NIFI-1952 Update to revision-locking for users and groups

Adding user and group summary objects (TenantEntity) Fixed ComponentEntity JSON mapping issues when the id field is null Removing unecessary revision checking. Fixing error message when checking user, group, and policy revision. This closes #589
2016-06-27 19:49:34 -04:00 · 2016-06-27 19:49:34 -04:00 · 41f3253445
parent 8c837ba1ea
commit 41f3253445
14 changed files with 284 additions and 177 deletions
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/AccessPolicyDTO.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/AccessPolicyDTO.java
@ -17,8 +17,7 @@
 package org.apache.nifi.web.api.dto;
 import com.wordnik.swagger.annotations.ApiModelProperty;
-import org.apache.nifi.web.api.entity.UserEntity;
+import org.apache.nifi.web.api.entity.TenantEntity;
 import org.apache.nifi.web.api.entity.UserGroupEntity;
 import javax.xml.bind.annotation.XmlType;
 import java.util.Set;
@ -30,8 +29,8 @@ import java.util.Set;
 public class AccessPolicyDTO  extends ComponentDTO {
    private String resource;
-    private Set<UserEntity> users;
+    private Set<TenantEntity> users;
-    private Set<UserGroupEntity> userGroups;
+    private Set<TenantEntity> userGroups;
    private Boolean canRead;
    private Boolean canWrite;
@ -81,11 +80,11 @@ public class AccessPolicyDTO  extends ComponentDTO {
     * @return The set of user IDs associated with this access policy.
     */
    @ApiModelProperty(value = "The set of user IDs associated with this access policy.")
-    public Set<UserEntity> getUsers() {
+    public Set<TenantEntity> getUsers() {
        return users;
    }
-    public void setUsers(Set<UserEntity> users) {
+    public void setUsers(Set<TenantEntity> users) {
        this.users = users;
    }
@ -93,11 +92,11 @@ public class AccessPolicyDTO  extends ComponentDTO {
     * @return The set of user group IDs associated with this access policy.
     */
    @ApiModelProperty(value = "The set of user group IDs associated with this access policy.")
-    public Set<UserGroupEntity> getUserGroups() {
+    public Set<TenantEntity> getUserGroups() {
        return userGroups;
    }
-    public void setUserGroups(Set<UserGroupEntity> userGroups) {
+    public void setUserGroups(Set<TenantEntity> userGroups) {
        this.userGroups = userGroups;
    }
 }
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/TenantDTO.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/TenantDTO.java
@ -0,0 +1,43 @@
 /*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.apache.nifi.web.api.dto;
 import com.wordnik.swagger.annotations.ApiModelProperty;
 import javax.xml.bind.annotation.XmlType;
 /**
 * A tenant of this NiFi.
 */
@XmlType(name = "tenant")
 public class TenantDTO extends ComponentDTO {
    private String identity;
    /**
     * @return tenant's identity
     */
    @ApiModelProperty(value = "The identity of the tenant.")
    public String getIdentity() {
        return identity;
    }
    public void setIdentity(String identity) {
        this.identity = identity;
    }
 }
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/UserDTO.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/UserDTO.java
@ -17,7 +17,7 @@
 package org.apache.nifi.web.api.dto;
 import com.wordnik.swagger.annotations.ApiModelProperty;
-import org.apache.nifi.web.api.entity.UserGroupEntity;
+import org.apache.nifi.web.api.entity.TenantEntity;
 import javax.xml.bind.annotation.XmlType;
 import java.util.Set;
@ -26,34 +26,19 @@ import java.util.Set;
 * A user of this NiFi.
 */
@XmlType(name = "user")
-public class UserDTO extends ComponentDTO {
+public class UserDTO extends TenantDTO {
-    private String identity;
+    private Set<TenantEntity> userGroups;
    private Set<UserGroupEntity> userGroups;
    /**
     * @return users identity
     */
    @ApiModelProperty(
            value = "The identity of the user."
    )
    public String getIdentity() {
        return identity;
    }
    public void setIdentity(String identity) {
        this.identity = identity;
    }
    /**
     * @return groups to which the user belongs
     */
    @ApiModelProperty(value = "The groups to which the user belongs.")
-    public Set<UserGroupEntity> getUserGroups() {
+    public Set<TenantEntity> getUserGroups() {
        return userGroups;
    }
-    public void setUserGroups(Set<UserGroupEntity> userGroups) {
+    public void setUserGroups(Set<TenantEntity> userGroups) {
        this.userGroups = userGroups;
    }
 }
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/UserGroupDTO.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/UserGroupDTO.java
@ -17,7 +17,7 @@
 package org.apache.nifi.web.api.dto;
 import com.wordnik.swagger.annotations.ApiModelProperty;
-import org.apache.nifi.web.api.entity.UserEntity;
+import org.apache.nifi.web.api.entity.TenantEntity;
 import javax.xml.bind.annotation.XmlType;
 import java.util.Set;
@ -26,35 +26,19 @@ import java.util.Set;
 * A user group in this NiFi.
 */
@XmlType(name = "userGroup")
-public class UserGroupDTO extends ComponentDTO {
+public class UserGroupDTO extends TenantDTO {
-    private String name;
+    private Set<TenantEntity> users;
    private Set<UserEntity> users;
    /**
     * @return users in this group
     */
-    @ApiModelProperty(
+    @ApiModelProperty(value = "The users that belong to the user group.")
-            value = "The users that belong to the user group."
+    public Set<TenantEntity> getUsers() {
    )
    public Set<UserEntity> getUsers() {
        return users;
    }
-    public void setUsers(Set<UserEntity> users) {
+    public void setUsers(Set<TenantEntity> users) {
        this.users = users;
    }
    /**
     *
     * @return name of the user group
     */
    @ApiModelProperty(value = "The name of the user group.")
    public String getName() {
        return name;
    }
    public void setName(String name) {
        this.name = name;
    }
 }
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/ComponentEntity.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/ComponentEntity.java
@ -24,6 +24,7 @@ import org.apache.nifi.web.api.dto.RevisionDTO;
 import javax.xml.bind.annotation.XmlRootElement;
 import java.util.List;
 import java.util.Objects;
 /**
 * A base type for request/response entities.
