if not route.sysadmin:
                capability = self.manager.api.capabilities.list(
                    domain_id=self.domain_id, route_id=route.id)
                self.manager.api.policies.create(
                    capability_id=capability[0].id, role_id=self.entity.id)