From 8582214315577b4717ee2ffbcc67fbff637e42a5 Mon Sep 17 00:00:00 2001
From: Galsza <109229906+Galsza@users.noreply.github.com>
Date: Wed, 20 Mar 2024 08:24:39 +0100
Subject: [PATCH] HDDS-10515. Reduce OzoneAcl constructor count (#6396)

---
 .../hadoop/ozone/client/rpc/RpcClient.java    | 10 +--
 .../org/apache/hadoop/ozone/OzoneAcl.java     | 22 +++----
 .../hadoop/ozone/om/helpers/OzoneAclUtil.java |  4 +-
 .../ozone/om/helpers/TestOmBucketInfo.java    | 17 ++---
 .../ozone/om/helpers/TestOmKeyInfo.java       |  2 +-
 .../ozone/om/helpers/TestOmVolumeArgs.java    |  8 +--
 .../ozone/om/helpers/TestOzoneAclUtil.java    | 14 ++--
 .../AbstractRootedOzoneFileSystemTest.java    | 16 ++---
 .../rpc/TestOzoneRpcClientAbstract.java       | 66 ++++++++-----------
 .../rpc/TestOzoneRpcClientForAclAuditLog.java |  4 +-
 .../hadoop/ozone/om/TestBucketOwner.java      |  6 +-
 .../hadoop/ozone/om/TestKeyManagerImpl.java   | 29 +++-----
 .../apache/hadoop/ozone/om/TestOmMetrics.java |  4 +-
 .../om/TestOzoneManagerHAWithAllRunning.java  | 62 ++++++++---------
 .../ozone/om/snapshot/TestOmSnapshot.java     |  2 +-
 .../ozone/om/helpers/OzoneAclStorage.java     | 13 +++-
 .../ozone/om/helpers/TestOmPrefixInfo.java    |  4 +-
 .../om/helpers/TestOmPrefixInfoCodec.java     |  2 +-
 .../apache/hadoop/ozone/om/OzoneManager.java  |  4 +-
 .../acl/prefix/TestOMPrefixAclResponse.java   |  4 +-
 .../acl/TestOzoneNativeAuthorizer.java        | 18 ++---
 .../ozone/security/acl/TestParentAcl.java     |  6 +-
 .../hadoop/ozone/recon/api/TestEndpoints.java | 12 ++--
 .../ozone/recon/common/CommonUtils.java       |  2 +-
 .../ozone/s3/endpoint/BucketEndpoint.java     | 19 ++----
 .../hadoop/ozone/s3/endpoint/S3Acl.java       | 66 +++++++++----------
 .../freon/containergenerator/GeneratorOm.java |  4 +-
 27 files changed, 192 insertions(+), 228 deletions(-)

diff --git a/hadoop-ozone/client/src/main/java/org/apache/hadoop/ozone/client/rpc/RpcClient.java b/hadoop-ozone/client/src/main/java/org/apache/hadoop/ozone/client/rpc/RpcClient.java
index 178a9919c11..7cd9ed440bb 100644
--- a/hadoop-ozone/client/src/main/java/org/apache/hadoop/ozone/client/rpc/RpcClient.java
+++ b/hadoop-ozone/client/src/main/java/org/apache/hadoop/ozone/client/rpc/RpcClient.java
@@ -156,7 +156,6 @@
 import java.security.PrivilegedExceptionAction;
 import java.util.ArrayList;
 import java.util.Arrays;
-import java.util.BitSet;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.LinkedHashMap;
@@ -432,12 +431,12 @@ public void createVolume(String volumeName, VolumeArgs volArgs)
     List<OzoneAcl> listOfAcls = new ArrayList<>();
     //User ACL
     listOfAcls.add(new OzoneAcl(ACLIdentityType.USER,
-        owner, userRights, ACCESS));
+        owner, ACCESS, userRights));
     //Group ACLs of the User
     List<String> userGroups = Arrays.asList(UserGroupInformation
         .createRemoteUser(owner).getGroupNames());
     userGroups.stream().forEach((group) -> listOfAcls.add(
-        new OzoneAcl(ACLIdentityType.GROUP, group, groupRights, ACCESS)));
+        new OzoneAcl(ACLIdentityType.GROUP, group, ACCESS, groupRights)));
     //ACLs from VolumeArgs
     List<OzoneAcl> volumeAcls = volArgs.getAcls();
     if (volumeAcls != null) {
@@ -757,10 +756,7 @@ private List<OzoneAcl> getAclList() {
    * @return OzoneAcl
    */
   private OzoneAcl linkBucketDefaultAcl() {
-    BitSet aclRights = new BitSet();
-    aclRights.set(READ.ordinal());
-    aclRights.set(WRITE.ordinal());
-    return new OzoneAcl(ACLIdentityType.WORLD, "", aclRights, ACCESS);
+    return new OzoneAcl(ACLIdentityType.WORLD, "", ACCESS, READ, WRITE);
   }
 
   /**
diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/OzoneAcl.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/OzoneAcl.java
index edfb194d571..8ab39a9ff99 100644
--- a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/OzoneAcl.java
+++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/OzoneAcl.java
@@ -30,6 +30,7 @@
 
 import java.util.ArrayList;
 import java.util.BitSet;
+import java.util.EnumSet;
 import java.util.List;
 import java.util.Objects;
 import java.util.function.Consumer;
@@ -58,17 +59,12 @@ public class OzoneAcl {
   private final AclScope aclScope;
   private static final List<ACLType> EMPTY_LIST = new ArrayList<>(0);
 
-  // TODO use varargs constructor
-  public OzoneAcl(ACLIdentityType type, String name, ACLType acl, AclScope scope) {
-    this(type, name, scope, bitSetOf(acl));
-  }
-
   public OzoneAcl(ACLIdentityType type, String name, AclScope scope, ACLType... acls) {
     this(type, name, scope, bitSetOf(acls));
   }
 
-  public OzoneAcl(ACLIdentityType type, String name, BitSet acls, AclScope scope) {
-    this(type, name, scope, validateAndCopy(acls));
+  public OzoneAcl(ACLIdentityType type, String name, AclScope scope, EnumSet<ACLType> acls) {
+    this(type, name, scope, bitSetOf(acls.toArray(new ACLType[0])));
   }
 
   private OzoneAcl(ACLIdentityType type, String name, AclScope scope, BitSet acls) {
@@ -148,7 +144,6 @@ public static OzoneAcl parseAcl(String acl)
     }
 
     ACLIdentityType aclType = ACLIdentityType.valueOf(parts[0].toUpperCase());
-    BitSet acls = new BitSet(ACLType.getNoOfAcls());
 
     String bits = parts[2];
 
@@ -163,14 +158,14 @@ public static OzoneAcl parseAcl(String acl)
           parts[2].indexOf("]")));
     }
 
-    // Set all acl bits.
+    EnumSet<ACLType> acls = EnumSet.noneOf(ACLType.class);
     for (char ch : bits.toCharArray()) {
-      acls.set(ACLType.getACLRight(String.valueOf(ch)).ordinal());
+      acls.add(ACLType.getACLRight(String.valueOf(ch)));
     }
 
     // TODO : Support sanitation of these user names by calling into
     // userAuth Interface.
-    return new OzoneAcl(aclType, parts[1], acls, aclScope);
+    return new OzoneAcl(aclType, parts[1], aclScope, acls);
   }
 
   /**
@@ -208,9 +203,8 @@ public static OzoneAclInfo toProtobuf(OzoneAcl acl) {
 
   public static OzoneAcl fromProtobuf(OzoneAclInfo protoAcl) {
     BitSet aclRights = BitSet.valueOf(protoAcl.getRights().toByteArray());
-    return new OzoneAcl(ACLIdentityType.valueOf(protoAcl.getType().name()),
-        protoAcl.getName(), aclRights,
-        AclScope.valueOf(protoAcl.getAclScope().name()));
+    return new OzoneAcl(ACLIdentityType.valueOf(protoAcl.getType().name()), protoAcl.getName(),
+        AclScope.valueOf(protoAcl.getAclScope().name()), validateAndCopy(aclRights));
   }
 
   public AclScope getAclScope() {
diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/helpers/OzoneAclUtil.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/helpers/OzoneAclUtil.java
index a2e738f143d..517f0c14ce0 100644
--- a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/helpers/OzoneAclUtil.java
+++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/om/helpers/OzoneAclUtil.java
@@ -60,11 +60,11 @@ public static List<OzoneAcl> getAclList(String userName,
     List<OzoneAcl> listOfAcls = new ArrayList<>();
 
     // User ACL.
-    listOfAcls.add(new OzoneAcl(USER, userName, userRights, ACCESS));
+    listOfAcls.add(new OzoneAcl(USER, userName, ACCESS, userRights));
     if (userGroups != null) {
       // Group ACLs of the User.
       Arrays.asList(userGroups).forEach((group) -> listOfAcls.add(
-          new OzoneAcl(GROUP, group, groupRights, ACCESS)));
+          new OzoneAcl(GROUP, group, ACCESS, groupRights)));
     }
     return listOfAcls;
   }
diff --git a/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOmBucketInfo.java b/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOmBucketInfo.java
index c38c09360f0..638dd3414e8 100644
--- a/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOmBucketInfo.java
+++ b/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOmBucketInfo.java
@@ -81,8 +81,7 @@ public void testClone() {
         .setAcls(Collections.singletonList(new OzoneAcl(
             IAccessAuthorizer.ACLIdentityType.USER,
             "defaultUser",
-            IAccessAuthorizer.ACLType.WRITE_ACL,
-            OzoneAcl.AclScope.ACCESS
+            OzoneAcl.AclScope.ACCESS, IAccessAuthorizer.ACLType.WRITE_ACL
         )))
         .build();
 
