mirror of
https://github.com/open-metadata/OpenMetadata.git
synced 2025-10-31 10:39:30 +00:00
e77d1940cb
* Domain Only Access Role to be evaluated as part of PolicyEvaluator * Domain Only Access Role to be evaluated as part of PolicyEvaluator * Cleanup unnecessary comments * Add migration fix for domain only policy * fix playwright domain rbac * fix hasDomain role issues for TestCaseResourceContext * allow user to create only with their domain * move DomainOnlyAccessPolicy migrations to 1.9.10 from 1.9.9 * For resources that don't support domains (like DataInsights), always returns true * fix adding test case to bundleSuite * revert supportsDomains changes in RuleEvaluator and handle it in postFiltering steps * Inherit domains when creating task from test case incident, and skip few entities for domain check + other remaining DQ related domain fixes * for CreateResourceContext consider assigned domains + inherited domains * fix permission for table metrics page * remove SKIP_DOMAIN_CHECK_ENTITY_LIST * fix test --------- Co-authored-by: sonika-shah <58761340+sonika-shah@users.noreply.github.com> Co-authored-by: sonikashah <sonikashah94@gmail.com> Co-authored-by: Ayush Shah <ayush@getcollate.io>
25 lines
791 B
SQL
25 lines
791 B
SQL
-- Update DomainOnlyAccessPolicy with new rules structure
|
|
UPDATE policy_entity
|
|
SET json = JSON_SET(
|
|
json,
|
|
'$.rules',
|
|
JSON_ARRAY(
|
|
JSON_OBJECT(
|
|
'name', 'DomainAccessDenyRule',
|
|
'description', 'Deny access when domain check fails',
|
|
'effect', 'deny',
|
|
'resources', JSON_ARRAY('All'),
|
|
'operations', JSON_ARRAY('All'),
|
|
'condition', '!hasDomain()'
|
|
),
|
|
JSON_OBJECT(
|
|
'name', 'DomainAccessAllowRule',
|
|
'description', 'Allow access when domain check passes',
|
|
'effect', 'allow',
|
|
'resources', JSON_ARRAY('All'),
|
|
'operations', JSON_ARRAY('All'),
|
|
'condition', 'hasDomain()'
|
|
)
|
|
)
|
|
)
|
|
WHERE name = 'DomainOnlyAccessPolicy'; |