Search Results jtf_auth_principal_maps

Overview

The JTF_AUTH_PRINCIPAL_MAPS table is a core data object within the JTF (CRM Foundation) module of Oracle E-Business Suite (EBS) 12.1.1 and 12.2.2. It serves as the central repository for managing role-based access control (RBAC) by defining hierarchical relationships between security principals. Specifically, it implements the mechanism for granting roles to users or other roles. As documented, its primary function is to make a user (or parent principal) a "parent" of a role (or child principal) within a specific security domain. This parent-child mapping is the foundational structure that enables the inheritance of permissions and responsibilities across the CRM and integrated applications, ensuring users possess the appropriate authorizations for their business functions.

Key Information Stored

The table stores mapping records that link principals together. The most critical columns, as indicated by the foreign key relationships, are:

• JTF_AUTH_PRINCIPAL_MAPPING_ID: The unique primary key identifier for each mapping record.
• JTF_AUTH_PARENT_PRINCIPAL_ID: References a principal (typically a user or a higher-level role) in JTF_AUTH_PRINCIPALS_B that is being granted a role.
• JTF_AUTH_PRINCIPAL_ID: References the principal (typically a role) in JTF_AUTH_PRINCIPALS_B that is being granted to the parent.
• JTF_AUTH_DOMAIN_ID: References a security domain in JTF_AUTH_DOMAINS_B, scoping the validity of this role assignment to a specific logical partition, such as an operating unit or a set of data.
• APPLICATION_ID: References FND_APPLICATION, linking the mapping to a specific EBS application for further context and control.

Together, these columns define a complete statement: "Within this Application and Domain, this Parent Principal is assigned this Role."

Common Use Cases and Queries

A primary use case is auditing and troubleshooting user security profiles. Administrators frequently query this table to verify role assignments or diagnose authorization issues. A common pattern is to join with principal and domain tables to retrieve human-readable information. For example, to list all role grants for a specific user:

SELECT pap.principal_name parent_user,
       pr.principal_name granted_role,
       d.domain_name,
       fapp.application_name
FROM jtf_auth_principal_maps map,
     jtf_auth_principals_b pap,
     jtf_auth_principals_b pr,
     jtf_auth_domains_b d,
     fnd_application fapp
WHERE map.jtf_auth_parent_principal_id = pap.jtf_auth_principal_id
AND   map.jtf_auth_principal_id = pr.jtf_auth_principal_id
AND   map.jtf_auth_domain_id = d.jtf_auth_domain_id
AND   map.application_id = fapp.application_id
AND   pap.principal_name = 'USER123';

Another critical use case is during data migrations or security synchronizations, where scripts may insert or delete records in this table to programmatically manage role assignments, always respecting the domain and application context.

Related Objects

The table maintains strict referential integrity through documented foreign key relationships with other core security tables. The key related objects are:

• JTF_AUTH_PRINCIPALS_B: Referenced twice. The column JTF_AUTH_PRINCIPAL_ID joins to this table to identify the role being granted. The column JTF_AUTH_PARENT_PRINCIPAL_ID joins to this table to identify the user or parent role receiving the grant.
• JTF_AUTH_DOMAINS_B: Referenced via JTF_AUTH_DOMAIN_ID to establish the security domain context for the mapping.
• FND_APPLICATION: Referenced via APPLICATION_ID to associate the mapping with a specific Oracle EBS application.

These relationships ensure that every mapping is valid and points to existing principals, domains, and applications within the system.