@@ -97,8 +96,7 @@ public void testClone() {
     omBucketInfo.setAcls(Collections.singletonList(new OzoneAcl(
         IAccessAuthorizer.ACLIdentityType.USER,
         "newUser",
-        IAccessAuthorizer.ACLType.WRITE_ACL,
-        OzoneAcl.AclScope.ACCESS
+        OzoneAcl.AclScope.ACCESS, IAccessAuthorizer.ACLType.WRITE_ACL
     )));
     assertNotEquals(
         omBucketInfo.getAcls().get(0),
@@ -115,8 +113,7 @@ public void testClone() {
     omBucketInfo.removeAcl(new OzoneAcl(
         IAccessAuthorizer.ACLIdentityType.USER,
         "newUser",
-        IAccessAuthorizer.ACLType.WRITE_ACL,
-        OzoneAcl.AclScope.ACCESS
+        OzoneAcl.AclScope.ACCESS, IAccessAuthorizer.ACLType.WRITE_ACL
     ));
     assertEquals(0, omBucketInfo.getAcls().size());
     assertEquals(1, cloneBucketInfo.getAcls().size());
@@ -131,8 +128,8 @@ public void getProtobufMessageEC() {
             .setStorageType(StorageType.ARCHIVE).setAcls(Collections
                 .singletonList(new OzoneAcl(
                     IAccessAuthorizer.ACLIdentityType.USER,
-                    "defaultUser", IAccessAuthorizer.ACLType.WRITE_ACL,
-                    OzoneAcl.AclScope.ACCESS))).build();
+                    "defaultUser", OzoneAcl.AclScope.ACCESS, IAccessAuthorizer.ACLType.WRITE_ACL
+                ))).build();
     OzoneManagerProtocolProtos.BucketInfo protobuf = omBucketInfo.getProtobuf();
     // No EC Config
     assertFalse(protobuf.hasDefaultReplicationConfig());
@@ -150,8 +147,8 @@ public void getProtobufMessageEC() {
         .setStorageType(StorageType.ARCHIVE)
         .setAcls(Collections.singletonList(new OzoneAcl(
             IAccessAuthorizer.ACLIdentityType.USER,
-            "defaultUser", IAccessAuthorizer.ACLType.WRITE_ACL,
-            OzoneAcl.AclScope.ACCESS)))
+            "defaultUser", OzoneAcl.AclScope.ACCESS, IAccessAuthorizer.ACLType.WRITE_ACL
+        )))
         .setDefaultReplicationConfig(
             new DefaultReplicationConfig(
                 new ECReplicationConfig(3, 2))).build();
diff --git a/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOmKeyInfo.java b/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOmKeyInfo.java
index 6396f0318dc..4aead0cd8bc 100644
--- a/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOmKeyInfo.java
+++ b/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOmKeyInfo.java
@@ -182,7 +182,7 @@ private void createdAndTest(boolean isMPU) {
 
     key.setAcls(Arrays.asList(new OzoneAcl(
         IAccessAuthorizer.ACLIdentityType.USER, "user1",
-        IAccessAuthorizer.ACLType.WRITE, ACCESS)));
+        ACCESS, IAccessAuthorizer.ACLType.WRITE)));
 
     // Change acls and check.
     assertNotEquals(key, cloneKey);
diff --git a/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOmVolumeArgs.java b/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOmVolumeArgs.java
index f5c854d9e70..41757d957a8 100644
--- a/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOmVolumeArgs.java
+++ b/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOmVolumeArgs.java
@@ -46,7 +46,7 @@ public void testClone() throws Exception {
         .addMetadata("key1", "value1").addMetadata("key2", "value2")
         .addOzoneAcls(
             new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER, "user1",
-                IAccessAuthorizer.ACLType.READ, ACCESS)).build();
+                ACCESS, IAccessAuthorizer.ACLType.READ)).build();
 
     OmVolumeArgs cloneVolumeArgs = omVolumeArgs.copyObject();
 
@@ -55,7 +55,7 @@ public void testClone() throws Exception {
     // add user acl to write.
     omVolumeArgs.addAcl(new OzoneAcl(
         IAccessAuthorizer.ACLIdentityType.USER, "user1",
-        IAccessAuthorizer.ACLType.WRITE, ACCESS));
+        ACCESS, IAccessAuthorizer.ACLType.WRITE));
 
     // Now check clone acl
     assertNotEquals(cloneVolumeArgs.getAcls().get(0),
@@ -64,7 +64,7 @@ public void testClone() throws Exception {
     // Set user acl to Write_ACL.
     omVolumeArgs.setAcls(Collections.singletonList(new OzoneAcl(
         IAccessAuthorizer.ACLIdentityType.USER, "user1",
-        IAccessAuthorizer.ACLType.WRITE_ACL, ACCESS)));
+        ACCESS, IAccessAuthorizer.ACLType.WRITE_ACL)));
 
     assertNotEquals(cloneVolumeArgs.getAcls().get(0),
         omVolumeArgs.getAcls().get(0));
@@ -78,7 +78,7 @@ public void testClone() throws Exception {
 
     omVolumeArgs.removeAcl(new OzoneAcl(
         IAccessAuthorizer.ACLIdentityType.USER, "user1",
-        IAccessAuthorizer.ACLType.WRITE_ACL, ACCESS));
+        ACCESS, IAccessAuthorizer.ACLType.WRITE_ACL));
 
     // Removing acl, in original omVolumeArgs it should have no acls.
     assertEquals(0, omVolumeArgs.getAcls().size());
diff --git a/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOzoneAclUtil.java b/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOzoneAclUtil.java
index cebbab7c752..5781a68b58d 100644
--- a/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOzoneAclUtil.java
+++ b/hadoop-ozone/common/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOzoneAclUtil.java
@@ -49,13 +49,13 @@ public class TestOzoneAclUtil {
       getDefaultAcls();
 
   private static final OzoneAcl USER1 = new OzoneAcl(USER, "user1",
-      ACLType.READ_ACL, ACCESS);
+      ACCESS, ACLType.READ_ACL);
 
   private static final OzoneAcl USER2 = new OzoneAcl(USER, "user2",
-      ACLType.WRITE, ACCESS);
+      ACCESS, ACLType.WRITE);
 
   private static final OzoneAcl GROUP1 = new OzoneAcl(GROUP, "group1",
-      ACLType.ALL, ACCESS);
+      ACCESS, ACLType.ALL);
 
   @Test
   public void testAddAcl() throws IOException {
@@ -65,7 +65,7 @@ public void testAddAcl() throws IOException {
     // Add new permission to existing acl entry.
     OzoneAcl oldAcl = currentAcls.get(0);
     OzoneAcl newAcl = new OzoneAcl(oldAcl.getType(), oldAcl.getName(),
-        ACLType.READ_ACL, ACCESS);
+        ACCESS, ACLType.READ_ACL);
 
     addAndVerifyAcl(currentAcls, newAcl, true, DEFAULT_ACLS.size());
     // Add same permission again and verify result
@@ -97,7 +97,7 @@ public void testRemoveAcl() {
     // Add new permission to existing acl entru.
     OzoneAcl oldAcl = currentAcls.get(0);
     OzoneAcl newAcl = new OzoneAcl(oldAcl.getType(), oldAcl.getName(),
-        ACLType.READ_ACL, ACCESS);
+        ACCESS, ACLType.READ_ACL);
 
     // Remove non existing acl entry
     removeAndVerifyAcl(currentAcls, USER1, false, DEFAULT_ACLS.size());
@@ -191,11 +191,11 @@ private static List<OzoneAcl> getDefaultAcls() {
     IAccessAuthorizer.ACLType groupRights = aclConfig.getGroupDefaultRights();
 
     OzoneAclUtil.addAcl(ozoneAcls, new OzoneAcl(USER,
-        ugi.getUserName(), userRights, ACCESS));
+        ugi.getUserName(), ACCESS, userRights));
     //Group ACLs of the User
     List<String> userGroups = Arrays.asList(ugi.getGroupNames());
     userGroups.stream().forEach((group) -> OzoneAclUtil.addAcl(ozoneAcls,
-        new OzoneAcl(GROUP, group, groupRights, ACCESS)));
+        new OzoneAcl(GROUP, group, ACCESS, groupRights)));
     return ozoneAcls;
   }
 
diff --git a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/fs/ozone/AbstractRootedOzoneFileSystemTest.java b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/fs/ozone/AbstractRootedOzoneFileSystemTest.java
index b77be05f673..366e8a19057 100644
--- a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/fs/ozone/AbstractRootedOzoneFileSystemTest.java
+++ b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/fs/ozone/AbstractRootedOzoneFileSystemTest.java
@@ -94,9 +94,9 @@
 import java.security.PrivilegedExceptionAction;
 import java.util.ArrayList;
 import java.util.Arrays;
-import java.util.BitSet;
 import java.util.Collection;
 import java.util.Collections;
+import java.util.EnumSet;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.LinkedList;
@@ -1187,17 +1187,15 @@ void testSharedTmpDir() throws IOException {
     ACLType userRights = aclConfig.getUserDefaultRights();
     // Construct ACL for world access
     // ACL admin owner, world read+write
-    BitSet aclRights = new BitSet();
-    aclRights.set(READ.ordinal());
-    aclRights.set(WRITE.ordinal());
+    EnumSet<ACLType> aclRights = EnumSet.of(READ, WRITE);
     // volume acls have all access to admin and read+write access to world
 
     // Construct VolumeArgs
     VolumeArgs volumeArgs = VolumeArgs.newBuilder()
         .setAdmin("admin")
         .setOwner("admin")
-        .addAcl(new OzoneAcl(ACLIdentityType.WORLD, "", aclRights, ACCESS))
-        .addAcl(new OzoneAcl(ACLIdentityType.USER, "admin", userRights, ACCESS))
+        .addAcl(new OzoneAcl(ACLIdentityType.WORLD, "", ACCESS, aclRights))
+        .addAcl(new OzoneAcl(ACLIdentityType.USER, "admin", ACCESS, userRights))
         .setQuotaInNamespace(1000)
         .setQuotaInBytes(Long.MAX_VALUE).build();
     // Sanity check
@@ -1232,7 +1230,7 @@ void testSharedTmpDir() throws IOException {
     BucketArgs bucketArgs = new BucketArgs.Builder()
         .setOwner("admin")
         .addAcl(new OzoneAcl(ACLIdentityType.WORLD, "", ACCESS, READ, WRITE, LIST))
-        .addAcl(new OzoneAcl(ACLIdentityType.USER, "admin", userRights, ACCESS))
+        .addAcl(new OzoneAcl(ACLIdentityType.USER, "admin", ACCESS, userRights))
         .setQuotaInNamespace(1000)
         .setQuotaInBytes(Long.MAX_VALUE).build();
 
