest {
    public void setup() throws Exception {

        String persistDir = TestUtils.getTempDirectory();
-
+        setUpPolicyStore(persistDir);
        setupUserCredential(persistDir);

        setUpAltasApplicationProperties(persistDir);
@@ -75,15 +75,15 @@ public class FileAuthenticationTest {

    }

-    private void setUpAltasApplicationProperties(String persistDir) throws Exception{
+    private void setUpAltasApplicationProperties(String persistDir) throws Exception {
        final PropertiesConfiguration configuration = new PropertiesConfiguration();
        configuration.setProperty("atlas.login.method", "FILE");
        configuration.setProperty("atlas.login.credentials.file", persistDir
                + "/users-credentials");
-
+        configuration.setProperty("atlas.auth.policy.file",persistDir
+                + "/policy-store.txt" );
        TestUtils.writeConfiguration(configuration, persistDir + File.separator
                + ApplicationProperties.APPLICATION_PROPERTIES);
-        
    }
    
    private void setupUserCredential(String tmpDir) throws Exception {
@@ -98,6 +98,15 @@ public class FileAuthenticationTest {
        FileUtils.write(credentialFile, credentialFileStr.toString());
    }

+    private void setUpPolicyStore(String tmpDir) throws Exception {
+        StringBuilder policyStr = new StringBuilder(1024);
+        policyStr.append("adminPolicy;;admin:rwud;;ROLE_ADMIN:rwud;;type:*,entity:*,operation:*");
+        File policyFile = new File(tmpDir, "policy-store.txt");
+        FileUtils.write(policyFile, policyStr.toString());
+    }
+
+
+
    @Test
    public void testValidUserLogin() {