fix broken tests

openmetadata-service/src/test/java/org/openmetadata/service/resources/EntityResourceTest.java

@@ -258,6 +258,7 @@ public abstract class EntityResourceTest<T extends EntityInterface, K extends Cr
   public static Domain DOMAIN1;
 
   // Users
+  public static User USER_WITH_CREATE_ACCESS;
   public static User USER1;
   public static EntityReference USER1_REF;
   public static User USER2;
@@ -272,11 +273,9 @@ public abstract class EntityResourceTest<T extends EntityInterface, K extends Cr
   public static Team
       TEAM2; // Team 2 has team only policy and does not allow access to users not in team hierarchy
   public static Team TEAM21; // Team under Team2
-
   public static User DATA_STEWARD;
   public static Persona DATA_ENGINEER;
   public static Persona DATA_SCIENTIST;
-
   public static Document ACTIVITY_FEED_KNOWLEDGE_PANEL;
   public static Document MY_DATA_KNOWLEDGE_PANEL;
   public static User USER_WITH_DATA_STEWARD_ROLE;
@@ -286,9 +285,10 @@ public abstract class EntityResourceTest<T extends EntityInterface, K extends Cr
   public static EntityReference DATA_CONSUMER_REF;
   public static Role DATA_CONSUMER_ROLE;
   public static EntityReference DATA_CONSUMER_ROLE_REF;
+  public static Role CREATE_ACCESS_ROLE;
   public static Role ROLE1;
   public static EntityReference ROLE1_REF;
-
+  public static Policy CREATE_ACCESS_PERMISSION_POLICY;
   public static Policy POLICY1;
   public static Policy POLICY2;
   public static Policy TEAM_ONLY_POLICY;
@@ -964,7 +964,8 @@ void get_entityWithDifferentFields_200_OK(TestInfo test) throws IOException {
     if (supportsFollowers) {
       UserResourceTest userResourceTest = new UserResourceTest();
       User user1 =
-          userResourceTest.createEntity(userResourceTest.createRequest(test, 1), TEST_AUTH_HEADERS);
+          userResourceTest.createEntity(
+              userResourceTest.createRequest(test, 1), USER_WITH_CREATE_HEADERS);
       addFollower(entity.getId(), user1.getId(), OK, TEST_AUTH_HEADERS);
     }
     entity = validateGetWithDifferentFields(entity, false);
@@ -1618,7 +1619,8 @@ void put_addDeleteFollower_200(TestInfo test) throws IOException {
     // Add follower to the entity
     UserResourceTest userResourceTest = new UserResourceTest();
     User user1 =
-        userResourceTest.createEntity(userResourceTest.createRequest(test, 1), TEST_AUTH_HEADERS);
+        userResourceTest.createEntity(
+            userResourceTest.createRequest(test, 1), USER_WITH_CREATE_HEADERS);
     addAndCheckFollower(entityId, user1.getId(), OK, 1, TEST_AUTH_HEADERS);
 
     // Add the same user as follower and make sure no errors are thrown
@@ -1627,7 +1629,8 @@ void put_addDeleteFollower_200(TestInfo test) throws IOException {
 
     // Add a new follower to the entity
     User user2 =
-        userResourceTest.createEntity(userResourceTest.createRequest(test, 2), TEST_AUTH_HEADERS);
+        userResourceTest.createEntity(
+            userResourceTest.createRequest(test, 2), USER_WITH_CREATE_HEADERS);
     addAndCheckFollower(entityId, user2.getId(), OK, 2, TEST_AUTH_HEADERS);
 
     // Delete followers and make sure they are deleted
@@ -1648,7 +1651,8 @@ void put_addFollowerDeleteEntity_200(TestInfo test) throws IOException {
     // Add follower to the entity
     UserResourceTest userResourceTest = new UserResourceTest();
     User user1 =
-        userResourceTest.createEntity(userResourceTest.createRequest(test, 1), TEST_AUTH_HEADERS);
+        userResourceTest.createEntity(
+            userResourceTest.createRequest(test, 1), USER_WITH_CREATE_HEADERS);
     addAndCheckFollower(entityId, user1.getId(), OK, 1, TEST_AUTH_HEADERS);
 
     deleteEntity(entityId, ADMIN_AUTH_HEADERS);

openmetadata-service/src/test/java/org/openmetadata/service/resources/policies/PolicyResourceTest.java