@@ -1292,7 +1290,7 @@ void testTempMount() throws IOException {
     ACLType userRights = aclConfig.getUserDefaultRights();
     // Construct ACL for world access
     OzoneAcl aclWorldAccess = new OzoneAcl(ACLIdentityType.WORLD, "",
-        userRights, ACCESS);
+        ACCESS, userRights);
     // Construct VolumeArgs
     VolumeArgs volumeArgs = VolumeArgs.newBuilder()
         .addAcl(aclWorldAccess)
@@ -2293,7 +2291,7 @@ void testNonPrivilegedUserMkdirCreateBucket() throws IOException {
     ACLType userRights = aclConfig.getUserDefaultRights();
     // Construct ACL for world access
     OzoneAcl aclWorldAccess = new OzoneAcl(ACLIdentityType.WORLD, "",
-        userRights, ACCESS);
+        ACCESS, userRights);
     // Construct VolumeArgs, set ACL to world access
     VolumeArgs volumeArgs = VolumeArgs.newBuilder()
         .addAcl(aclWorldAccess)
diff --git a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/TestOzoneRpcClientAbstract.java b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/TestOzoneRpcClientAbstract.java
index b8386869308..a77edd3abc5 100644
--- a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/TestOzoneRpcClientAbstract.java
+++ b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/TestOzoneRpcClientAbstract.java
@@ -25,7 +25,6 @@
 import java.time.Instant;
 import java.util.ArrayList;
 import java.util.Arrays;
-import java.util.BitSet;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.LinkedHashMap;
@@ -195,13 +194,13 @@ public abstract class TestOzoneRpcClientAbstract {
   private static String remoteUserName = "remoteUser";
   private static String remoteGroupName = "remoteGroup";
   private static OzoneAcl defaultUserAcl = new OzoneAcl(USER, remoteUserName,
-      READ, DEFAULT);
+      DEFAULT, READ);
   private static OzoneAcl defaultGroupAcl = new OzoneAcl(GROUP, remoteGroupName,
-      READ, DEFAULT);
+      DEFAULT, READ);
   private static OzoneAcl inheritedUserAcl = new OzoneAcl(USER, remoteUserName,
-      READ, ACCESS);
+      ACCESS, READ);
   private static OzoneAcl inheritedGroupAcl = new OzoneAcl(GROUP,
-      remoteGroupName, READ, ACCESS);
+      remoteGroupName, ACCESS, READ);
   private static MessageDigest eTagProvider;
 
   @BeforeAll
@@ -674,7 +673,7 @@ public void testCreateBucketWithAcls()
     String volumeName = UUID.randomUUID().toString();
     String bucketName = UUID.randomUUID().toString();
     OzoneAcl userAcl = new OzoneAcl(USER, "test",
-        READ, ACCESS);
+        ACCESS, READ);
     store.createVolume(volumeName);
     OzoneVolume volume = store.getVolume(volumeName);
     BucketArgs.Builder builder = BucketArgs.newBuilder()
@@ -708,7 +707,7 @@ public void testCreateBucketWithAllArgument()
     String volumeName = UUID.randomUUID().toString();
     String bucketName = UUID.randomUUID().toString();
     OzoneAcl userAcl = new OzoneAcl(USER, "test",
-        ACLType.ALL, ACCESS);
+        ACCESS, ACLType.ALL);
     ReplicationConfig repConfig = new ECReplicationConfig(3, 2);
     store.createVolume(volumeName);
     OzoneVolume volume = store.getVolume(volumeName);
@@ -747,7 +746,7 @@ public void testAddBucketAcl()
     OzoneVolume volume = store.getVolume(volumeName);
     volume.createBucket(bucketName);
     List<OzoneAcl> acls = new ArrayList<>();
-    acls.add(new OzoneAcl(USER, "test", ACLType.ALL, ACCESS));
+    acls.add(new OzoneAcl(USER, "test", ACCESS, ACLType.ALL));
     OzoneBucket bucket = volume.getBucket(bucketName);
     for (OzoneAcl acl : acls) {
       assertTrue(bucket.addAcl(acl));
@@ -763,7 +762,7 @@ public void testRemoveBucketAcl()
     String volumeName = UUID.randomUUID().toString();
     String bucketName = UUID.randomUUID().toString();
     OzoneAcl userAcl = new OzoneAcl(USER, "test",
-        ACLType.ALL, ACCESS);
+        ACCESS, ACLType.ALL);
     store.createVolume(volumeName);
     OzoneVolume volume = store.getVolume(volumeName);
     BucketArgs.Builder builder = BucketArgs.newBuilder()
@@ -782,9 +781,9 @@ public void testRemoveBucketAclUsingRpcClientRemoveAcl()
     String volumeName = UUID.randomUUID().toString();
     String bucketName = UUID.randomUUID().toString();
     OzoneAcl userAcl = new OzoneAcl(USER, "test",
-        ACLType.ALL, ACCESS);
+        ACCESS, ACLType.ALL);
     OzoneAcl acl2 = new OzoneAcl(USER, "test1",
-        ACLType.ALL, ACCESS);
+        ACCESS, ACLType.ALL);
     store.createVolume(volumeName);
     OzoneVolume volume = store.getVolume(volumeName);
     BucketArgs.Builder builder = BucketArgs.newBuilder()
@@ -2703,10 +2702,10 @@ public void testMultipartUploadWithACL() throws Exception {
     OzoneBucket bucket = volume.getBucket(bucketName);
 
     // Add ACL on Bucket
-    OzoneAcl acl1 = new OzoneAcl(USER, "Monday", ACLType.ALL, DEFAULT);
-    OzoneAcl acl2 = new OzoneAcl(USER, "Friday", ACLType.ALL, DEFAULT);
-    OzoneAcl acl3 = new OzoneAcl(USER, "Jan", ACLType.ALL, ACCESS);
-    OzoneAcl acl4 = new OzoneAcl(USER, "Feb", ACLType.ALL, ACCESS);
+    OzoneAcl acl1 = new OzoneAcl(USER, "Monday", DEFAULT, ACLType.ALL);
+    OzoneAcl acl2 = new OzoneAcl(USER, "Friday", DEFAULT, ACLType.ALL);
+    OzoneAcl acl3 = new OzoneAcl(USER, "Jan", ACCESS, ACLType.ALL);
+    OzoneAcl acl4 = new OzoneAcl(USER, "Feb", ACCESS, ACLType.ALL);
     bucket.addAcl(acl1);
     bucket.addAcl(acl2);
     bucket.addAcl(acl3);
@@ -2740,8 +2739,8 @@ public void testMultipartUploadWithACL() throws Exception {
     try (OzoneClient client =
         remoteUser.doAs((PrivilegedExceptionAction<OzoneClient>)
             () -> OzoneClientFactory.getRpcClient(cluster.getConf()))) {
-      OzoneAcl acl5 = new OzoneAcl(USER, userName, ACLType.READ, DEFAULT);
-      OzoneAcl acl6 = new OzoneAcl(USER, userName, ACLType.READ, ACCESS);
+      OzoneAcl acl5 = new OzoneAcl(USER, userName, DEFAULT, ACLType.READ);
+      OzoneAcl acl6 = new OzoneAcl(USER, userName, ACCESS, ACLType.READ);
       OzoneObj volumeObj = OzoneObjInfo.Builder.newBuilder()
           .setVolumeName(volumeName).setStoreType(OzoneObj.StoreType.OZONE)
           .setResType(OzoneObj.ResourceType.VOLUME).build();
@@ -2764,10 +2763,10 @@ public void testMultipartUploadWithACL() throws Exception {
       assertEquals(ResultCodes.PERMISSION_DENIED, ome.getResult());
 
       // Add create permission for user, and try multi-upload init again
-      OzoneAcl acl7 = new OzoneAcl(USER, userName, ACLType.CREATE, DEFAULT);
-      OzoneAcl acl8 = new OzoneAcl(USER, userName, ACLType.CREATE, ACCESS);
-      OzoneAcl acl9 = new OzoneAcl(USER, userName, WRITE, DEFAULT);
-      OzoneAcl acl10 = new OzoneAcl(USER, userName, WRITE, ACCESS);
+      OzoneAcl acl7 = new OzoneAcl(USER, userName, DEFAULT, ACLType.CREATE);
+      OzoneAcl acl8 = new OzoneAcl(USER, userName, ACCESS, ACLType.CREATE);
+      OzoneAcl acl9 = new OzoneAcl(USER, userName, DEFAULT, WRITE);
+      OzoneAcl acl10 = new OzoneAcl(USER, userName, ACCESS, WRITE);
       store.addAcl(volumeObj, acl7);
       store.addAcl(volumeObj, acl8);
       store.addAcl(volumeObj, acl9);
@@ -3444,11 +3443,7 @@ public void testNativeAclsForPrefix() throws Exception {
         .setStoreType(OzoneObj.StoreType.OZONE)
         .build();
 
-    // add acl
-    BitSet aclRights1 = new BitSet();
-    aclRights1.set(READ.ordinal());
-    OzoneAcl user1Acl = new OzoneAcl(USER,
-        "user1", aclRights1, ACCESS);
+    OzoneAcl user1Acl = new OzoneAcl(USER, "user1", ACCESS, READ);
     assertTrue(store.addAcl(prefixObj, user1Acl));
 
     // get acl
@@ -3461,11 +3456,7 @@ public void testNativeAclsForPrefix() throws Exception {
     aclsGet = store.getAcl(prefixObj);
     assertEquals(0, aclsGet.size());
 
-    // set acl
-    BitSet aclRights2 = new BitSet();
-    aclRights2.set(ACLType.ALL.ordinal());
-    OzoneAcl group1Acl = new OzoneAcl(GROUP,
-        "group1", aclRights2, ACCESS);
+    OzoneAcl group1Acl = new OzoneAcl(GROUP, "group1", ACCESS, ACLType.ALL);
     List<OzoneAcl> acls = new ArrayList<>();
     acls.add(user1Acl);
     acls.add(group1Acl);
@@ -3505,12 +3496,11 @@ private List<OzoneAcl> getAclList(OzoneConfiguration conf)
     ACLType userRights = aclConfig.getUserDefaultRights();
     ACLType groupRights = aclConfig.getGroupDefaultRights();
 
-    listOfAcls.add(new OzoneAcl(USER,
-        ugi.getUserName(), userRights, ACCESS));
+    listOfAcls.add(new OzoneAcl(USER, ugi.getUserName(), ACCESS, userRights));
     //Group ACLs of the User
     List<String> userGroups = Arrays.asList(ugi.getGroupNames());
     userGroups.stream().forEach((group) -> listOfAcls.add(
-        new OzoneAcl(GROUP, group, groupRights, ACCESS)));
+        new OzoneAcl(GROUP, group, ACCESS, groupRights)));
     return listOfAcls;
   }
 