@ -117,7 +118,7 @@ public class ComponentEntity extends Entity {
    @Override
    public int hashCode() {
-        return id.hashCode();
+        return Objects.hash(id);
    }
    @Override
@ -134,6 +135,6 @@ public class ComponentEntity extends Entity {
            return false;
        }
-        return id.equals(((ComponentEntity) obj).getId());
+        return Objects.equals(id, ((ComponentEntity)obj).id);
    }
 }
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/TenantEntity.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/TenantEntity.java
@ -0,0 +1,43 @@
 /*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.apache.nifi.web.api.entity;
 import org.apache.nifi.web.api.dto.TenantDTO;
 import javax.xml.bind.annotation.XmlRootElement;
 /**
 * A serialized representation of this class can be placed in the entity body of a request or response to or from the API. This particular entity holds a reference to a TenantDTO.
 */
@XmlRootElement(name = "tenantEntity")
 public class TenantEntity extends ComponentEntity {
    private TenantDTO component;
    /**
     * The {@link TenantDTO} that is being serialized.
     *
     * @return The {@link TenantDTO} object
     */
    public TenantDTO getComponent() {
        return component;
    }
    public void setComponent(TenantDTO component) {
        this.component = component;
    }
 }
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiServiceFacade.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiServiceFacade.java
@ -1215,17 +1215,15 @@ public interface NiFiServiceFacade {
    /**
     * Gets the user with the specified ID.
     * @param userId The user ID
     * @param prune If true, the users in the groups to which this user belongs will not be returned
     * @return The user transfer object
     */
-    UserEntity getUser(String userId, boolean prune);
+    UserEntity getUser(String userId);
    /**
     * Gets all the users.
     * @param prune If true, the users in the groups to which the users belong will not be returned
     * @return The user transfer objects
     */
-    Set<UserEntity> getUsers(boolean prune);
+    Set<UserEntity> getUsers();
    /**
     * Updates the specified user.
@ -1257,17 +1255,15 @@ public interface NiFiServiceFacade {
    /**
     * Gets the user group with the specified ID.
     * @param userGroupId The user group ID
     * @param prune If true, the user groups of the users in this user group will not be returned
     * @return The user group transfer object
     */
-    UserGroupEntity getUserGroup(String userGroupId, boolean prune);
+    UserGroupEntity getUserGroup(String userGroupId);
    /**
     * Gets all user groups.
     * @param prune If true, the user groups of the users in the user groups will not be returned
     * @return The user group transfer objects
     */
-    Set<UserGroupEntity> getUserGroups(boolean prune);
+    Set<UserGroupEntity> getUserGroups();
    /**
     * Updates the specified user group.
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java
@ -156,6 +156,7 @@ import org.apache.nifi.web.api.entity.RemoteProcessGroupPortEntity;
 import org.apache.nifi.web.api.entity.ReportingTaskEntity;
 import org.apache.nifi.web.api.entity.ScheduleComponentsEntity;
 import org.apache.nifi.web.api.entity.SnippetEntity;
 import org.apache.nifi.web.api.entity.TenantEntity;
 import org.apache.nifi.web.api.entity.UserEntity;
 import org.apache.nifi.web.api.entity.UserGroupEntity;
 import org.apache.nifi.web.controller.ControllerFacade;
@ -193,7 +194,6 @@ import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.HashSet;
@ -208,6 +208,7 @@ import java.util.UUID;
 import java.util.function.Function;
 import java.util.function.Supplier;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 /**
 * Implementation of NiFiServiceFacade that performs revision checking.
@ -524,8 +525,8 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
                accessPolicyAuthorizable,
                () -> accessPolicyDAO.updateAccessPolicy(accessPolicyDTO),
                accessPolicy -> {
-                    final Set<UserEntity> users = accessPolicy.getUsers().stream().map(userId -> getUser(userId, true) ).collect(Collectors.toSet());
+                    final Set<TenantEntity> users = accessPolicy.getUsers().stream().map(mapUserIdToTenantEntity()).collect(Collectors.toSet());
-                    final Set<UserGroupEntity> userGroups = accessPolicy.getGroups().stream().map(userGroupId -> getUserGroup(userGroupId, true) ).collect(Collectors.toSet());
+                    final Set<TenantEntity> userGroups = accessPolicy.getGroups().stream().map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet());
                    return dtoFactory.createAccessPolicyDto(accessPolicy, userGroups, users);
                });
@ -539,7 +540,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
        final RevisionUpdate<UserDTO> snapshot = updateComponent(revision,
                usersAuthorizable,
                () -> userDAO.updateUser(userDTO),
-                user -> dtoFactory.createUserDto(user, user.getGroups().stream().map(userGroupId -> getUserGroup(userGroupId, true)).collect(Collectors.toSet())));
+                user -> dtoFactory.createUserDto(user, user.getGroups().stream().map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet())));
        final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(usersAuthorizable);
        return entityFactory.createUserEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy);
@ -551,7 +552,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
        final RevisionUpdate<UserGroupDTO> snapshot = updateComponent(revision,
                userGroupsAuthorizable,
                () -> userGroupDAO.updateUserGroup(userGroupDTO),
-                userGroup -> dtoFactory.createUserGroupDto(userGroup, userGroup.getUsers().stream().map(userId -> getUser(userId, true)).collect(Collectors.toSet())));
+                userGroup -> dtoFactory.createUserGroupDto(userGroup, userGroup.getUsers().stream().map(mapUserIdToTenantEntity()).collect(Collectors.toSet())));
        final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(userGroupsAuthorizable);
        return entityFactory.createUserGroupEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy);
@ -832,9 +833,9 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
