OpenMetadata/bootstrap/sql/migrations/native/1.9.10/mysql/schemaChanges.sql

-- Update DomainOnlyAccessPolicy with new rules structure
UPDATE policy_entity
SET json = JSON_SET(
    json,
    '$.rules',
    JSON_ARRAY(
        JSON_OBJECT(
            'name', 'DomainAccessDenyRule',
            'description', 'Deny access when domain check fails',
            'effect', 'deny',
            'resources', JSON_ARRAY('All'),
            'operations', JSON_ARRAY('All'),
            'condition', '!hasDomain()'
        ),
        JSON_OBJECT(
            'name', 'DomainAccessAllowRule',
            'description', 'Allow access when domain check passes',
            'effect', 'allow',
            'resources', JSON_ARRAY('All'),
            'operations', JSON_ARRAY('All'),
            'condition', 'hasDomain()'
        )
    )
)
WHERE name = 'DomainOnlyAccessPolicy';
Domain policy must be evaluated during PolicyEvaluator (#23302) * Domain Only Access Role to be evaluated as part of PolicyEvaluator * Domain Only Access Role to be evaluated as part of PolicyEvaluator * Cleanup unnecessary comments * Add migration fix for domain only policy * fix playwright domain rbac * fix hasDomain role issues for TestCaseResourceContext * allow user to create only with their domain * move DomainOnlyAccessPolicy migrations to 1.9.10 from 1.9.9 * For resources that don't support domains (like DataInsights), always returns true * fix adding test case to bundleSuite * revert supportsDomains changes in RuleEvaluator and handle it in postFiltering steps * Inherit domains when creating task from test case incident, and skip few entities for domain check + other remaining DQ related domain fixes * for CreateResourceContext consider assigned domains + inherited domains * fix permission for table metrics page * remove SKIP_DOMAIN_CHECK_ENTITY_LIST * fix test --------- Co-authored-by: sonika-shah <58761340+sonika-shah@users.noreply.github.com> Co-authored-by: sonikashah <sonikashah94@gmail.com> Co-authored-by: Ayush Shah <ayush@getcollate.io> 2025-09-23 21:26:55 -07:00			`-- Update DomainOnlyAccessPolicy with new rules structure`
			`UPDATE policy_entity`
			`SET json = JSON_SET(`
			`json,`
			`'$.rules',`
			`JSON_ARRAY(`
			`JSON_OBJECT(`
			`'name', 'DomainAccessDenyRule',`
			`'description', 'Deny access when domain check fails',`
			`'effect', 'deny',`
			`'resources', JSON_ARRAY('All'),`
			`'operations', JSON_ARRAY('All'),`
			`'condition', '!hasDomain()'`
			`),`
			`JSON_OBJECT(`
			`'name', 'DomainAccessAllowRule',`
			`'description', 'Allow access when domain check passes',`
			`'effect', 'allow',`
			`'resources', JSON_ARRAY('All'),`
			`'operations', JSON_ARRAY('All'),`
			`'condition', 'hasDomain()'`
			`)`
			`)`
			`)`
			`WHERE name = 'DomainOnlyAccessPolicy';`