@@ -3526,7 +3516,7 @@ private void validateOzoneAccessAcl(OzoneObj ozObj) throws IOException {
     if (expectedAcls.size() > 0) {
       OzoneAcl oldAcl = expectedAcls.get(0);
       OzoneAcl newAcl = new OzoneAcl(oldAcl.getType(), oldAcl.getName(),
-          ACLType.READ_ACL, oldAcl.getAclScope());
+          oldAcl.getAclScope(), ACLType.READ_ACL);
       // Verify that operation successful.
       assertTrue(store.addAcl(ozObj, newAcl));
 
@@ -3577,9 +3567,9 @@ private void validateOzoneAccessAcl(OzoneObj ozObj) throws IOException {
 
     // Reset acl's.
     OzoneAcl ua = new OzoneAcl(USER, "userx",
-        ACLType.READ_ACL, ACCESS);
+        ACCESS, ACLType.READ_ACL);
     OzoneAcl ug = new OzoneAcl(GROUP, "userx",
-        ACLType.ALL, ACCESS);
+        ACCESS, ACLType.ALL);
     store.setAcl(ozObj, Arrays.asList(ua, ug));
     newAcls = store.getAcl(ozObj);
     assertEquals(2, newAcls.size());
@@ -3907,7 +3897,7 @@ public void testSetS3VolumeAcl() throws Exception {
         .setStoreType(OzoneObj.StoreType.OZONE)
         .build();
 
-    OzoneAcl ozoneAcl = new OzoneAcl(USER, remoteUserName, WRITE, DEFAULT);
+    OzoneAcl ozoneAcl = new OzoneAcl(USER, remoteUserName, DEFAULT, WRITE);
 
     boolean result = store.addAcl(s3vVolume, ozoneAcl);
 
diff --git a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/TestOzoneRpcClientForAclAuditLog.java b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/TestOzoneRpcClientForAclAuditLog.java
index e373b06d950..8f3c8262040 100644
--- a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/TestOzoneRpcClientForAclAuditLog.java
+++ b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/client/rpc/TestOzoneRpcClientForAclAuditLog.java
@@ -83,10 +83,10 @@ public class TestOzoneRpcClientForAclAuditLog {
   private static UserGroupInformation ugi;
   private static final OzoneAcl USER_ACL =
       new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER,
-          "johndoe", IAccessAuthorizer.ACLType.ALL, ACCESS);
+          "johndoe", ACCESS, IAccessAuthorizer.ACLType.ALL);
   private static final OzoneAcl USER_ACL_2 =
       new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER,
-          "jane", IAccessAuthorizer.ACLType.ALL, ACCESS);
+          "jane", ACCESS, IAccessAuthorizer.ACLType.ALL);
   private static List<OzoneAcl> aclListToAdd = new ArrayList<>();
   private static MiniOzoneCluster cluster = null;
   private static OzoneClient ozClient = null;
diff --git a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestBucketOwner.java b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestBucketOwner.java
index 37fec8dcda7..97512fec40c 100644
--- a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestBucketOwner.java
+++ b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestBucketOwner.java
@@ -123,7 +123,7 @@ public void testBucketOwner() throws Exception {
       ozoneBucket.getAcls();
       //Add Acls
       OzoneAcl acl = new OzoneAcl(USER, "testuser",
-          IAccessAuthorizer.ACLType.ALL, DEFAULT);
+          DEFAULT, IAccessAuthorizer.ACLType.ALL);
       ozoneBucket.addAcl(acl);
     }
   }
@@ -179,7 +179,7 @@ public void testNonBucketNonVolumeOwner() throws Exception {
         OzoneVolume volume = client.getObjectStore().getVolume("volume1");
         OzoneBucket ozoneBucket = volume.getBucket("bucket1");
         OzoneAcl acl = new OzoneAcl(USER, "testuser1",
-            IAccessAuthorizer.ACLType.ALL, DEFAULT);
+            DEFAULT, IAccessAuthorizer.ACLType.ALL);
         ozoneBucket.addAcl(acl);
       }, "Add Acls as non-volume and non-bucket owner should fail");
     }
@@ -202,7 +202,7 @@ public void testVolumeOwner() throws Exception {
       ozoneBucket.getAcls();
       //Add Acls
       OzoneAcl acl = new OzoneAcl(USER, "testuser2",
-          IAccessAuthorizer.ACLType.ALL, DEFAULT);
+          DEFAULT, IAccessAuthorizer.ACLType.ALL);
       ozoneBucket.addAcl(acl);
       //Bucket Delete
       volume.deleteBucket("bucket2");
diff --git a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestKeyManagerImpl.java b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestKeyManagerImpl.java
index 9a5ded71484..f443104871f 100644
--- a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestKeyManagerImpl.java
+++ b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestKeyManagerImpl.java
@@ -24,7 +24,6 @@
 import java.nio.file.Paths;
 import java.util.ArrayList;
 import java.util.Arrays;
-import java.util.BitSet;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -87,7 +86,6 @@
 import org.apache.hadoop.ozone.om.helpers.BucketLayout;
 import org.apache.hadoop.ozone.om.protocol.OzoneManagerProtocol;
 import org.apache.hadoop.ozone.om.request.OMRequestTestUtils;
-import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
 import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLIdentityType;
 import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLType;
 import org.apache.hadoop.ozone.security.acl.OzoneObj;
@@ -129,6 +127,8 @@
 import org.junit.jupiter.params.provider.MethodSource;
 import org.junit.jupiter.params.provider.ValueSource;
 
+import static org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLType.READ;
+import static org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLType.WRITE;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNotEquals;
@@ -531,7 +531,7 @@ public void testPrefixAclOps() throws IOException {
         .build();
 
     OzoneAcl ozAcl1 = new OzoneAcl(ACLIdentityType.USER, "user1",
-        ACLType.READ, ACCESS);
+        ACCESS, ACLType.READ);
     writeClient.addAcl(ozPrefix1, ozAcl1);
 
     List<OzoneAcl> ozAclGet = writeClient.getAcl(ozPrefix1);
@@ -539,24 +539,13 @@ public void testPrefixAclOps() throws IOException {
     assertEquals(ozAcl1, ozAclGet.get(0));
 
     List<OzoneAcl> acls = new ArrayList<>();
-    OzoneAcl ozAcl2 = new OzoneAcl(ACLIdentityType.USER, "admin",
-        ACLType.ALL, ACCESS);
+    OzoneAcl ozAcl2 = new OzoneAcl(ACLIdentityType.USER, "admin", ACCESS, ACLType.ALL);
 
-    BitSet rwRights = new BitSet();
-    rwRights.set(IAccessAuthorizer.ACLType.WRITE.ordinal());
-    rwRights.set(IAccessAuthorizer.ACLType.READ.ordinal());
-    OzoneAcl ozAcl3 = new OzoneAcl(ACLIdentityType.GROUP, "dev",
-        rwRights, ACCESS);
+    OzoneAcl ozAcl3 = new OzoneAcl(ACLIdentityType.GROUP, "dev", ACCESS, READ, WRITE);
 
-    BitSet wRights = new BitSet();
-    wRights.set(IAccessAuthorizer.ACLType.WRITE.ordinal());
-    OzoneAcl ozAcl4 = new OzoneAcl(ACLIdentityType.GROUP, "dev",
-        wRights, ACCESS);
+    OzoneAcl ozAcl4 = new OzoneAcl(ACLIdentityType.GROUP, "dev", ACCESS, WRITE);
 
-    BitSet rRights = new BitSet();
-    rRights.set(IAccessAuthorizer.ACLType.READ.ordinal());
-    OzoneAcl ozAcl5 = new OzoneAcl(ACLIdentityType.GROUP, "dev",
-        rRights, ACCESS);
+    OzoneAcl ozAcl5 = new OzoneAcl(ACLIdentityType.GROUP, "dev", ACCESS, READ);
 
     acls.add(ozAcl2);
     acls.add(ozAcl3);
@@ -628,7 +617,7 @@ public void testInvalidPrefixAcl() throws IOException {
     // Invalid prefix not ending with "/"
     String invalidPrefix = "invalid/pf";
     OzoneAcl ozAcl1 = new OzoneAcl(ACLIdentityType.USER, "user1",
-        ACLType.READ, ACCESS);
+        ACCESS, ACLType.READ);
 
     OzoneObj ozInvalidPrefix = new OzoneObjInfo.Builder()
         .setVolumeName(volumeName)
@@ -692,7 +681,7 @@ public void testLongestPrefixPath() throws IOException {
         .build();
 
     OzoneAcl ozAcl1 = new OzoneAcl(ACLIdentityType.USER, "user1",
-        ACLType.READ, ACCESS);
+        ACCESS, ACLType.READ);
     writeClient.addAcl(ozPrefix1, ozAcl1);
 
     OzoneObj ozFile1 = new OzoneObjInfo.Builder()
diff --git a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestOmMetrics.java b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestOmMetrics.java
index 95335d4e39d..901670301ef 100644
--- a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestOmMetrics.java
+++ b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestOmMetrics.java
@@ -629,7 +629,7 @@ public void testAclOperations() throws Exception {
       // Test addAcl
       writeClient.addAcl(volObj,
           new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER, "ozoneuser",
-              IAccessAuthorizer.ACLType.ALL, ACCESS));
+              ACCESS, IAccessAuthorizer.ACLType.ALL));
       omMetrics = getMetrics("OMMetrics");
       assertCounter("NumAddAcl", 1L, omMetrics);
 
@@ -695,7 +695,7 @@ private void testAclMetricsInternal(ObjectStore objectStore, OzoneObj volObj,
     long initialValue = metrics.getNumAddAcl();
     objectStore.addAcl(volObj,
         new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER, "ozoneuser",
-            IAccessAuthorizer.ACLType.ALL, ACCESS));
+            ACCESS, IAccessAuthorizer.ACLType.ALL));
 
     assertEquals(initialValue + 1, metrics.getNumAddAcl());
 
diff --git a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestOzoneManagerHAWithAllRunning.java b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestOzoneManagerHAWithAllRunning.java
index 0a5fab260b5..716c1003d26 100644
--- a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestOzoneManagerHAWithAllRunning.java
+++ b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/TestOzoneManagerHAWithAllRunning.java
@@ -561,7 +561,7 @@ void testAddBucketAcl() throws Exception {
     OzoneBucket ozoneBucket = setupBucket();
     String remoteUserName = "remoteUser";
     OzoneAcl defaultUserAcl = new OzoneAcl(USER, remoteUserName,
-        READ, DEFAULT);
+        DEFAULT, READ);
 