                        controllerFacade.setMaxEventDrivenThreadCount(controllerConfigurationDTO.getMaxEventDrivenThreadCount());
                    }
-                return controllerConfigurationDTO;
+                    return controllerConfigurationDTO;
-            },
+                },
-            controller -> dtoFactory.createControllerConfigurationDto(controllerFacade));
+                controller -> dtoFactory.createControllerConfigurationDto(controllerFacade));
        final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(controllerFacade);
        final RevisionDTO updateRevision = dtoFactory.createRevisionDTO(updatedComponent.getLastModification());
@ -859,7 +860,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
            clusterCoordinator.requestNodeConnect(nodeId, userDn);
        } else if (NodeConnectionState.DISCONNECTING.name().equalsIgnoreCase(nodeDTO.getStatus())) {
            clusterCoordinator.requestNodeDisconnect(nodeId, DisconnectionCode.USER_DISCONNECTED,
-                "User " + userDn + " requested that node be disconnected from cluster");
+                    "User " + userDn + " requested that node be disconnected from cluster");
        }
        return getNode(nodeId);
@ -982,7 +983,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
    @Override
    public UserEntity deleteUser(final Revision revision, final String userId) {
        final User user = userDAO.getUser(userId);
-        final Set<UserGroupEntity> userGroups = user != null ? user.getGroups().stream().map(userGroupId -> getUserGroup(userGroupId, true)).collect(Collectors.toSet()) : null;
+        final Set<TenantEntity> userGroups = user != null ? user.getGroups().stream().map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet()) : null;
        final UserDTO snapshot = deleteComponent(
                revision,
                authorizableLookup.getTenantAuthorizable(),
@ -995,7 +996,8 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
    @Override
    public UserGroupEntity deleteUserGroup(final Revision revision, final String userGroupId) {
        final Group userGroup = userGroupDAO.getUserGroup(userGroupId);
-        final Set<UserEntity> users = userGroup != null ? userGroup.getUsers().stream().map(userId -> getUser(userId, true)).collect(Collectors.toSet()) :
+        final Set<TenantEntity> users = userGroup != null ? userGroup.getUsers().stream()
                .map(mapUserIdToTenantEntity()).collect(Collectors.toSet()) :
                null;
        final UserGroupDTO snapshot = deleteComponent(
                revision,
@ -1009,8 +1011,8 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
    @Override
    public AccessPolicyEntity deleteAccessPolicy(final Revision revision, final String accessPolicyId) {
        final AccessPolicy accessPolicy = accessPolicyDAO.getAccessPolicy(accessPolicyId);
-        final Set<UserGroupEntity> userGroups = accessPolicy != null ? accessPolicy.getGroups().stream().map(userGroupId -> getUserGroup(userGroupId, true)).collect(Collectors.toSet()) : null;
+        final Set<TenantEntity> userGroups = accessPolicy != null ? accessPolicy.getGroups().stream().map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet()) : null;
-        final Set<UserEntity> users = accessPolicy != null ? accessPolicy.getUsers().stream().map(userId -> getUser(userId, true)).collect(Collectors.toSet()) : null;
+        final Set<TenantEntity> users = accessPolicy != null ? accessPolicy.getUsers().stream().map(mapUserIdToTenantEntity()).collect(Collectors.toSet()) : null;
        final AccessPolicyDTO snapshot = deleteComponent(
                revision,
                authorizableLookup.getAccessPolicyAuthorizable(accessPolicyId),
@ -1267,11 +1269,17 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
    @Override
    public AccessPolicyEntity createAccessPolicy(final Revision revision, final AccessPolicyDTO accessPolicyDTO) {
        // TODO read lock on users and groups (and resource+action?) while the policy is being created?
        final Authorizable tenantAuthorizable = authorizableLookup.getTenantAuthorizable();
        final String creator = NiFiUserUtils.getNiFiUserName();
        final AccessPolicy newAccessPolicy = accessPolicyDAO.createAccessPolicy(accessPolicyDTO);
        final AccessPolicyDTO newAccessPolicyDto = dtoFactory.createAccessPolicyDto(newAccessPolicy,
-                newAccessPolicy.getGroups().stream().map(userGroupId -> getUserGroup(userGroupId, true)).collect(Collectors.toSet()),
+                newAccessPolicy.getGroups().stream().map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet()),
-                newAccessPolicy.getUsers().stream().map(userId -> getUser(userId, true)).collect(Collectors.toSet()));
+                newAccessPolicy.getUsers().stream().map(userId -> {
                    final RevisionDTO userRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(userId));
                    return entityFactory.createTenantEntity(dtoFactory.createTenantDTO(userDAO.getUser(userId)), userRevision,
                            dtoFactory.createAccessPolicyDto(tenantAuthorizable));
                }).collect(Collectors.toSet()));
        final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(authorizableLookup.getAccessPolicyAuthorizable(newAccessPolicy.getIdentifier()));
        return entityFactory.createAccessPolicyEntity(newAccessPolicyDto, dtoFactory.createRevisionDTO(new FlowModification(revision, creator)), accessPolicy);
@ -1279,9 +1287,11 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
    @Override
    public UserEntity createUser(final Revision revision, final UserDTO userDTO) {
        final Authorizable tenantAuthorizable = authorizableLookup.getTenantAuthorizable();
        final String creator = NiFiUserUtils.getNiFiUserName();
        final User newUser = userDAO.createUser(userDTO);
-        final UserDTO newUserDto = dtoFactory.createUserDto(newUser, newUser.getGroups().stream().map(userGroupId -> getUserGroup(userGroupId, true)).collect(Collectors.toSet()));
+        final UserDTO newUserDto = dtoFactory.createUserDto(newUser, newUser.getGroups().stream()
                .map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet()));
        final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(authorizableLookup.getTenantAuthorizable());
        return entityFactory.createUserEntity(newUserDto, dtoFactory.createRevisionDTO(new FlowModification(revision, creator)), accessPolicy);