@@ -104,6 +104,8 @@ public PolicyResourceTest() {
   }
 
   public void setupPolicies() throws IOException {
+    CREATE_ACCESS_PERMISSION_POLICY =
+        createEntity(createAccessControlPolicyWithCreateRule(), ADMIN_AUTH_HEADERS);
     POLICY1 = createEntity(createRequest("policy1").withOwner(null), ADMIN_AUTH_HEADERS);
     POLICY2 = createEntity(createRequest("policy2").withOwner(null), ADMIN_AUTH_HEADERS);
     TEAM_ONLY_POLICY = getEntityByName("TeamOnlyPolicy", "", ADMIN_AUTH_HEADERS);
@@ -769,6 +771,19 @@ private CreatePolicy createAccessControlPolicyWithRules(String name, List<Rule>
         .withOwner(USER1_REF);
   }
 
+  private CreatePolicy createAccessControlPolicyWithCreateRule() {
+    return new CreatePolicy()
+        .withName("CreatePermissionPolicy")
+        .withDescription("Create User Permission")
+        .withRules(
+            List.of(
+                new Rule()
+                    .withName("CreatePermission")
+                    .withResources(List.of(ALL_RESOURCES))
+                    .withOperations(List.of(MetadataOperation.CREATE))
+                    .withEffect(ALLOW)));
+  }
+
   private void validateCondition(String expression) throws HttpResponseException {
     WebTarget target = getResource(collectionName + "/validation/condition/" + expression);
     TestUtils.get(target, ADMIN_AUTH_HEADERS);

openmetadata-service/src/test/java/org/openmetadata/service/resources/teams/RoleResourceTest.java

@@ -74,6 +74,13 @@ public void setupRoles(TestInfo test) throws HttpResponseException {
 
     ROLE1 = createEntity(createRequest(test), ADMIN_AUTH_HEADERS);
     ROLE1_REF = ROLE1.getEntityReference();
+
+    CREATE_ACCESS_ROLE =
+        createEntity(
+            new CreateRole()
+                .withName("CreateAccessRole")
+                .withPolicies(List.of(CREATE_ACCESS_PERMISSION_POLICY.getFullyQualifiedName())),
+            ADMIN_AUTH_HEADERS);
   }
 
   /** Creates the given number of roles */

openmetadata-service/src/test/java/org/openmetadata/service/resources/teams/UserResourceTest.java

@@ -51,6 +51,7 @@
 import static org.openmetadata.service.util.TestUtils.INGESTION_BOT;
 import static org.openmetadata.service.util.TestUtils.TEST_AUTH_HEADERS;
 import static org.openmetadata.service.util.TestUtils.TEST_USER_NAME;
+import static org.openmetadata.service.util.TestUtils.USER_WITH_CREATE_PERMISSION_NAME;
 import static org.openmetadata.service.util.TestUtils.UpdateType.CHANGE_CONSOLIDATED;
 import static org.openmetadata.service.util.TestUtils.UpdateType.MINOR_UPDATE;
 import static org.openmetadata.service.util.TestUtils.UpdateType.REVERT;
@@ -153,6 +154,14 @@ public UserResourceTest() {
   }
 
   public void setupUsers(TestInfo test) throws HttpResponseException {
+    CreateUser createUserWithAccess =
+        new CreateUser()
+            .withName(USER_WITH_CREATE_PERMISSION_NAME)
+            .withEmail(USER_WITH_CREATE_PERMISSION_NAME + "@open-metadata.org")
+            .withProfile(PROFILE)
+            .withRoles(List.of(CREATE_ACCESS_ROLE.getId()))
+            .withIsBot(false);
+    USER_WITH_CREATE_ACCESS = createEntity(createUserWithAccess, ADMIN_AUTH_HEADERS);
     CreateUser create = createRequest(test).withRoles(List.of(DATA_CONSUMER_ROLE.getId()));
     USER1 = createEntity(create, ADMIN_AUTH_HEADERS);
     USER1_REF = USER1.getEntityReference();

openmetadata-service/src/test/java/org/openmetadata/service/util/TestUtils.java

@@ -104,6 +104,9 @@ public final class TestUtils {
   public static final String TEST_USER_NAME = "test";
   public static final Map<String, String> TEST_AUTH_HEADERS =
       authHeaders(TEST_USER_NAME + "@open-metadata.org");
+  public static final String USER_WITH_CREATE_PERMISSION_NAME = "testWithCreateUserPermission";
+  public static final Map<String, String> USER_WITH_CREATE_HEADERS =
+      authHeaders(USER_WITH_CREATE_PERMISSION_NAME + "@open-metadata.org");
 
   public static final UUID NON_EXISTENT_ENTITY = UUID.randomUUID();