     OzoneObj ozoneObj = buildBucketObj(ozoneBucket);
 
@@ -573,7 +573,7 @@ void testRemoveBucketAcl() throws Exception {
     OzoneBucket ozoneBucket = setupBucket();
     String remoteUserName = "remoteUser";
     OzoneAcl defaultUserAcl = new OzoneAcl(USER, remoteUserName,
-        READ, DEFAULT);
+        DEFAULT, READ);
 
     OzoneObj ozoneObj = buildBucketObj(ozoneBucket);
 
@@ -586,7 +586,7 @@ void testSetBucketAcl() throws Exception {
     OzoneBucket ozoneBucket = setupBucket();
     String remoteUserName = "remoteUser";
     OzoneAcl defaultUserAcl = new OzoneAcl(USER, remoteUserName,
-        READ, DEFAULT);
+        DEFAULT, READ);
 
     OzoneObj ozoneObj = buildBucketObj(ozoneBucket);
 
@@ -618,7 +618,7 @@ void testAddKeyAcl() throws Exception {
     OzoneBucket ozoneBucket = setupBucket();
     String remoteUserName = "remoteUser";
     OzoneAcl userAcl = new OzoneAcl(USER, remoteUserName,
-        READ, DEFAULT);
+        DEFAULT, READ);
 
     String key = createKey(ozoneBucket);
 
@@ -632,7 +632,7 @@ void testRemoveKeyAcl() throws Exception {
     OzoneBucket ozoneBucket = setupBucket();
     String remoteUserName = "remoteUser";
     OzoneAcl userAcl = new OzoneAcl(USER, remoteUserName,
-        READ, DEFAULT);
+        DEFAULT, READ);
 
     String key = createKey(ozoneBucket);
 
@@ -647,7 +647,7 @@ void testSetKeyAcl() throws Exception {
     OzoneBucket ozoneBucket = setupBucket();
     String remoteUserName = "remoteUser";
     OzoneAcl userAcl = new OzoneAcl(USER, remoteUserName,
-        READ, DEFAULT);
+        DEFAULT, READ);
 
     String key = createKey(ozoneBucket);
 
@@ -663,7 +663,7 @@ void testAddPrefixAcl() throws Exception {
     String remoteUserName = "remoteUser";
     String prefixName = RandomStringUtils.randomAlphabetic(5) + "/";
     OzoneAcl defaultUserAcl = new OzoneAcl(USER, remoteUserName,
-        READ, DEFAULT);
+        DEFAULT, READ);
 
     OzoneObj ozoneObj = buildPrefixObj(ozoneBucket, prefixName);
 
@@ -676,9 +676,9 @@ void testRemovePrefixAcl() throws Exception {
     String remoteUserName = "remoteUser";
     String prefixName = RandomStringUtils.randomAlphabetic(5) + "/";
     OzoneAcl userAcl = new OzoneAcl(USER, remoteUserName,
-        READ, ACCESS);
+        ACCESS, READ);
     OzoneAcl userAcl1 = new OzoneAcl(USER, "remote",
-        READ, ACCESS);
+        ACCESS, READ);
 
     OzoneObj ozoneObj = buildPrefixObj(ozoneBucket, prefixName);
 
@@ -708,7 +708,7 @@ void testSetPrefixAcl() throws Exception {
     String remoteUserName = "remoteUser";
     String prefixName = RandomStringUtils.randomAlphabetic(5) + "/";
     OzoneAcl defaultUserAcl = new OzoneAcl(USER, remoteUserName,
-        READ, DEFAULT);
+        DEFAULT, READ);
 
     OzoneObj ozoneObj = buildPrefixObj(ozoneBucket, prefixName);
 
@@ -724,13 +724,13 @@ void testLinkBucketAddBucketAcl() throws Exception {
     OzoneObj srcObj = buildBucketObj(srcBucket);
 
     // Add ACL to the LINK and verify that it is added to the source bucket
-    OzoneAcl acl1 = new OzoneAcl(USER, "remoteUser1", READ, DEFAULT);
+    OzoneAcl acl1 = new OzoneAcl(USER, "remoteUser1", DEFAULT, READ);
     boolean addAcl = getObjectStore().addAcl(linkObj, acl1);
     assertTrue(addAcl);
     assertEqualsAcls(srcObj, linkObj);
 
     // Add ACL to the SOURCE and verify that it from link
-    OzoneAcl acl2 = new OzoneAcl(USER, "remoteUser2", WRITE, DEFAULT);
+    OzoneAcl acl2 = new OzoneAcl(USER, "remoteUser2", DEFAULT, WRITE);
     boolean addAcl2 = getObjectStore().addAcl(srcObj, acl2);
     assertTrue(addAcl2);
     assertEqualsAcls(srcObj, linkObj);
@@ -777,14 +777,14 @@ void testLinkBucketSetBucketAcl() throws Exception {
 
     // Set ACL to the LINK and verify that it is set to the source bucket
     List<OzoneAcl> acl1 = Collections.singletonList(
-        new OzoneAcl(USER, "remoteUser1", READ, DEFAULT));
+        new OzoneAcl(USER, "remoteUser1", DEFAULT, READ));
     boolean setAcl1 = getObjectStore().setAcl(linkObj, acl1);
     assertTrue(setAcl1);
     assertEqualsAcls(srcObj, linkObj);
 
     // Set ACL to the SOURCE and verify that it from link
     List<OzoneAcl> acl2 = Collections.singletonList(
-        new OzoneAcl(USER, "remoteUser2", WRITE, DEFAULT));
+        new OzoneAcl(USER, "remoteUser2", DEFAULT, WRITE));
     boolean setAcl2 = getObjectStore().setAcl(srcObj, acl2);
     assertTrue(setAcl2);
     assertEqualsAcls(srcObj, linkObj);
@@ -800,12 +800,12 @@ void testLinkBucketAddKeyAcl() throws Exception {
     OzoneObj srcObj = buildKeyObj(srcBucket, key);
 
     String user1 = "remoteUser1";
-    OzoneAcl acl1 = new OzoneAcl(USER, user1, READ, DEFAULT);
+    OzoneAcl acl1 = new OzoneAcl(USER, user1, DEFAULT, READ);
     testAddAcl(user1, linkObj, acl1);  // case1: set link acl
     assertEqualsAcls(srcObj, linkObj);
 
     String user2 = "remoteUser2";
-    OzoneAcl acl2 = new OzoneAcl(USER, user2, READ, DEFAULT);
+    OzoneAcl acl2 = new OzoneAcl(USER, user2, DEFAULT, READ);
     testAddAcl(user2, srcObj, acl2);  // case2: set src acl
     assertEqualsAcls(srcObj, linkObj);
 
@@ -821,7 +821,7 @@ void testLinkBucketRemoveKeyAcl() throws Exception {
     OzoneObj linkObj = buildKeyObj(linkedBucket, key);
     OzoneObj srcObj = buildKeyObj(srcBucket, key);
     String user = "remoteUser1";
-    OzoneAcl acl = new OzoneAcl(USER, user, READ, DEFAULT);
+    OzoneAcl acl = new OzoneAcl(USER, user, DEFAULT, READ);
     testRemoveAcl(user, linkObj, acl);
     assertEqualsAcls(srcObj, linkObj);
 
@@ -832,7 +832,7 @@ void testLinkBucketRemoveKeyAcl() throws Exception {
     OzoneObj linkObj2 = buildKeyObj(linkedBucket2, key2);
     OzoneObj srcObj2 = buildKeyObj(srcBucket2, key2);
     String user2 = "remoteUser2";
-    OzoneAcl acl2 = new OzoneAcl(USER, user2, READ, DEFAULT);
+    OzoneAcl acl2 = new OzoneAcl(USER, user2, DEFAULT, READ);
     testRemoveAcl(user2, srcObj2, acl2);
     assertEqualsAcls(srcObj2, linkObj2);
 
@@ -847,12 +847,12 @@ void testLinkBucketSetKeyAcl() throws Exception {
     OzoneObj srcObj = buildKeyObj(srcBucket, key);
 
     String user1 = "remoteUser1";
-    OzoneAcl acl1 = new OzoneAcl(USER, user1, READ, DEFAULT);
+    OzoneAcl acl1 = new OzoneAcl(USER, user1, DEFAULT, READ);
     testSetAcl(user1, linkObj, acl1);  // case1: set link acl
     assertEqualsAcls(srcObj, linkObj);
 
     String user2 = "remoteUser2";
-    OzoneAcl acl2 = new OzoneAcl(USER, user2, READ, DEFAULT);
+    OzoneAcl acl2 = new OzoneAcl(USER, user2, DEFAULT, READ);
     testSetAcl(user2, srcObj, acl2);  // case2: set src acl
     assertEqualsAcls(srcObj, linkObj);
 
@@ -868,12 +868,12 @@ void testLinkBucketAddPrefixAcl() throws Exception {
     createPrefix(linkObj);
 
     String user1 = "remoteUser1";
-    OzoneAcl acl1 = new OzoneAcl(USER, user1, READ, DEFAULT);
+    OzoneAcl acl1 = new OzoneAcl(USER, user1, DEFAULT, READ);
     testAddAcl(user1, linkObj, acl1);  // case1: set link acl
     assertEqualsAcls(srcObj, linkObj);
 
     String user2 = "remoteUser2";
-    OzoneAcl acl2 = new OzoneAcl(USER, user2, READ, DEFAULT);
+    OzoneAcl acl2 = new OzoneAcl(USER, user2, DEFAULT, READ);
     testAddAcl(user2, srcObj, acl2);  // case2: set src acl
     assertEqualsAcls(srcObj, linkObj);
 
@@ -891,7 +891,7 @@ void testLinkBucketRemovePrefixAcl() throws Exception {
     createPrefix(linkObj);
 
     String user = "remoteUser1";
-    OzoneAcl acl = new OzoneAcl(USER, user, READ, DEFAULT);
+    OzoneAcl acl = new OzoneAcl(USER, user, DEFAULT, READ);
     testRemoveAcl(user, linkObj, acl);
     assertEqualsAcls(srcObj, linkObj);
 
@@ -904,7 +904,7 @@ void testLinkBucketRemovePrefixAcl() throws Exception {
     createPrefix(srcObj2);
 