@ -1289,12 +1299,15 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
    @Override
    public UserGroupEntity createUserGroup(final Revision revision, final UserGroupDTO userGroupDTO) {
        final Authorizable tenantAuthorizable = authorizableLookup.getTenantAuthorizable();
        final String creator = NiFiUserUtils.getNiFiUserName();
        if (revision.getVersion() != 0) {
            throw new IllegalArgumentException("The revision must start at 0.");
        }
        final Group newUserGroup = userGroupDAO.createUserGroup(userGroupDTO);
-        final UserGroupDTO newUserGroupDto = dtoFactory.createUserGroupDto(newUserGroup, newUserGroup.getUsers().stream().map(userId -> getUser(userId, true)).collect(Collectors.toSet()));
+        final UserGroupDTO newUserGroupDto = dtoFactory.createUserGroupDto(newUserGroup, newUserGroup.getUsers().stream()
                .map(userId -> {
                    final RevisionDTO userRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(userId));
                    return entityFactory.createTenantEntity(dtoFactory.createTenantDTO(userDAO.getUser(userId)), userRevision,
                            dtoFactory.createAccessPolicyDto(tenantAuthorizable));
                }).collect(Collectors.toSet()));
        final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(authorizableLookup.getTenantAuthorizable());
        return entityFactory.createUserGroupEntity(newUserGroupDto, dtoFactory.createRevisionDTO(new FlowModification(revision, creator)), accessPolicy);
@ -2338,101 +2351,75 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
    @Override
    public AccessPolicyEntity getAccessPolicy(final String accessPolicyId) {
-        return revisionManager.get(accessPolicyId, rev -> {
+        AccessPolicy preRevisionRequestAccessPolicy = accessPolicyDAO.getAccessPolicy(accessPolicyId);
-            final Authorizable accessPolicyAuthorizable = authorizableLookup.getAccessPolicyAuthorizable(accessPolicyId);
+        Set<String> ids = Stream.concat(Stream.of(accessPolicyId),
-            final RevisionDTO revision = dtoFactory.createRevisionDTO(rev);
+                Stream.concat(preRevisionRequestAccessPolicy.getUsers().stream(), preRevisionRequestAccessPolicy.getGroups().stream())).collect(Collectors.toSet());
-            final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(accessPolicyAuthorizable);
+        return revisionManager.get(ids, () -> {
            final RevisionDTO requestedAccessPolicyRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(accessPolicyId));
            final AccessPolicy requestedAccessPolicy = accessPolicyDAO.getAccessPolicy(accessPolicyId);
            final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(authorizableLookup.getAccessPolicyAuthorizable(accessPolicyId));
            return entityFactory.createAccessPolicyEntity(
                    dtoFactory.createAccessPolicyDto(requestedAccessPolicy,
-                            requestedAccessPolicy.getGroups().stream().map(userGroupId -> getUserGroup(userGroupId, true)).collect(Collectors.toSet()),
+                            requestedAccessPolicy.getGroups().stream().map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet()),
-                            requestedAccessPolicy.getUsers().stream().map(userId -> getUser(userId, true)).collect(Collectors.toSet())),
+                            requestedAccessPolicy.getUsers().stream().map(mapUserIdToTenantEntity()).collect(Collectors.toSet())),
-                    revision, accessPolicy);
+                    requestedAccessPolicyRevision, accessPolicy);
        });
    }
    @Override
-    public UserEntity getUser(final String userId, final boolean prune) {
+    public UserEntity getUser(final String userId) {
-        return revisionManager.get(userId, rev -> {
+        final Authorizable usersAuthorizable = authorizableLookup.getTenantAuthorizable();
-            final Authorizable usersAuthorizable = authorizableLookup.getTenantAuthorizable();
+        Set<String> ids = Stream.concat(Stream.of(userId), userDAO.getUser(userId).getGroups().stream()).collect(Collectors.toSet());
-            final RevisionDTO revision = dtoFactory.createRevisionDTO(rev);
+        return revisionManager.get(ids, () -> {
            final RevisionDTO userRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(userId));
            final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(usersAuthorizable);
            final User user = userDAO.getUser(userId);
-            final Set<UserGroupEntity> userGroups = user.getGroups().stream()
+            final Set<TenantEntity> userGroups = user.getGroups().stream()
-                    .map(userGroupId -> prune ? getUserGroupPruned(userGroupId) : getUserGroup(userGroupId, false))
+                    .map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet());
-                    .collect(Collectors.toSet());
+            return entityFactory.createUserEntity(dtoFactory.createUserDto(user, userGroups), userRevision, accessPolicy);
            return entityFactory.createUserEntity(dtoFactory.createUserDto(user, userGroups), revision, accessPolicy);
        });
    }
    private UserEntity getUserPruned(final String userId) {
        return revisionManager.get(userId, rev -> {
            final Authorizable usersAuthorizable = authorizableLookup.getTenantAuthorizable();
            final RevisionDTO revision = dtoFactory.createRevisionDTO(rev);
            final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(usersAuthorizable);
            final User user = userDAO.getUser(userId);
            return entityFactory.createUserEntity(dtoFactory.createUserDto(user, Collections.emptySet()), revision, accessPolicy);
        });
    }
    @Override
-    public Set<UserEntity> getUsers(boolean prune) {
+    public Set<UserEntity> getUsers() {
        final Authorizable userAuthorizable = authorizableLookup.getTenantAuthorizable();
        final Set<User> users = userDAO.getUsers();
-        final Set<String> ids = users.stream().map(user -> user.getIdentifier()).collect(Collectors.toSet());
+        final Set<String> ids = users.stream().flatMap(user -> Stream.concat(Stream.of(user.getIdentifier()), user.getGroups().stream())).collect(Collectors.toSet());
        return revisionManager.get(ids, () -> {
            return users.stream()
