From 327ca76c2890ca394bf033eebdcca901dd5f000f Mon Sep 17 00:00:00 2001
From: Prajwal214 <167504578+Prajwal214@users.noreply.github.com>
Date: Mon, 3 Jun 2024 19:44:20 +0530
Subject: [PATCH] Minor: Adding Docs for Simple Policy Updates (#16478)

---
 .../admin-guide/roles-policies/use-cases.md   | 43 ++++++++++++++++++-
 .../admin-guide/roles-policies/use-cases.md   | 43 ++++++++++++++++++-
 2 files changed, 84 insertions(+), 2 deletions(-)

diff --git a/openmetadata-docs/content/v1.3.x/how-to-guides/admin-guide/roles-policies/use-cases.md b/openmetadata-docs/content/v1.3.x/how-to-guides/admin-guide/roles-policies/use-cases.md
index 8ac43463f75..06389688f18 100644
--- a/openmetadata-docs/content/v1.3.x/how-to-guides/admin-guide/roles-policies/use-cases.md
+++ b/openmetadata-docs/content/v1.3.x/how-to-guides/admin-guide/roles-policies/use-cases.md
@@ -61,4 +61,45 @@ alt="PII Sensitive Tag Policy"
 caption="PII Sensitive Tag Policy"
 /%}
 
-In this rule, we are specifying to deny operations if the table tag contains PII.Sensitive tag and if the logged-in user is not the owner, or their team is not the owner of the Table.
\ No newline at end of file
+In this rule, we are specifying to deny operations if the table tag contains PII.Sensitive tag and if the logged-in user is not the owner, or their team is not the owner of the Table.
+
+### Use Case 5: Restrict User Account Access to a Specific Service/Database
+
+To restrict a user account to only see data from one specific service/database, you can create a policy that includes rules to allow access to the desired service and deny access to others. This involves setting up policies with specific conditions based on the service name. The following steps outline how this can be done using the API:
+
+1. **Create a Policy**: Define a policy that allows access to the specific service.
+2. **Assign the Policy**: Assign this policy to the user or role.
+
+## Example Policy:
+
+```json
+{
+  "name": "ServiceAccessPolicy",
+  "rules": [
+    {
+      "name": "AllowSpecificService",
+      "resource": "DatabaseService",
+      "operation": "View",
+      "condition": {
+        "match": {
+          "service.name": "desired_service_name"
+        }
+      },
+      "effect": "Allow"
+    },
+    {
+      "name": "DenyOtherServices",
+      "resource": "DatabaseService",
+      "operation": "View",
+      "condition": {
+        "notMatch": {
+          "service.name": "desired_service_name"
+        }
+      },
+      "effect": "Deny"
+    }
+  ]
+}
+```
+
+By implementing this policy, the user account will be restricted to access only the specified service, enhancing data security and ensuring that users can only view the data they are authorised to see.
\ No newline at end of file
diff --git a/openmetadata-docs/content/v1.4.x/how-to-guides/admin-guide/roles-policies/use-cases.md b/openmetadata-docs/content/v1.4.x/how-to-guides/admin-guide/roles-policies/use-cases.md
index f5e08535f0f..a118195d042 100644
--- a/openmetadata-docs/content/v1.4.x/how-to-guides/admin-guide/roles-policies/use-cases.md
+++ b/openmetadata-docs/content/v1.4.x/how-to-guides/admin-guide/roles-policies/use-cases.md
@@ -61,4 +61,45 @@ alt="PII Sensitive Tag Policy"
 caption="PII Sensitive Tag Policy"
 /%}
 
-In this rule, we are specifying to deny operations if the table tag contains PII.Sensitive tag and if the logged-in user is not the owner, or their team is not the owner of the Table.
\ No newline at end of file
+In this rule, we are specifying to deny operations if the table tag contains PII.Sensitive tag and if the logged-in user is not the owner, or their team is not the owner of the Table.
+
+### Use Case 5: Restrict User Account Access to a Specific Service/Database
+
+To restrict a user account to only see data from one specific service/database, you can create a policy that includes rules to allow access to the desired service and deny access to others. This involves setting up policies with specific conditions based on the service name. The following steps outline how this can be done using the API:
+
+1. **Create a Policy**: Define a policy that allows access to the specific service.
+2. **Assign the Policy**: Assign this policy to the user or role.
+
+## Example Policy:
+
+```json
+{
+  "name": "ServiceAccessPolicy",
+  "rules": [
+    {
+      "name": "AllowSpecificService",
+      "resource": "DatabaseService",
+      "operation": "View",
+      "condition": {
+        "match": {
+          "service.name": "desired_service_name"
+        }
+      },
+      "effect": "Allow"
+    },
+    {
+      "name": "DenyOtherServices",
+      "resource": "DatabaseService",
+      "operation": "View",
+      "condition": {
+        "notMatch": {
+          "service.name": "desired_service_name"
+        }
+      },
+      "effect": "Deny"
+    }
+  ]
+}
+```
+
+By implementing this policy, the user account will be restricted to access only the specified service, enhancing data security and ensuring that users can only view the data they are authorised to see.
\ No newline at end of file