     String user2 = "remoteUser2";
-    OzoneAcl acl2 = new OzoneAcl(USER, user2, READ, DEFAULT);
+    OzoneAcl acl2 = new OzoneAcl(USER, user2, DEFAULT, READ);
     testRemoveAcl(user2, srcObj2, acl2);
     assertEqualsAcls(srcObj2, linkObj2);
 
@@ -920,12 +920,12 @@ void testLinkBucketSetPrefixAcl() throws Exception {
     createPrefix(linkObj);
 
     String user1 = "remoteUser1";
-    OzoneAcl acl1 = new OzoneAcl(USER, user1, READ, DEFAULT);
+    OzoneAcl acl1 = new OzoneAcl(USER, user1, DEFAULT, READ);
     testSetAcl(user1, linkObj, acl1);  // case1: set link acl
     assertEqualsAcls(srcObj, linkObj);
 
     String user2 = "remoteUser2";
-    OzoneAcl acl2 = new OzoneAcl(USER, user2, READ, DEFAULT);
+    OzoneAcl acl2 = new OzoneAcl(USER, user2, DEFAULT, READ);
     testSetAcl(user2, srcObj, acl2);  // case2: set src acl
     assertEqualsAcls(srcObj, linkObj);
 
@@ -998,7 +998,7 @@ private void testSetAcl(String remoteUserName, OzoneObj ozoneObj,
     }
 
     OzoneAcl modifiedUserAcl = new OzoneAcl(USER, remoteUserName,
-        WRITE, DEFAULT);
+        DEFAULT, WRITE);
 
     List<OzoneAcl> newAcls = Collections.singletonList(modifiedUserAcl);
     boolean setAcl = objectStore.setAcl(ozoneObj, newAcls);
@@ -1031,7 +1031,7 @@ private void testAddAcl(String remoteUserName, OzoneObj ozoneObj,
 
     // Add an acl by changing acl type with same type, name and scope.
     userAcl = new OzoneAcl(USER, remoteUserName,
-        WRITE, DEFAULT);
+        DEFAULT, WRITE);
     addAcl = objectStore.addAcl(ozoneObj, userAcl);
     assertTrue(addAcl);
   }
@@ -1052,7 +1052,7 @@ private void testAddLinkAcl(String remoteUserName, OzoneObj ozoneObj,
 
     // Add an acl by changing acl type with same type, name and scope.
     userAcl = new OzoneAcl(USER, remoteUserName,
-        WRITE, DEFAULT);
+        DEFAULT, WRITE);
     addAcl = objectStore.addAcl(ozoneObj, userAcl);
     assertTrue(addAcl);
   }
@@ -1067,7 +1067,7 @@ private void testRemoveAcl(String remoteUserName, OzoneObj ozoneObj,
       objectStore.addAcl(ozoneObj, userAcl);
       // Add another arbitrary group ACL since the prefix will be removed when removing
       // the last ACL for the prefix and PREFIX_NOT_FOUND will be thrown
-      OzoneAcl groupAcl = new OzoneAcl(GROUP, "arbitrary-group", READ, ACCESS);
+      OzoneAcl groupAcl = new OzoneAcl(GROUP, "arbitrary-group", ACCESS, READ);
       objectStore.addAcl(ozoneObj, groupAcl);
     }
     acls = objectStore.getAcl(ozoneObj);
@@ -1087,7 +1087,7 @@ private void testRemoveAcl(String remoteUserName, OzoneObj ozoneObj,
 
     // Just changed acl type here to write, rest all is same as defaultUserAcl.
     OzoneAcl modifiedUserAcl = new OzoneAcl(USER, remoteUserName,
-        WRITE, DEFAULT);
+        DEFAULT, WRITE);
     addAcl = objectStore.addAcl(ozoneObj, modifiedUserAcl);
     assertTrue(addAcl);
 
diff --git a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/snapshot/TestOmSnapshot.java b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/snapshot/TestOmSnapshot.java
index b4e06c03426..ed399b37042 100644
--- a/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/snapshot/TestOmSnapshot.java
+++ b/hadoop-ozone/integration-test/src/test/java/org/apache/hadoop/ozone/om/snapshot/TestOmSnapshot.java
@@ -1090,7 +1090,7 @@ public void testSnapdiffWithObjectMetaModification() throws Exception {
     createSnapshot(testVolumeName, testBucketName, snap1);
     OzoneObj keyObj = buildKeyObj(bucket, key1);
     OzoneAcl userAcl = new OzoneAcl(USER, "user",
-        WRITE, DEFAULT);
+        DEFAULT, WRITE);
     store.addAcl(keyObj, userAcl);
 
     String snap2 = "snap2";
diff --git a/hadoop-ozone/interface-storage/src/main/java/org/apache/hadoop/ozone/om/helpers/OzoneAclStorage.java b/hadoop-ozone/interface-storage/src/main/java/org/apache/hadoop/ozone/om/helpers/OzoneAclStorage.java
index 22284e11701..cb9bdc2b4be 100644
--- a/hadoop-ozone/interface-storage/src/main/java/org/apache/hadoop/ozone/om/helpers/OzoneAclStorage.java
+++ b/hadoop-ozone/interface-storage/src/main/java/org/apache/hadoop/ozone/om/helpers/OzoneAclStorage.java
@@ -18,9 +18,15 @@
 package org.apache.hadoop.ozone.om.helpers;
 
 import com.google.protobuf.ByteString;
+
 import java.util.BitSet;
+import java.util.EnumSet;
+import java.util.List;
+import java.util.stream.Collectors;
+
 import org.apache.hadoop.ozone.OzoneAcl;
 import org.apache.hadoop.ozone.OzoneAcl.AclScope;
+import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
 import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer.ACLIdentityType;
 import org.apache.hadoop.ozone.storage.proto.OzoneManagerStorageProtos.OzoneAclInfo;
 import org.apache.hadoop.ozone.storage.proto.OzoneManagerStorageProtos.OzoneAclInfo.OzoneAclScope;
@@ -55,9 +61,12 @@ public static OzoneAclInfo toProtobuf(OzoneAcl acl) {
 
   public static OzoneAcl fromProtobuf(OzoneAclInfo protoAcl) {
     BitSet aclRights = BitSet.valueOf(protoAcl.getRights().toByteArray());
+    List<IAccessAuthorizer.ACLType> aclTypeList = aclRights.stream()
+        .mapToObj(a -> IAccessAuthorizer.ACLType.values()[a])
+        .collect(Collectors.toList());
+    EnumSet<IAccessAuthorizer.ACLType> aclSet = EnumSet.copyOf(aclTypeList);
     return new OzoneAcl(ACLIdentityType.valueOf(protoAcl.getType().name()),
-        protoAcl.getName(), aclRights,
-        AclScope.valueOf(protoAcl.getAclScope().name()));
+        protoAcl.getName(), AclScope.valueOf(protoAcl.getAclScope().name()), aclSet);
   }
 
 }
diff --git a/hadoop-ozone/interface-storage/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOmPrefixInfo.java b/hadoop-ozone/interface-storage/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOmPrefixInfo.java
index a8394b68f9b..8070c93cd65 100644
--- a/hadoop-ozone/interface-storage/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOmPrefixInfo.java
+++ b/hadoop-ozone/interface-storage/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOmPrefixInfo.java
@@ -77,7 +77,7 @@ private OmPrefixInfo getOmPrefixInfoForTest(String path,
     return new OmPrefixInfo(path,
         new ArrayList<>(Collections.singletonList(new OzoneAcl(
             identityType, identityString,
-            aclType, scope))), new HashMap<>(), 10, 100);
+            scope, aclType))), new HashMap<>(), 10, 100);
   }
 
 
@@ -98,7 +98,7 @@ public void testCopyObject() {
     // Change acls and check.
     omPrefixInfo.addAcl(new OzoneAcl(
         IAccessAuthorizer.ACLIdentityType.USER, username,
-        IAccessAuthorizer.ACLType.READ, ACCESS));
+        ACCESS, IAccessAuthorizer.ACLType.READ));
 
     assertNotEquals(omPrefixInfo, clonePrefixInfo);
 
diff --git a/hadoop-ozone/interface-storage/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOmPrefixInfoCodec.java b/hadoop-ozone/interface-storage/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOmPrefixInfoCodec.java
index f3ad1d8c762..4820b37e1ba 100644
--- a/hadoop-ozone/interface-storage/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOmPrefixInfoCodec.java
+++ b/hadoop-ozone/interface-storage/src/test/java/org/apache/hadoop/ozone/om/helpers/TestOmPrefixInfoCodec.java
@@ -45,7 +45,7 @@ public void testToAndFromPersistedFormat() throws IOException {
 
     List<OzoneAcl> acls = new LinkedList<>();
     OzoneAcl ozoneAcl = new OzoneAcl(ACLIdentityType.USER,
-        "hive", ACLType.ALL, ACCESS);
+        "hive", ACCESS, ACLType.ALL);
     acls.add(ozoneAcl);
     OmPrefixInfo opiSave = OmPrefixInfo.newBuilder()
         .setName("/user/hive/warehouse")
diff --git a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
index 9d18107a5d2..52299c820ab 100644
--- a/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
+++ b/hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/om/OzoneManager.java
@@ -4495,13 +4495,13 @@ private OmVolumeArgs createS3VolumeContext(String s3Volume,
     List<OzoneAcl> listOfAcls = new ArrayList<>();
     //User ACL
     listOfAcls.add(new OzoneAcl(ACLIdentityType.USER,
-        userName, ACLType.ALL, ACCESS));
+        userName, ACCESS, ACLType.ALL));
     //Group ACLs of the User
     List<String> userGroups = Arrays.asList(UserGroupInformation
         .createRemoteUser(userName).getGroupNames());
 
     userGroups.forEach((group) -> listOfAcls.add(
-        new OzoneAcl(ACLIdentityType.GROUP, group, ACLType.ALL, ACCESS)));
+        new OzoneAcl(ACLIdentityType.GROUP, group, ACCESS, ACLType.ALL)));
 