                    .map(user -> {
-                        final RevisionDTO revision = dtoFactory.createRevisionDTO(revisionManager.getRevision(user.getIdentifier()));
+                        final RevisionDTO userRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(user.getIdentifier()));
-                        final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(userAuthorizable);
+                        final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(authorizableLookup.getTenantAuthorizable());
-                        final Set<UserGroupEntity> userGroups = user.getGroups().stream()
+                        final Set<TenantEntity> userGroups = user.getGroups().stream().map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet());
-                                .map(userGroupId -> prune ? getUserGroupPruned(userGroupId) : getUserGroup(userGroupId, false))
+                        return entityFactory.createUserEntity(dtoFactory.createUserDto(user, userGroups), userRevision, accessPolicy);
-                                .collect(Collectors.toSet());
+                    }).collect(Collectors.toSet());
                        return entityFactory.createUserEntity(dtoFactory.createUserDto(user, userGroups), revision, accessPolicy);
                    })
                    .collect(Collectors.toSet());
        });
    }
    @Override
-    public UserGroupEntity getUserGroup(final String userGroupId, final boolean prune) {
+    public UserGroupEntity getUserGroup(final String userGroupId) {
-        return revisionManager.get(userGroupId, rev -> {
+        Set<String> ids = Stream.concat(Stream.of(userGroupId), userGroupDAO.getUserGroup(userGroupId).getUsers().stream()).collect(Collectors.toSet());
-            final Authorizable userGroupsAuthorizable = authorizableLookup.getTenantAuthorizable();
+        return revisionManager.get(ids, () -> {
-            final RevisionDTO revision = dtoFactory.createRevisionDTO(rev);
+            final RevisionDTO userGroupRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(userGroupId));
            final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(userGroupsAuthorizable);
            final Group userGroup = userGroupDAO.getUserGroup(userGroupId);
-            final Set<UserEntity> users = userGroup.getUsers().stream().map(userId -> prune ? getUserPruned(userId) : getUser(userId, false)).collect(Collectors.toSet());
+            final Set<TenantEntity> users = userGroup.getUsers().stream().map(mapUserIdToTenantEntity()).collect(Collectors.toSet());
-            return entityFactory.createUserGroupEntity(dtoFactory.createUserGroupDto(userGroup, users),
+            return entityFactory.createUserGroupEntity(dtoFactory.createUserGroupDto(userGroup, users), userGroupRevision,
-                    revision, accessPolicy);
+                    dtoFactory.createAccessPolicyDto(authorizableLookup.getTenantAuthorizable()));
        });
    }
    private UserGroupEntity getUserGroupPruned(final String userGroupId) {
        return revisionManager.get(userGroupId, rev -> {
            final Authorizable userGroupsAuthorizable = authorizableLookup.getTenantAuthorizable();
            final RevisionDTO revision = dtoFactory.createRevisionDTO(rev);
            final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(userGroupsAuthorizable);
            final Group userGroup = userGroupDAO.getUserGroup(userGroupId);
            return entityFactory.createUserGroupEntity(dtoFactory.createUserGroupDto(userGroup, Collections.emptySet()), revision, accessPolicy);
        });
    }
    @Override
-    public Set<UserGroupEntity> getUserGroups(boolean prune) {
+    public Set<UserGroupEntity> getUserGroups() {
        final Authorizable userGroupAuthorizable = authorizableLookup.getTenantAuthorizable();
        final Set<Group> userGroups = userGroupDAO.getUserGroups();
-        final Set<String> ids = userGroups.stream().map(userGroup -> userGroup.getIdentifier()).collect(Collectors.toSet());
+        final Set<String> ids = userGroups.stream().flatMap(userGroup -> Stream.concat(Stream.of(userGroup.getIdentifier()), userGroup.getUsers().stream())).collect(Collectors.toSet());
        return revisionManager.get(ids, () -> {
            return userGroups.stream()
                    .map(userGroup -> {
-                        final RevisionDTO revision = dtoFactory.createRevisionDTO(revisionManager.getRevision(userGroup.getIdentifier()));
+                        final RevisionDTO userGroupRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(userGroup.getIdentifier()));
                        final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(userGroupAuthorizable);
-                        final Set<UserEntity> users = userGroup.getUsers().stream()
+                        final Set<TenantEntity> users = userGroup.getUsers().stream().map(mapUserIdToTenantEntity()).collect(Collectors.toSet());
-                                .map(userGroupId -> prune ? getUserPruned(userGroupId) : getUser(userGroupId, false))
+                        return entityFactory.createUserGroupEntity(dtoFactory.createUserGroupDto(userGroup, users), userGroupRevision, accessPolicy);
-                                .collect(Collectors.toSet());
+                    }).collect(Collectors.toSet());
                        return entityFactory.createUserGroupEntity(dtoFactory.createUserGroupDto(userGroup, users), revision, accessPolicy);
                    })
                    .collect(Collectors.toSet());
        });
    }
@ -2973,6 +2960,24 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
        heartbeatMonitor.removeHeartbeat(nodeIdentifier);
    }
    /* reusable function declarations for converting ids to tenant entities */
    private Function<String, TenantEntity> mapUserGroupIdToTenantEntity() {
        return userGroupId -> {
            final RevisionDTO userGroupRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(userGroupId));
            return entityFactory.createTenantEntity(dtoFactory.createTenantDTO(userGroupDAO.getUserGroup(userGroupId)), userGroupRevision,
                    dtoFactory.createAccessPolicyDto(authorizableLookup.getTenantAuthorizable()));
        };
    }
    private Function<String, TenantEntity> mapUserIdToTenantEntity() {
        return userId -> {
            final RevisionDTO userRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(userId));
