mirror of
https://github.com/open-metadata/OpenMetadata.git
synced 2025-09-26 01:15:08 +00:00
e77d1940cb
* Domain Only Access Role to be evaluated as part of PolicyEvaluator * Domain Only Access Role to be evaluated as part of PolicyEvaluator * Cleanup unnecessary comments * Add migration fix for domain only policy * fix playwright domain rbac * fix hasDomain role issues for TestCaseResourceContext * allow user to create only with their domain * move DomainOnlyAccessPolicy migrations to 1.9.10 from 1.9.9 * For resources that don't support domains (like DataInsights), always returns true * fix adding test case to bundleSuite * revert supportsDomains changes in RuleEvaluator and handle it in postFiltering steps * Inherit domains when creating task from test case incident, and skip few entities for domain check + other remaining DQ related domain fixes * for CreateResourceContext consider assigned domains + inherited domains * fix permission for table metrics page * remove SKIP_DOMAIN_CHECK_ENTITY_LIST * fix test --------- Co-authored-by: sonika-shah <58761340+sonika-shah@users.noreply.github.com> Co-authored-by: sonikashah <sonikashah94@gmail.com> Co-authored-by: Ayush Shah <ayush@getcollate.io>
25 lines
729 B
SQL
25 lines
729 B
SQL
-- Update DomainOnlyAccessPolicy with new rules structure
|
|
UPDATE policy_entity
|
|
SET json = jsonb_set(
|
|
json,
|
|
'{rules}',
|
|
'[
|
|
{
|
|
"name": "DomainAccessDenyRule",
|
|
"description": "Deny access when domain check fails",
|
|
"effect": "deny",
|
|
"resources": ["All"],
|
|
"operations": ["All"],
|
|
"condition": "!hasDomain()"
|
|
},
|
|
{
|
|
"name": "DomainAccessAllowRule",
|
|
"description": "Allow access when domain check passes",
|
|
"effect": "allow",
|
|
"resources": ["All"],
|
|
"operations": ["All"],
|
|
"condition": "hasDomain()"
|
|
}
|
|
]'::jsonb
|
|
)
|
|
WHERE name = 'DomainOnlyAccessPolicy'; |