Domain Policy Update to be non-system (#19060)

2025-11-03 12:08:31 +00:00 · 2024-12-15 01:18:12 +05:30 · 2024-12-15 01:18:12 +05:30 · 3578a4b32d
commit 3578a4b32d
parent 01646431f6
6 changed files with 14 additions and 4 deletions
--- a/bootstrap/sql/migrations/native/1.5.15/mysql/postDataMigrationSQLScript.sql
+++ b/bootstrap/sql/migrations/native/1.5.15/mysql/postDataMigrationSQLScript.sql
--- a/bootstrap/sql/migrations/native/1.5.15/mysql/schemaChanges.sql
+++ b/bootstrap/sql/migrations/native/1.5.15/mysql/schemaChanges.sql
@ -0,0 +1,5 @@
+-- Make domain policy and role non-system
+UPDATE policy_entity SET json = JSON_SET(json, '$.provider', 'user') where name = 'DomainOnlyAccessPolicy';
+UPDATE policy_entity SET json = JSON_SET(json, '$.allowDelete', true) where name = 'DomainOnlyAccessPolicy';
+UPDATE role_entity SET json = JSON_SET(json, '$.provider', 'user') where name = 'DomainOnlyAccessRole';
+UPDATE role_entity SET json = JSON_SET(json, '$.allowDelete', true) where name = 'DomainOnlyAccessRole';
--- a/bootstrap/sql/migrations/native/1.5.15/postgres/postDataMigrationSQLScript.sql
+++ b/bootstrap/sql/migrations/native/1.5.15/postgres/postDataMigrationSQLScript.sql
--- a/bootstrap/sql/migrations/native/1.5.15/postgres/schemaChanges.sql
+++ b/bootstrap/sql/migrations/native/1.5.15/postgres/schemaChanges.sql
@ -0,0 +1,5 @@
+-- Make domain policy and role non-system
+UPDATE policy_entity SET json = JSONB_SET(json::jsonb, '{provider}', '"user"', true) where name = 'DomainOnlyAccessPolicy';
+UPDATE policy_entity SET json = JSONB_SET(json::jsonb, '{allowDelete}', 'true', true) WHERE name = 'DomainOnlyAccessPolicy';
+UPDATE role_entity SET json = JSONB_SET(json::jsonb, '{provider}', '"user"', true) where name = 'DomainOnlyAccessRole';
+UPDATE role_entity SET json = JSONB_SET(json::jsonb, '{allowDelete}', 'true', true) WHERE name = 'DomainOnlyAccessRole';
--- a/openmetadata-service/src/main/resources/json/data/policy/DomainAccessPolicy.json
+++ b/openmetadata-service/src/main/resources/json/data/policy/DomainAccessPolicy.json
@ -4,8 +4,8 @@
  "fullyQualifiedName": "DomainOnlyAccessPolicy",
  "description": "This Policy adds restrictions so that users will have access to domain related data. If the user has some domain, then he will be able to access data only for that domain. If the user does not have any domain assigned , he will be able to access only assets which also does not have any domain.",
  "enabled": true,
-  "allowDelete": false,
-  "provider": "system",
+  "allowDelete": true,
+  "provider": "user",
  "rules": [
    {
      "name": "DomainOnlyAccessRule",
--- a/openmetadata-service/src/main/resources/json/data/role/DomainOnlyAccessRole.json
+++ b/openmetadata-service/src/main/resources/json/data/role/DomainOnlyAccessRole.json
@ -2,8 +2,8 @@
  "name": "DomainOnlyAccessRole",
  "displayName": "Domain Only Access Role",
  "description": "Role Corresponding to Domain Access Restriction.",
-  "allowDelete": false,
-  "provider": "system",
+  "allowDelete": true,
+  "provider": "user",
  "policies" : [
    {
      "type" : "policy",