            return entityFactory.createTenantEntity(dtoFactory.createTenantDTO(userDAO.getUser(userId)), userRevision,
                    dtoFactory.createAccessPolicyDto(authorizableLookup.getTenantAuthorizable()));
        };
    }
    /* setters */
    public void setProperties(final NiFiProperties properties) {
        this.properties = properties;
@ -3069,6 +3074,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
    public void setAccessPolicyDAO(final AccessPolicyDAO accessPolicyDAO) {
        this.accessPolicyDAO = accessPolicyDAO;
    }
    public void setClusterCoordinator(final ClusterCoordinator coordinator) {
        this.clusterCoordinator = coordinator;
    }
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessPolicyResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessPolicyResource.java
@ -188,7 +188,7 @@ public class AccessPolicyResource extends ApplicationResource {
        }
        if (accessPolicyEntity.getRevision() == null || (accessPolicyEntity.getRevision().getVersion() == null || accessPolicyEntity.getRevision().getVersion() != 0)) {
-            throw new IllegalArgumentException("A revision of 0 must be specified when creating a new Processor.");
+            throw new IllegalArgumentException("A revision of 0 must be specified when creating a new Policy.");
        }
        if (accessPolicyEntity.getComponent().getId() != null) {
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/TenantsResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/TenantsResource.java
@ -165,7 +165,7 @@ public class TenantsResource extends ApplicationResource {
        }
        if (userEntity.getRevision() == null || (userEntity.getRevision().getVersion() == null || userEntity.getRevision().getVersion() != 0)) {
-            throw new IllegalArgumentException("A revision of 0 must be specified when creating a new Processor.");
+            throw new IllegalArgumentException("A revision of 0 must be specified when creating a new User.");
        }
        if (userEntity.getComponent().getId() != null) {
@ -251,7 +251,7 @@ public class TenantsResource extends ApplicationResource {
        });
        // get the user
-        final UserEntity entity = serviceFacade.getUser(id, true);
+        final UserEntity entity = serviceFacade.getUser(id);
        populateRemainingUserEntityContent(entity);
        return clusterContext(generateOkResponse(entity)).build();
@ -298,7 +298,7 @@ public class TenantsResource extends ApplicationResource {
        });
        // get all the users
-        final Set<UserEntity> users = serviceFacade.getUsers(true);
+        final Set<UserEntity> users = serviceFacade.getUsers();
        // create the response entity
        final UsersEntity entity = new UsersEntity();
@ -550,7 +550,7 @@ public class TenantsResource extends ApplicationResource {
        }
        if (userGroupEntity.getRevision() == null || (userGroupEntity.getRevision().getVersion() == null || userGroupEntity.getRevision().getVersion() != 0)) {
-            throw new IllegalArgumentException("A revision of 0 must be specified when creating a new Processor.");
+            throw new IllegalArgumentException("A revision of 0 must be specified when creating a new User Group.");
        }
        if (userGroupEntity.getComponent().getId() != null) {
@ -636,7 +636,7 @@ public class TenantsResource extends ApplicationResource {
        });
        // get the user group
-        final UserGroupEntity entity = serviceFacade.getUserGroup(id, true);
+        final UserGroupEntity entity = serviceFacade.getUserGroup(id);
        populateRemainingUserGroupEntityContent(entity);
        return clusterContext(generateOkResponse(entity)).build();
@ -683,7 +683,7 @@ public class TenantsResource extends ApplicationResource {
        });
        // get all the user groups
-        final Set<UserGroupEntity> users = serviceFacade.getUserGroups(true);
+        final Set<UserGroupEntity> users = serviceFacade.getUserGroups();
        // create the response entity
        final UserGroupsEntity entity = new UserGroupsEntity();
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/DtoFactory.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/DtoFactory.java
@ -139,8 +139,7 @@ import org.apache.nifi.web.api.dto.status.ProcessorStatusSnapshotDTO;
 import org.apache.nifi.web.api.dto.status.RemoteProcessGroupStatusDTO;
 import org.apache.nifi.web.api.dto.status.RemoteProcessGroupStatusSnapshotDTO;
 import org.apache.nifi.web.api.entity.FlowBreadcrumbEntity;
-import org.apache.nifi.web.api.entity.UserEntity;
+import org.apache.nifi.web.api.entity.TenantEntity;
 import org.apache.nifi.web.api.entity.UserGroupEntity;
 import org.apache.nifi.web.controller.ControllerFacade;
 import org.apache.nifi.web.revision.RevisionManager;
@ -691,7 +690,7 @@ public final class DtoFactory {
     * @param user user
     * @return dto
     */
-    public UserDTO createUserDto(final User user, final Set<UserGroupEntity> groups) {
+    public UserDTO createUserDto(final User user, final Set<TenantEntity> groups) {
        if (user == null) {
            return null;
        }
@ -704,13 +703,31 @@ public final class DtoFactory {
        return dto;
    }
    /**
     * Creates a {@link TenantDTO} from the specified {@link User}.
     *
     * @param user user
     * @return dto
     */
    public TenantDTO createTenantDTO(User user) {
        if (user == null) {
            return null;
        }
        final TenantDTO dto = new TenantDTO();
        dto.setId(user.getIdentifier());
        dto.setIdentity(user.getIdentity());
        return dto;
    }
    /**
     * Creates a {@link UserGroupDTO} from the specified {@link Group}.
     *
     * @param userGroup user group
     * @return dto
     */
-    public UserGroupDTO createUserGroupDto(final Group userGroup, Set<UserEntity> users) {
+    public UserGroupDTO createUserGroupDto(final Group userGroup, Set<TenantEntity> users) {
        if (userGroup == null) {
            return null;
        }
@ -718,7 +735,25 @@ public final class DtoFactory {
        final UserGroupDTO dto = new UserGroupDTO();
        dto.setId(userGroup.getIdentifier());
        dto.setUsers(users);
-        dto.setName(userGroup.getName());
+        dto.setIdentity(userGroup.getName());
        return dto;
    }
    /**
     * Creates a {@link TenantDTO} from the specified {@link User}.
