From 3578a4b32d605494d44073bfe3fb82742a62b93e Mon Sep 17 00:00:00 2001
From: Mohit Yadav <105265192+mohityadav766@users.noreply.github.com>
Date: Sun, 15 Dec 2024 01:18:12 +0530
Subject: [PATCH] Domain Policy Update to be non-system (#19060)

---
 .../native/1.5.15/mysql/postDataMigrationSQLScript.sql       | 0
 .../sql/migrations/native/1.5.15/mysql/schemaChanges.sql     | 5 +++++
 .../native/1.5.15/postgres/postDataMigrationSQLScript.sql    | 0
 .../sql/migrations/native/1.5.15/postgres/schemaChanges.sql  | 5 +++++
 .../main/resources/json/data/policy/DomainAccessPolicy.json  | 4 ++--
 .../main/resources/json/data/role/DomainOnlyAccessRole.json  | 4 ++--
 6 files changed, 14 insertions(+), 4 deletions(-)
 create mode 100644 bootstrap/sql/migrations/native/1.5.15/mysql/postDataMigrationSQLScript.sql
 create mode 100644 bootstrap/sql/migrations/native/1.5.15/mysql/schemaChanges.sql
 create mode 100644 bootstrap/sql/migrations/native/1.5.15/postgres/postDataMigrationSQLScript.sql
 create mode 100644 bootstrap/sql/migrations/native/1.5.15/postgres/schemaChanges.sql

diff --git a/bootstrap/sql/migrations/native/1.5.15/mysql/postDataMigrationSQLScript.sql b/bootstrap/sql/migrations/native/1.5.15/mysql/postDataMigrationSQLScript.sql
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/bootstrap/sql/migrations/native/1.5.15/mysql/schemaChanges.sql b/bootstrap/sql/migrations/native/1.5.15/mysql/schemaChanges.sql
new file mode 100644
index 00000000000..19762625a9d
--- /dev/null
+++ b/bootstrap/sql/migrations/native/1.5.15/mysql/schemaChanges.sql
@@ -0,0 +1,5 @@
+-- Make domain policy and role non-system
+UPDATE policy_entity SET json = JSON_SET(json, '$.provider', 'user') where name = 'DomainOnlyAccessPolicy';
+UPDATE policy_entity SET json = JSON_SET(json, '$.allowDelete', true) where name = 'DomainOnlyAccessPolicy';
+UPDATE role_entity SET json = JSON_SET(json, '$.provider', 'user') where name = 'DomainOnlyAccessRole';
+UPDATE role_entity SET json = JSON_SET(json, '$.allowDelete', true) where name = 'DomainOnlyAccessRole';
\ No newline at end of file
diff --git a/bootstrap/sql/migrations/native/1.5.15/postgres/postDataMigrationSQLScript.sql b/bootstrap/sql/migrations/native/1.5.15/postgres/postDataMigrationSQLScript.sql
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/bootstrap/sql/migrations/native/1.5.15/postgres/schemaChanges.sql b/bootstrap/sql/migrations/native/1.5.15/postgres/schemaChanges.sql
new file mode 100644
index 00000000000..6f92fbea754
--- /dev/null
+++ b/bootstrap/sql/migrations/native/1.5.15/postgres/schemaChanges.sql
@@ -0,0 +1,5 @@
+-- Make domain policy and role non-system
+UPDATE policy_entity SET json = JSONB_SET(json::jsonb, '{provider}', '"user"', true) where name = 'DomainOnlyAccessPolicy';
+UPDATE policy_entity SET json = JSONB_SET(json::jsonb, '{allowDelete}', 'true', true) WHERE name = 'DomainOnlyAccessPolicy';
+UPDATE role_entity SET json = JSONB_SET(json::jsonb, '{provider}', '"user"', true) where name = 'DomainOnlyAccessRole';
+UPDATE role_entity SET json = JSONB_SET(json::jsonb, '{allowDelete}', 'true', true) WHERE name = 'DomainOnlyAccessRole';
diff --git a/openmetadata-service/src/main/resources/json/data/policy/DomainAccessPolicy.json b/openmetadata-service/src/main/resources/json/data/policy/DomainAccessPolicy.json
index 572760b5ef0..d103fff8526 100644
--- a/openmetadata-service/src/main/resources/json/data/policy/DomainAccessPolicy.json
+++ b/openmetadata-service/src/main/resources/json/data/policy/DomainAccessPolicy.json
@@ -4,8 +4,8 @@
   "fullyQualifiedName": "DomainOnlyAccessPolicy",
   "description": "This Policy adds restrictions so that users will have access to domain related data. If the user has some domain, then he will be able to access data only for that domain. If the user does not have any domain assigned , he will be able to access only assets which also does not have any domain.",
   "enabled": true,
-  "allowDelete": false,
-  "provider": "system",
+  "allowDelete": true,
+  "provider": "user",
   "rules": [
     {
       "name": "DomainOnlyAccessRule",
diff --git a/openmetadata-service/src/main/resources/json/data/role/DomainOnlyAccessRole.json b/openmetadata-service/src/main/resources/json/data/role/DomainOnlyAccessRole.json
index b18aeae1842..ec770210e4d 100644
--- a/openmetadata-service/src/main/resources/json/data/role/DomainOnlyAccessRole.json
+++ b/openmetadata-service/src/main/resources/json/data/role/DomainOnlyAccessRole.json
@@ -2,8 +2,8 @@
   "name": "DomainOnlyAccessRole",
   "displayName": "Domain Only Access Role",
   "description": "Role Corresponding to Domain Access Restriction.",
-  "allowDelete": false,
-  "provider": "system",
+  "allowDelete": true,
+  "provider": "user",
   "policies" : [
     {
       "type" : "policy",