diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java b/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
index 85c42bcc8a..d8c214c0f1 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/errors/ValidationErrorCode.java
@@ -104,6 +104,9 @@ public enum ValidationErrorCode {
     POLICY_VALIDATION_ERR_NONEXISTANT_ZONE_NAME(3033, "Non-existent Zone name={0} in policy create"),
     POLICY_VALIDATION_ERR_SERVICE_NOT_ASSOCIATED_TO_ZONE(3048, "Service name = {0} is not associated to Zone name = {1}"),
     POLICY_VALIDATION_ERR_UNSUPPORTED_POLICY_ITEM_TYPE(3049, "Deny or deny-exceptions are not supported if policy has isDenyAllElse flag set to true"),
+    POLICY_VALIDATION_ERR_NULL_POLICY_ITEM_USER(3053, "policy items user was null"),
+    POLICY_VALIDATION_ERR_NULL_POLICY_ITEM_GROUP(3054, "policy items group was null"),
+    POLICY_VALIDATION_ERR_NULL_POLICY_ITEM_ROLE(3055, "policy items role was null"),
     POLICY_VALIDATION_ERR_INVALID_SERVICE_TYPE(4009," Invalid service type [{0}] provided for service [{1}]"),
 
     // SECURITY_ZONE Validations
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
index e1b5fe8f1d..b8c287c29b 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerPolicyValidator.java
@@ -947,7 +947,9 @@ boolean isValidPolicyItem(RangerPolicyItem policyItem, List<ValidationFailureDet
 		if(LOG.isDebugEnabled()) {
 			LOG.debug(String.format("==> RangerPolicyValidator.isValid(%s, %s, %s)", policyItem, failures, serviceDef));
 		}
-		
+
+		List<String> invalidItems = new ArrayList<String>(Arrays.asList("null", "NULL", "Null", null));
+
 		boolean valid = true;
 		if (policyItem == null) {
 			LOG.debug("policy item was null!");
@@ -973,12 +975,43 @@ boolean isValidPolicyItem(RangerPolicyItem policyItem, List<ValidationFailureDet
 			if (CollectionUtils.isEmpty(policyItem.getUsers()) && CollectionUtils.isEmpty(policyItem.getGroups()) && CollectionUtils.isEmpty(policyItem.getRoles())) {
 				ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_MISSING_USER_AND_GROUPS;
 				failures.add(new ValidationFailureDetailsBuilder()
-					.field("policy item users/user-groups/roles")
-					.isMissing()
-					.becauseOf(error.getMessage())
-					.errorCode(error.getErrorCode())
-					.build());
+						.field("policy item users/user-groups/roles")
+						.isMissing()
+						.becauseOf(error.getMessage())
+						.errorCode(error.getErrorCode())
+						.build());
 				valid = false;
+			} else {
+				if (CollectionUtils.isNotEmpty(policyItem.getUsers()) && CollectionUtils.containsAny(policyItem.getUsers(), invalidItems)) {
+					ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_NULL_POLICY_ITEM_USER;
+					failures.add(new ValidationFailureDetailsBuilder()
+							.field("policy item users")
+							.isMissing()
+							.becauseOf(error.getMessage())
+							.errorCode(error.getErrorCode())
+							.build());
+					valid = false;
+				}
+				if (CollectionUtils.isNotEmpty(policyItem.getGroups()) && CollectionUtils.containsAny(policyItem.getGroups(), invalidItems)) {
+					ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_NULL_POLICY_ITEM_GROUP;
+					failures.add(new ValidationFailureDetailsBuilder()
+							.field("policy item groups")
+							.isMissing()
+							.becauseOf(error.getMessage())
+							.errorCode(error.getErrorCode())
+							.build());
+					valid = false;
+				}
+				if (CollectionUtils.isNotEmpty(policyItem.getRoles()) && CollectionUtils.containsAny(policyItem.getRoles(), invalidItems)) {
+					ValidationErrorCode error = ValidationErrorCode.POLICY_VALIDATION_ERR_NULL_POLICY_ITEM_ROLE;
+					failures.add(new ValidationFailureDetailsBuilder()
+							.field("policy item roles")
+							.isMissing()
+							.becauseOf(error.getMessage())
+							.errorCode(error.getErrorCode())
+							.build());
+					valid = false;
+				}
 			}
 		}
 
