Search Results jtf_dac_role_perm_crit




Overview
Explore in AI Chat

Overview

The JTF_DAC_ROLE_PERM_CRIT table is a core data object within the Oracle E-Business Suite CRM Foundation (JTF) module. It functions as a junction table that establishes a critical link between role-based permissions and data access security criteria. Specifically, it associates a granted permission for a role (principal) with a specific data access control (DAC) criterion, thereby defining the precise data subset a role can access when exercising a particular application permission. This table is integral to the fine-grained, criteria-based security model that governs data visibility within the CRM components of Oracle EBS 12.1.1 and 12.2.2. The official documentation explicitly advises "Do not use," indicating it is an internal, seeded table primarily managed by Oracle's application logic and not intended for direct modification or custom integration.

Key Information Stored

The table's primary purpose is to store the associative relationships between four key security entities. Its structure is defined by foreign key columns that reference other foundational security tables. The central column is ROLE_PERM_CRIT_ID, which serves as the unique primary key identifier for each association record. The other columns are all foreign keys: ROLE_PERM_ID links to the base role-permission grant, JTF_AUTH_PRINCIPAL_ID identifies the security role, JTF_AUTH_PERMISSION_ID identifies the specific application permission, and CRITERIA_ID points to the exact data access criterion (e.g., "WHERE SALES_REGION = 'WEST'") that restricts the permission. A timestamp column, LAST_UPDATE_DATE, is typically present for auditing.

Common Use Cases and Queries

Direct interaction with this table is strongly discouraged per Oracle's guidance. Its primary use case is internal: the Oracle application logic queries it at runtime to dynamically append WHERE clause criteria to SQL statements based on the user's role and the action being performed. For diagnostic or reporting purposes, administrators might query it to audit or analyze the criteria-bound permissions assigned within the system. A sample analytical query would join to its related tables to produce a human-readable report:

Related Objects

JTF_DAC_ROLE_PERM_CRIT sits at the intersection of several key security tables, as defined by its foreign key constraints. It has a direct many-to-one relationship with the following objects:

  • JTF_AUTH_PRINCIPALS_B: Links via JTF_AUTH_PRINCIPAL_ID to identify the security role or principal.
  • JTF_AUTH_PERMISSIONS_B: Links via JTF_AUTH_PERMISSION_ID to identify the specific application permission (e.g., "VIEW_CUSTOMER").
  • JTF_DAC_ROLE_PERMS: Links via ROLE_PERM_ID to the core table that records which permissions are granted to which roles, without criteria.
  • JTF_DAC_CRITERIA: Links via CRITERIA_ID to the table storing the actual SQL-based criteria definitions that filter data access.

The table JTF_DAC_ROLE_PERMS is often the immediate parent, with JTF_DAC_ROLE_PERM_CRIT providing the criteria-specific extensions to those base grants.