Search Results pa_role_controls




Overview
Explore in AI Chat

Overview

The PA_ROLE_CONTROLS table is a core repository within the Oracle E-Business Suite Projects (PA) module, specifically for versions 12.1.1 and 12.2.2. It functions as the master table for defining and storing security and functional controls associated with project roles. This table is fundamental to the role-based access control (RBAC) framework in Oracle Projects, governing which actions and data a user assigned a specific role can access or perform on a project. By centralizing these control definitions, it ensures consistent enforcement of business rules and security policies across all project-related transactions and inquiries.

Key Information Stored

The table's primary purpose is to link a specific project role with a defined control code. According to the provided metadata, its structure is anchored by a two-column primary key (PA_ROLE_CONTROLS_PK). The key columns are PROJECT_ROLE_ID, which identifies the specific role from the project role catalog, and ROLE_CONTROL_CODE, which identifies the type of control being applied. While the ETRM excerpt does not list all columns, typical controls managed in this table might include authority to approve transactions, modify certain types of project data, view financial details, or transfer tasks. Each record effectively creates a rule permitting or restricting a capability for a given role.

Common Use Cases and Queries

This table is primarily accessed for security administration, audit reporting, and troubleshooting user access issues. A common administrative task is to review all controls assigned to a particular role to understand its privileges. Conversely, system integrators often query which roles possess a specific control to manage segregation of duties. Sample SQL patterns include identifying roles with a specific control, or listing all controls for a role to replicate in a new implementation.

  • To find all roles with a specific control (e.g., 'APPROVE_EXPENDITURE'):
    SELECT project_role_id FROM pa.pa_role_controls WHERE role_control_code = 'APPROVE_EXPENDITURE';
  • To audit all controls assigned to a role:
    SELECT role_control_code FROM pa.pa_role_controls WHERE project_role_id = <ROLE_ID> ORDER BY role_control_code;

Related Objects

PA_ROLE_CONTROLS is intrinsically linked to other foundational tables in the Projects security and role management schema. It directly references the PA_PROJECT_ROLES table (or a similar role definition table) via the PROJECT_ROLE_ID column. The control codes (ROLE_CONTROL_CODE) likely reference a lookup type, such as PA_ROLE_CONTROL_CODES. This table is also a critical source for views that present role security information to application forms and reports. Furthermore, user role assignments stored in tables like PA_PROJECT_PLAYERS are validated against the controls defined in PA_ROLE_CONTROLS to enforce transactional security.