     *
     * @param userGroup user
     * @return dto
     */
    public TenantDTO createTenantDTO(Group userGroup) {
        if (userGroup == null) {
            return null;
        }
        final TenantDTO dto = new TenantDTO();
        dto.setId(userGroup.getIdentifier());
        dto.setIdentity(userGroup.getName());
        return dto;
    }
@ -1517,7 +1552,7 @@ public final class DtoFactory {
        return dto;
    }
-    public AccessPolicyDTO createAccessPolicyDto(final AccessPolicy accessPolicy, Set<UserGroupEntity> userGroups, Set<UserEntity> users) {
+    public AccessPolicyDTO createAccessPolicyDto(final AccessPolicy accessPolicy, Set<TenantEntity> userGroups, Set<TenantEntity> users) {
        if (accessPolicy == null) {
            return null;
        }
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/EntityFactory.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/EntityFactory.java
@ -39,6 +39,7 @@ import org.apache.nifi.web.api.entity.RemoteProcessGroupEntity;
 import org.apache.nifi.web.api.entity.RemoteProcessGroupPortEntity;
 import org.apache.nifi.web.api.entity.ReportingTaskEntity;
 import org.apache.nifi.web.api.entity.SnippetEntity;
 import org.apache.nifi.web.api.entity.TenantEntity;
 import org.apache.nifi.web.api.entity.UserEntity;
 import org.apache.nifi.web.api.entity.UserGroupEntity;
@ -162,6 +163,20 @@ public final class EntityFactory {
        return entity;
    }
    public TenantEntity createTenantEntity(final TenantDTO dto, final RevisionDTO revsion, final AccessPolicyDTO accessPolicy) {
        final TenantEntity entity = new TenantEntity();
        entity.setRevision(revsion);
        if (dto != null) {
            entity.setAccessPolicy(accessPolicy);
            entity.setId(dto.getId());
            if (accessPolicy != null && accessPolicy.getCanRead()) {
                entity.setComponent(dto);
            }
        }
        return entity;
    }
    public UserGroupEntity createUserGroupEntity(final UserGroupDTO dto, final RevisionDTO revision, final AccessPolicyDTO accessPolicy) {
        final UserGroupEntity entity = new UserGroupEntity();
        entity.setRevision(revision);
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAO.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAO.java
@ -33,8 +33,7 @@ import org.apache.nifi.web.api.dto.AccessPolicyDTO;
 import org.apache.nifi.web.api.dto.UserDTO;
 import org.apache.nifi.web.api.dto.UserGroupDTO;
 import org.apache.nifi.web.api.entity.ComponentEntity;
-import org.apache.nifi.web.api.entity.UserEntity;
+import org.apache.nifi.web.api.entity.TenantEntity;
 import org.apache.nifi.web.api.entity.UserGroupEntity;
 import org.apache.nifi.web.dao.AccessPolicyDAO;
 import org.apache.nifi.web.dao.UserDAO;
 import org.apache.nifi.web.dao.UserGroupDAO;
@ -182,8 +181,8 @@ public class StandardPolicyBasedAuthorizerDAO implements AccessPolicyDAO, UserGr
    }
    private AccessPolicy buildAccessPolicy(final String identifier, final AccessPolicyDTO accessPolicyDTO) {
-        final Set<UserGroupEntity> userGroups = accessPolicyDTO.getUserGroups();
+        final Set<TenantEntity> userGroups = accessPolicyDTO.getUserGroups();
-        final Set<UserEntity> users = accessPolicyDTO.getUsers();
+        final Set<TenantEntity> users = accessPolicyDTO.getUsers();
        final AccessPolicy.Builder builder = new AccessPolicy.Builder()
                .identifier(identifier)
                .resource(accessPolicyDTO.getResource());
@ -237,8 +236,8 @@ public class StandardPolicyBasedAuthorizerDAO implements AccessPolicyDAO, UserGr
    }
    private Group buildUserGroup(final String identifier, final UserGroupDTO userGroupDTO) {
-        final Set<UserEntity> users = userGroupDTO.getUsers();
+        final Set<TenantEntity> users = userGroupDTO.getUsers();
-        final Group.Builder builder = new Group.Builder().identifier(identifier).name(userGroupDTO.getName());
+        final Group.Builder builder = new Group.Builder().identifier(identifier).name(userGroupDTO.getIdentity());
        if (users != null) {
            builder.addUsers(users.stream().map(ComponentEntity::getId).collect(Collectors.toSet()));
        }
@ -280,7 +279,7 @@ public class StandardPolicyBasedAuthorizerDAO implements AccessPolicyDAO, UserGr
    }
    private User buildUser(final String identifier, final UserDTO userDTO) {
-        final Set<UserGroupEntity> groups = userDTO.getUserGroups();
+        final Set<TenantEntity> groups = userDTO.getUserGroups();
        final User.Builder builder = new User.Builder().identifier(identifier).identity(userDTO.getIdentity());
        if (groups != null) {
            builder.addGroups(groups.stream().map(ComponentEntity::getId).collect(Collectors.toSet()));
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/groovy/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAOSpec.groovy
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/groovy/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAOSpec.groovy
@ -26,6 +26,7 @@ import org.apache.nifi.web.ResourceNotFoundException
 import org.apache.nifi.web.api.dto.AccessPolicyDTO
 import org.apache.nifi.web.api.dto.UserDTO
 import org.apache.nifi.web.api.dto.UserGroupDTO
 import org.apache.nifi.web.api.entity.TenantEntity
 import org.apache.nifi.web.api.entity.UserEntity
 import org.apache.nifi.web.api.entity.UserGroupEntity
 import spock.lang.Specification
@ -46,7 +47,7 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification {
        method               | daoMethod
        'createAccessPolicy' | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).createAccessPolicy(new AccessPolicyDTO(id: '1', resource: '/1', canRead: true)) }
        'createUser'         | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).createUser(new UserDTO(id: '1', identity: 'a')) }
-        'createUserGroup'    | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).createUserGroup(new UserGroupDTO(id: '1', name: 'a')) }
+        'createUserGroup'    | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).createUserGroup(new UserGroupDTO(id: '1', identity: 'a')) }
        'deleteAccessPolicy' | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).deleteAccessPolicy('1') }
        'deleteUser'         | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).deleteUser('1') }