     // Add ACLs
     for (OzoneAcl ozoneAcl : listOfAcls) {
diff --git a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/response/key/acl/prefix/TestOMPrefixAclResponse.java b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/response/key/acl/prefix/TestOMPrefixAclResponse.java
index 543266b51ae..5ebd2e6fa1c 100644
--- a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/response/key/acl/prefix/TestOMPrefixAclResponse.java
+++ b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/om/response/key/acl/prefix/TestOMPrefixAclResponse.java
@@ -51,9 +51,9 @@ public class TestOMPrefixAclResponse extends TestOMKeyResponse {
   @Test
   public void testAddToDBBatch() throws Exception {
     final OzoneAcl user1 = new OzoneAcl(USER, "user1",
-        ACLType.READ_ACL, ACCESS);
+        ACCESS, ACLType.READ_ACL);
     final OzoneAcl user2 = new OzoneAcl(USER, "user2",
-        ACLType.WRITE, ACCESS);
+        ACCESS, ACLType.WRITE);
     final String prefixName = "/vol/buck/prefix/";
     List<OzoneAcl> acls = Arrays.asList(user1, user2);
 
diff --git a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/acl/TestOzoneNativeAuthorizer.java b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/acl/TestOzoneNativeAuthorizer.java
index 52dea922d53..7eb46f617f3 100644
--- a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/acl/TestOzoneNativeAuthorizer.java
+++ b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/acl/TestOzoneNativeAuthorizer.java
@@ -242,9 +242,9 @@ public void testCheckAccessForBucket(
       ACLType groupRight, boolean expectedResult) throws Exception {
     createAll(keyName, prefixName, userRight, groupRight, expectedResult);
     OzoneAcl userAcl = new OzoneAcl(USER, testUgi.getUserName(),
-        parentDirUserAcl, ACCESS);
+        ACCESS, parentDirUserAcl);
     OzoneAcl groupAcl = new OzoneAcl(GROUP, testUgi.getGroups().size() > 0 ?
-        testUgi.getGroups().get(0) : "", parentDirGroupAcl, ACCESS);
+        testUgi.getGroups().get(0) : "", ACCESS, parentDirGroupAcl);
     // Set access for volume.
     // We should directly add to table because old API's update to DB.
 
@@ -264,9 +264,9 @@ public void testCheckAccessForKey(
       ACLType groupRight, boolean expectedResult) throws Exception {
     createAll(keyName, prefixName, userRight, groupRight, expectedResult);
     OzoneAcl userAcl = new OzoneAcl(USER, testUgi.getUserName(),
-        parentDirUserAcl, ACCESS);
+        ACCESS, parentDirUserAcl);
     OzoneAcl groupAcl = new OzoneAcl(GROUP, testUgi.getGroups().size() > 0 ?
-        testUgi.getGroups().get(0) : "", parentDirGroupAcl, ACCESS);
+        testUgi.getGroups().get(0) : "", ACCESS, parentDirGroupAcl);
     // Set access for volume & bucket. We should directly add to table
     // because old API's update to DB.
 
@@ -294,9 +294,9 @@ public void testCheckAccessForPrefix(
         .build();
 
     OzoneAcl userAcl = new OzoneAcl(USER, testUgi.getUserName(),
-        parentDirUserAcl, ACCESS);
+        ACCESS, parentDirUserAcl);
     OzoneAcl groupAcl = new OzoneAcl(GROUP, testUgi.getGroups().size() > 0 ?
-        testUgi.getGroups().get(0) : "", parentDirGroupAcl, ACCESS);
+        testUgi.getGroups().get(0) : "", ACCESS, parentDirGroupAcl);
     // Set access for volume & bucket. We should directly add to table
     // because old API's update to DB.
 
@@ -351,8 +351,8 @@ private void resetAclsAndValidateAccess(
      *    if user/group has access to them.
      */
     for (ACLType a1 : allAcls) {
-      OzoneAcl newAcl = new OzoneAcl(accessType, getAclName(accessType), a1,
-          ACCESS);
+      OzoneAcl newAcl = new OzoneAcl(accessType, getAclName(accessType), ACCESS, a1
+      );
 
       // Reset acls to only one right.
       if (obj.getResourceType() == VOLUME) {
@@ -431,7 +431,7 @@ private void resetAclsAndValidateAccess(
           ACLIdentityType identityType = ACLIdentityType.values()[type];
           // Add remaining acls one by one and then check access.
           OzoneAcl addAcl = new OzoneAcl(identityType,
-              getAclName(identityType), a2, ACCESS);
+              getAclName(identityType), ACCESS, a2);
 
           // For volume and bucket update to cache. As Old API's update to
           // only DB not cache.
diff --git a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/acl/TestParentAcl.java b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/acl/TestParentAcl.java
index f5220df1783..e7ef8f51c4c 100644
--- a/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/acl/TestParentAcl.java
+++ b/hadoop-ozone/ozone-manager/src/test/java/org/apache/hadoop/ozone/security/acl/TestParentAcl.java
@@ -223,10 +223,10 @@ private void testParentChild(OzoneObj child,
         .setAclRights(childAclType).build();
 
     OzoneAcl childAcl = new OzoneAcl(USER,
-        testUgi1.getUserName(), childAclType, ACCESS);
+        testUgi1.getUserName(), ACCESS, childAclType);
 
     OzoneAcl parentAcl = new OzoneAcl(USER,
-        testUgi1.getUserName(), parentAclType, ACCESS);
+        testUgi1.getUserName(), ACCESS, parentAclType);
 
     assertFalse(nativeAuthorizer.checkAccess(child, requestContext));
     if (child.getResourceType() == BUCKET) {
@@ -254,7 +254,7 @@ private void testParentChild(OzoneObj child,
 
       // add the volume acl (grand-parent), now key access is allowed.
       OzoneAcl parentVolumeAcl = new OzoneAcl(USER,
-          testUgi1.getUserName(), READ, ACCESS);
+          testUgi1.getUserName(), ACCESS, READ);
       addVolumeAcl(child.getVolumeName(), parentVolumeAcl);
       assertTrue(nativeAuthorizer.checkAccess(
           child, requestContext));
diff --git a/hadoop-ozone/recon/src/test/java/org/apache/hadoop/ozone/recon/api/TestEndpoints.java b/hadoop-ozone/recon/src/test/java/org/apache/hadoop/ozone/recon/api/TestEndpoints.java
index 9c92ad4d7e1..310c8a28e74 100644
--- a/hadoop-ozone/recon/src/test/java/org/apache/hadoop/ozone/recon/api/TestEndpoints.java
+++ b/hadoop-ozone/recon/src/test/java/org/apache/hadoop/ozone/recon/api/TestEndpoints.java
@@ -435,14 +435,12 @@ public void setUp() throws Exception {
             .addOzoneAcls(new OzoneAcl(
                 IAccessAuthorizer.ACLIdentityType.USER,
                 "TestUser2",
-                IAccessAuthorizer.ACLType.WRITE,
-                OzoneAcl.AclScope.ACCESS
+                OzoneAcl.AclScope.ACCESS, IAccessAuthorizer.ACLType.WRITE
             ))
             .addOzoneAcls(new OzoneAcl(
                 IAccessAuthorizer.ACLIdentityType.USER,
                 "TestUser2",
-                IAccessAuthorizer.ACLType.READ,
-                OzoneAcl.AclScope.ACCESS
+                OzoneAcl.AclScope.ACCESS, IAccessAuthorizer.ACLType.READ
             ))
             .build();
     reconOMMetadataManager.getVolumeTable().put(volumeKey, args);
@@ -453,8 +451,7 @@ public void setUp() throws Exception {
         .addAcl(new OzoneAcl(
             IAccessAuthorizer.ACLIdentityType.GROUP,
             "TestGroup2",
-            IAccessAuthorizer.ACLType.WRITE,
-            OzoneAcl.AclScope.ACCESS
+            OzoneAcl.AclScope.ACCESS, IAccessAuthorizer.ACLType.WRITE
         ))
         .setQuotaInBytes(OzoneConsts.GB)
         .setUsedBytes(OzoneConsts.MB)
@@ -477,8 +474,7 @@ public void setUp() throws Exception {
         .addAcl(new OzoneAcl(
             IAccessAuthorizer.ACLIdentityType.GROUP,
             "TestGroup2",
-            IAccessAuthorizer.ACLType.READ,
-            OzoneAcl.AclScope.ACCESS
+            OzoneAcl.AclScope.ACCESS, IAccessAuthorizer.ACLType.READ
         ))
         .setQuotaInBytes(OzoneConsts.GB)
         .setUsedBytes(100 * OzoneConsts.MB)
diff --git a/hadoop-ozone/recon/src/test/java/org/apache/hadoop/ozone/recon/common/CommonUtils.java b/hadoop-ozone/recon/src/test/java/org/apache/hadoop/ozone/recon/common/CommonUtils.java
index f555e55ead8..0414b8715c8 100644
--- a/hadoop-ozone/recon/src/test/java/org/apache/hadoop/ozone/recon/common/CommonUtils.java
+++ b/hadoop-ozone/recon/src/test/java/org/apache/hadoop/ozone/recon/common/CommonUtils.java
@@ -67,7 +67,7 @@ private OmPrefixInfo getOmPrefixInfoForTest(
     return new OmPrefixInfo(path,
         new ArrayList<>(Collections.singletonList(new OzoneAcl(
             identityType, identityString,
-            aclType, scope))), new HashMap<>(), 10, 100);
+            scope, aclType))), new HashMap<>(), 10, 100);
   }
 