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index 8f1174ac43..036dbfec67 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -4401,40 +4401,52 @@ private void writeCSVForPolicyItems(RangerPolicy policy,
                                 filterInfo = rowFilterPolicyItem.getRowFilterInfo();
                                 filterExpr = filterInfo.getFilterExpr();
                         }
-                        if (CollectionUtils.isNotEmpty(accesses)) {
-                                for (RangerPolicyItemAccess access : accesses) {
-                                        accessType = accessType
-                                                        + access.getType().replace("#", "")
-                                                                        .replace("|", "") + "#";
-                                }
-                                accessType = accessType.substring(0,
-                                                accessType.lastIndexOf("#"));
-                        }
-                        if (CollectionUtils.isNotEmpty(roles)) {
-                            for (String role : roles) {
-                                role = role.replace("|", "");
-                                role = role.replace("#", "");
-                                roleNames = roleNames + role + "#";
-                            }
-                            roleNames = roleNames.substring(0, roleNames.lastIndexOf("#"));
-                        }
-                        if (CollectionUtils.isNotEmpty(groups)) {
-                                for (String group : groups) {
-                                        group = group.replace("|", "");
-                                        group = group.replace("#", "");
-                                        groupNames = groupNames + group + "#";
-                                }
-                                groupNames = groupNames.substring(0,
-                                                groupNames.lastIndexOf("#"));
-                        }
-                        if (CollectionUtils.isNotEmpty(users)) {
-                                for (String user : users) {
-                                        user = user.replace("|", "");
-                                        user = user.replace("#", "");
-                                        userNames = userNames + user + "#";
-                                }
-                                userNames = userNames.substring(0, userNames.lastIndexOf("#"));
-                        }
+						if (CollectionUtils.isNotEmpty(accesses)) {
+							for (RangerPolicyItemAccess access : accesses) {
+								if (access != null) {
+									accessType = accessType + access.getType().replace("#", "").replace("|", "") + "#";
+								}
+							}
+							if (accessType.length() > 0) {
+								accessType = accessType.substring(0, accessType.lastIndexOf("#"));
+							}
+						}
+						if (CollectionUtils.isNotEmpty(roles)) {
+							for (String role : roles) {
+								if (StringUtils.isNotBlank(role)) {
+									role = role.replace("|", "");
+									role = role.replace("#", "");
+									roleNames = roleNames + role + "#";
+								}
+							}
+							if (roleNames.length() > 0) {
+								roleNames = roleNames.substring(0, roleNames.lastIndexOf("#"));
+							}
+						}
+						if (CollectionUtils.isNotEmpty(groups)) {
+							for (String group : groups) {
+								if (StringUtils.isNotBlank(group)) {
+									group = group.replace("|", "");
+									group = group.replace("#", "");
+									groupNames = groupNames + group + "#";
+								}
+							}
+							if (groupNames.length() > 0) {
+								groupNames = groupNames.substring(0, groupNames.lastIndexOf("#"));
+							}
+						}
+						if (CollectionUtils.isNotEmpty(users)) {
+							for (String user : users) {
+								if (StringUtils.isNotBlank(user)) {
+									user = user.replace("|", "");
+									user = user.replace("#", "");
+									userNames = userNames + user + "#";
+								}
+							}
+							if (userNames.length() > 0) {
+								userNames = userNames.substring(0, userNames.lastIndexOf("#"));
+							}
+						}
                         String conditionValue = "";
                         for (RangerPolicyItemCondition conditions : conditionsList) {
                                 String conditionType = conditions.getType();
@@ -4478,15 +4490,18 @@ private void writeCSVForPolicyItems(RangerPolicy policy,
                         policyType = POLICY_TYPE_ROWFILTER;
                         break;
                 }
-                if (CollectionUtils.isNotEmpty(policyLabels)) {
-                        for (String policyLabel : policyLabels) {
-                                policyLabel = policyLabel.replace("|", "");
-                                policyLabel = policyLabel.replace("#", "");
-                                policyLabelName = policyLabelName + policyLabel + "#";
-                        }
-                        policyLabelName = policyLabelName.substring(0,
-                                        policyLabelName.lastIndexOf("#"));
-                }
+				if (CollectionUtils.isNotEmpty(policyLabels)) {
+					for (String policyLabel : policyLabels) {
+						if (StringUtils.isNotBlank(policyLabel)) {
+							policyLabel = policyLabel.replace("|", "");
+							policyLabel = policyLabel.replace("#", "");
+							policyLabelName = policyLabelName + policyLabel + "#";
+						}
+					}
+					if (policyLabelName.length() > 0) {
+						policyLabelName = policyLabelName.substring(0, policyLabelName.lastIndexOf("#"));
+					}
+				}
 
                 csvBuffer.append(policy.getId());
                 csvBuffer.append(COMMA_DELIMITER);