        'deleteUserGroup'    | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).deleteUserGroup('1') }
@ -58,7 +59,7 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification {
        'hasUserGroup'       | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).hasUserGroup('1') }
        'updateAccessPolicy' | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).updateAccessPolicy(new AccessPolicyDTO(id: '1', resource: '/1', canRead: true)) }
        'updateUser'         | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).updateUser(new UserDTO(id: '1', identity: 'a')) }
-        'updateUserGroup'    | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).updateUserGroup(new UserGroupDTO(id: '1', name: 'a')) }
+        'updateUserGroup'    | { new StandardPolicyBasedAuthorizerDAO(Mock(Authorizer)).updateUserGroup(new UserGroupDTO(id: '1', identity: 'a')) }
    }
    @Unroll
@ -89,8 +90,8 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification {
        def dao = new StandardPolicyBasedAuthorizerDAO(authorizer)
        def requestDTO = new AccessPolicyDTO(id: 'policy-id-1', resource: '/fake/resource', canRead: true,
                canWrite: true,
-                users: [new UserEntity(id: 'user-id-1')] as Set,
+                users: [new TenantEntity(id: 'user-id-1')] as Set,
-                userGroups: [new UserGroupEntity(id: 'user-group-id-1')] as Set)
+                userGroups: [new TenantEntity(id: 'user-group-id-1')] as Set)
        when:
        def result = dao.createAccessPolicy(requestDTO)
@ -151,8 +152,8 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification {
        def dao = new StandardPolicyBasedAuthorizerDAO(authorizer)
        def requestDTO = new AccessPolicyDTO(id: 'policy-id-1', resource: '/fake/resource', canRead: true,
                canWrite: true,
-                users: [new UserEntity(id: 'user-id-1')] as Set,
+                users: [new TenantEntity(id: 'user-id-1')] as Set,
-                userGroups: [new UserGroupEntity(id: 'user-group-id-1')] as Set)
+                userGroups: [new TenantEntity(id: 'user-group-id-1')] as Set)
        when:
        def result = dao.updateAccessPolicy(requestDTO)
@ -176,8 +177,8 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification {
        def dao = new StandardPolicyBasedAuthorizerDAO(authorizer)
        def requestDTO = new AccessPolicyDTO(id: 'policy-id-1', resource: '/fake/resource', canRead: true,
                canWrite: true,
-                users: [new UserEntity(id: 'user-id-1')] as Set,
+                users: [new TenantEntity(id: 'user-id-1')] as Set,
-                userGroups: [new UserGroupEntity(id: 'user-group-id-1')] as Set)
+                userGroups: [new TenantEntity(id: 'user-group-id-1')] as Set)
        when:
        dao.updateAccessPolicy(requestDTO)
@ -249,7 +250,7 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification {
        given:
        def authorizer = Mock AbstractPolicyBasedAuthorizer
        def dao = new StandardPolicyBasedAuthorizerDAO(authorizer)
-        def requestDTO = new UserGroupDTO(id: 'user-group-id-1', name: 'user group identity', users: [new UserEntity(id: 'user-id-1')] as Set)
+        def requestDTO = new UserGroupDTO(id: 'user-group-id-1', identity: 'user group identity', users: [new TenantEntity(id: 'user-id-1')] as Set)
        when:
        def result = dao.createUserGroup(requestDTO)
@ -325,7 +326,7 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification {
        given:
        def authorizer = Mock AbstractPolicyBasedAuthorizer
        def dao = new StandardPolicyBasedAuthorizerDAO(authorizer)
-        def requestDTO = new UserGroupDTO(id: 'user-group-id-1', name: 'user group identity', users: [new UserEntity(id: 'user-id-1')] as Set)
+        def requestDTO = new UserGroupDTO(id: 'user-group-id-1', identity: 'user group identity', users: [new TenantEntity(id: 'user-id-1')] as Set)
        when:
        def result = dao.updateUserGroup(requestDTO)
@ -346,7 +347,7 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification {
        given:
        def authorizer = Mock AbstractPolicyBasedAuthorizer
        def dao = new StandardPolicyBasedAuthorizerDAO(authorizer)
-        def requestDTO = new UserGroupDTO(id: 'user-group-id-1', name: 'user group identity', users: [new UserEntity(id: 'user-id-1')] as Set)
+        def requestDTO = new UserGroupDTO(id: 'user-group-id-1', identity: 'user group identity', users: [new TenantEntity(id: 'user-id-1')] as Set)
        when:
        dao.updateUserGroup(requestDTO)
@ -416,7 +417,7 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification {
        given:
        def authorizer = Mock AbstractPolicyBasedAuthorizer
        def dao = new StandardPolicyBasedAuthorizerDAO(authorizer)
-        def requestDTO = new UserDTO(id: 'user-id-1', identity: 'user identity', userGroups: [new UserGroupEntity(id: 'user-group-id-1')] as Set)
+        def requestDTO = new UserDTO(id: 'user-id-1', identity: 'user identity', userGroups: [new TenantEntity(id: 'user-group-id-1')] as Set)
        when:
        def result = dao.createUser(requestDTO)
@ -492,7 +493,7 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification {
        given:
        def authorizer = Mock AbstractPolicyBasedAuthorizer
        def dao = new StandardPolicyBasedAuthorizerDAO(authorizer)
-        def requestDTO = new UserDTO(id: 'user-id-1', identity: 'user identity', userGroups: [new UserGroupEntity(id: 'user-group-id-1')] as Set)
+        def requestDTO = new UserDTO(id: 'user-id-1', identity: 'user identity', userGroups: [new TenantEntity(id: 'user-group-id-1')] as Set)
        when:
        def result = dao.updateUser(requestDTO)
@ -513,7 +514,7 @@ class StandardPolicyBasedAuthorizerDAOSpec extends Specification {
        given:
        def authorizer = Mock AbstractPolicyBasedAuthorizer
        def dao = new StandardPolicyBasedAuthorizerDAO(authorizer)
-        def requestDTO = new UserDTO(id: 'user-id-1', identity: 'user identity', userGroups: [new UserGroupEntity(id: 'user-group-id-1')] as Set)
+        def requestDTO = new UserDTO(id: 'user-id-1', identity: 'user identity', userGroups: [new TenantEntity(id: 'user-group-id-1')] as Set)
        when:
        dao.updateUser(requestDTO)