   public void testNSSummaryBasicInfoRoot(
diff --git a/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/endpoint/BucketEndpoint.java b/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/endpoint/BucketEndpoint.java
index b8cd56d5f95..b7a5af73403 100644
--- a/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/endpoint/BucketEndpoint.java
+++ b/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/endpoint/BucketEndpoint.java
@@ -63,7 +63,7 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.util.ArrayList;
-import java.util.BitSet;
+import java.util.EnumSet;
 import java.util.HashSet;
 import java.util.Iterator;
 import java.util.List;
@@ -665,14 +665,11 @@ private List<OzoneAcl> getAndConvertAclOnBucket(String value,
         throw newError(NOT_IMPLEMENTED, part[0]);
       }
       // Build ACL on Bucket
-      BitSet aclsOnBucket =
-          S3Acl.getOzoneAclOnBucketFromS3Permission(permission);
+      EnumSet<IAccessAuthorizer.ACLType> aclsOnBucket = S3Acl.getOzoneAclOnBucketFromS3Permission(permission);
       OzoneAcl defaultOzoneAcl = new OzoneAcl(
-          IAccessAuthorizer.ACLIdentityType.USER, part[1], aclsOnBucket,
-          OzoneAcl.AclScope.DEFAULT);
-      OzoneAcl accessOzoneAcl = new OzoneAcl(
-          IAccessAuthorizer.ACLIdentityType.USER, part[1], aclsOnBucket,
-          ACCESS);
+          IAccessAuthorizer.ACLIdentityType.USER, part[1], OzoneAcl.AclScope.DEFAULT, aclsOnBucket
+      );
+      OzoneAcl accessOzoneAcl = new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER, part[1], ACCESS, aclsOnBucket);
       ozoneAclList.add(defaultOzoneAcl);
       ozoneAclList.add(accessOzoneAcl);
     }
@@ -699,11 +696,9 @@ private List<OzoneAcl> getAndConvertAclOnVolume(String value,
         throw newError(NOT_IMPLEMENTED, part[0]);
       }
       // Build ACL on Volume
-      BitSet aclsOnVolume =
+      EnumSet<IAccessAuthorizer.ACLType> aclsOnVolume =
           S3Acl.getOzoneAclOnVolumeFromS3Permission(permission);
-      OzoneAcl accessOzoneAcl = new OzoneAcl(
-          IAccessAuthorizer.ACLIdentityType.USER, part[1], aclsOnVolume,
-          ACCESS);
+      OzoneAcl accessOzoneAcl = new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER, part[1], ACCESS, aclsOnVolume);
       ozoneAclList.add(accessOzoneAcl);
     }
     return ozoneAclList;
diff --git a/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/endpoint/S3Acl.java b/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/endpoint/S3Acl.java
index 792f2e2ef5e..5d6057f061b 100644
--- a/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/endpoint/S3Acl.java
+++ b/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/endpoint/S3Acl.java
@@ -29,7 +29,7 @@
 import org.slf4j.LoggerFactory;
 
 import java.util.ArrayList;
-import java.util.BitSet;
+import java.util.EnumSet;
 import java.util.List;
 
 import static org.apache.hadoop.ozone.s3.exception.S3ErrorTable.INVALID_ARGUMENT;
@@ -228,15 +228,15 @@ public static List<OzoneAcl> s3AclToOzoneNativeAclOnBucket(
           grant.getGrantee().getXsiType());
       if (identityType != null && identityType.isSupported()) {
         String permission = grant.getPermission();
-        BitSet acls = getOzoneAclOnBucketFromS3Permission(permission);
+        EnumSet<IAccessAuthorizer.ACLType> acls = getOzoneAclOnBucketFromS3Permission(permission);
         OzoneAcl defaultOzoneAcl = new OzoneAcl(
             IAccessAuthorizer.ACLIdentityType.USER,
-            grant.getGrantee().getId(), acls,
-            OzoneAcl.AclScope.DEFAULT);
+            grant.getGrantee().getId(), OzoneAcl.AclScope.DEFAULT, acls
+        );
         OzoneAcl accessOzoneAcl = new OzoneAcl(
             IAccessAuthorizer.ACLIdentityType.USER,
-            grant.getGrantee().getId(), acls,
-            OzoneAcl.AclScope.ACCESS);
+            grant.getGrantee().getId(), OzoneAcl.AclScope.ACCESS, acls
+        );
         ozoneAclList.add(defaultOzoneAcl);
         ozoneAclList.add(accessOzoneAcl);
       } else {
@@ -249,31 +249,31 @@ public static List<OzoneAcl> s3AclToOzoneNativeAclOnBucket(
     return ozoneAclList;
   }
 
-  public static BitSet getOzoneAclOnBucketFromS3Permission(String permission)
+  public static EnumSet<IAccessAuthorizer.ACLType> getOzoneAclOnBucketFromS3Permission(String permission)
       throws OS3Exception {
     ACLType permissionType = ACLType.getType(permission);
     if (permissionType == null) {
       throw S3ErrorTable.newError(S3ErrorTable.INVALID_ARGUMENT, permission);
     }
-    BitSet acls = new BitSet(IAccessAuthorizer.ACLType.getNoOfAcls());
+    EnumSet<IAccessAuthorizer.ACLType> acls = EnumSet.noneOf(IAccessAuthorizer.ACLType.class);
     switch (permissionType) {
     case FULL_CONTROL:
-      acls.set(IAccessAuthorizer.ACLType.ALL.ordinal());
+      acls.add(IAccessAuthorizer.ACLType.ALL);
       break;
     case WRITE_ACP:
-      acls.set(IAccessAuthorizer.ACLType.WRITE_ACL.ordinal());
+      acls.add(IAccessAuthorizer.ACLType.WRITE_ACL);
       break;
     case READ_ACP:
-      acls.set(IAccessAuthorizer.ACLType.READ_ACL.ordinal());
+      acls.add(IAccessAuthorizer.ACLType.READ_ACL);
       break;
     case WRITE:
-      acls.set(IAccessAuthorizer.ACLType.WRITE.ordinal());
-      acls.set(IAccessAuthorizer.ACLType.DELETE.ordinal());
-      acls.set(IAccessAuthorizer.ACLType.CREATE.ordinal());
+      acls.add(IAccessAuthorizer.ACLType.WRITE);
+      acls.add(IAccessAuthorizer.ACLType.DELETE);
+      acls.add(IAccessAuthorizer.ACLType.CREATE);
       break;
     case READ:
-      acls.set(IAccessAuthorizer.ACLType.READ.ordinal());
-      acls.set(IAccessAuthorizer.ACLType.LIST.ordinal());
+      acls.add(IAccessAuthorizer.ACLType.READ);
+      acls.add(IAccessAuthorizer.ACLType.LIST);
       break;
     default:
       LOG.error("Failed to recognize S3 permission {}", permission);
@@ -292,11 +292,11 @@ public static List<OzoneAcl> s3AclToOzoneNativeAclOnVolume(
           grant.getGrantee().getXsiType());
       if (identityType != null && identityType.isSupported()) {
         String permission = grant.getPermission();
-        BitSet acls = getOzoneAclOnVolumeFromS3Permission(permission);
+        EnumSet<IAccessAuthorizer.ACLType> acls = getOzoneAclOnVolumeFromS3Permission(permission);
         OzoneAcl accessOzoneAcl = new OzoneAcl(
             IAccessAuthorizer.ACLIdentityType.USER,
-            grant.getGrantee().getId(), acls,
-            OzoneAcl.AclScope.ACCESS);
+            grant.getGrantee().getId(), OzoneAcl.AclScope.ACCESS, acls
+        );
         ozoneAclList.add(accessOzoneAcl);
       } else {
         LOG.error("Grantee type {} is not supported",
@@ -309,35 +309,35 @@ public static List<OzoneAcl> s3AclToOzoneNativeAclOnVolume(
   }
 
   // User privilege on volume follows the "lest privilege" principle.
-  public static BitSet getOzoneAclOnVolumeFromS3Permission(String permission)
+  public static EnumSet<IAccessAuthorizer.ACLType> getOzoneAclOnVolumeFromS3Permission(String permission)
       throws OS3Exception {
-    BitSet acls = new BitSet(IAccessAuthorizer.ACLType.getNoOfAcls());
+    EnumSet<IAccessAuthorizer.ACLType> acls = EnumSet.noneOf(IAccessAuthorizer.ACLType.class);
     ACLType permissionType = ACLType.getType(permission);
     if (permissionType == null) {
       throw S3ErrorTable.newError(S3ErrorTable.INVALID_ARGUMENT, permission);
     }
     switch (permissionType) {
     case FULL_CONTROL:
-      acls.set(IAccessAuthorizer.ACLType.READ.ordinal());
-      acls.set(IAccessAuthorizer.ACLType.WRITE.ordinal());
-      acls.set(IAccessAuthorizer.ACLType.READ_ACL.ordinal());
-      acls.set(IAccessAuthorizer.ACLType.WRITE_ACL.ordinal());
+      acls.add(IAccessAuthorizer.ACLType.READ);
+      acls.add(IAccessAuthorizer.ACLType.WRITE);
+      acls.add(IAccessAuthorizer.ACLType.READ_ACL);
+      acls.add(IAccessAuthorizer.ACLType.WRITE_ACL);
       break;
     case WRITE_ACP:
-      acls.set(IAccessAuthorizer.ACLType.READ.ordinal());
-      acls.set(IAccessAuthorizer.ACLType.READ_ACL.ordinal());
-      acls.set(IAccessAuthorizer.ACLType.WRITE_ACL.ordinal());
+      acls.add(IAccessAuthorizer.ACLType.READ);
+      acls.add(IAccessAuthorizer.ACLType.READ_ACL);
+      acls.add(IAccessAuthorizer.ACLType.WRITE_ACL);
       break;
     case READ_ACP:
-      acls.set(IAccessAuthorizer.ACLType.READ.ordinal());
-      acls.set(IAccessAuthorizer.ACLType.READ_ACL.ordinal());
+      acls.add(IAccessAuthorizer.ACLType.READ);
+      acls.add(IAccessAuthorizer.ACLType.READ_ACL);
       break;
     case WRITE:
-      acls.set(IAccessAuthorizer.ACLType.READ.ordinal());
-      acls.set(IAccessAuthorizer.ACLType.WRITE.ordinal());
+      acls.add(IAccessAuthorizer.ACLType.READ);
+      acls.add(IAccessAuthorizer.ACLType.WRITE);
       break;
     case READ:
-      acls.set(IAccessAuthorizer.ACLType.READ.ordinal());
+      acls.add(IAccessAuthorizer.ACLType.READ);
       break;
     default:
       LOG.error("Failed to recognize S3 permission {}", permission);
diff --git a/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/containergenerator/GeneratorOm.java b/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/containergenerator/GeneratorOm.java
index b8509d60c9c..7390488c815 100644
--- a/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/containergenerator/GeneratorOm.java
+++ b/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/containergenerator/GeneratorOm.java
@@ -156,10 +156,10 @@ private void writeOmBucketVolume() throws IOException {
         .setQuotaInBytes(100L)
         .addOzoneAcls(
             new OzoneAcl(IAccessAuthorizer.ACLIdentityType.WORLD, "",
-                IAccessAuthorizer.ACLType.ALL, ACCESS))
+                ACCESS, IAccessAuthorizer.ACLType.ALL))
         .addOzoneAcls(
             new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER, getUserId(),
-                IAccessAuthorizer.ACLType.ALL, ACCESS)
+                ACCESS, IAccessAuthorizer.ACLType.ALL)
         ).build();
 
     volTable.put("/" + volumeName, omVolumeArgs);