Search Results jtf_dac_role_perm_crit

Overview

The JTF_DAC_ROLE_PERM_CRIT table is a core data object within the Oracle E-Business Suite CRM Foundation (JTF) module. It functions as a junction table that establishes a critical link between role-based permissions and data access security criteria. Specifically, it associates a granted permission for a role (principal) with a specific data access control (DAC) criterion, thereby defining the precise data subset a role can access when exercising a particular application permission. This table is integral to the fine-grained, criteria-based security model that governs data visibility within the CRM components of Oracle EBS 12.1.1 and 12.2.2. The official documentation explicitly advises "Do not use," indicating it is an internal, seeded table primarily managed by Oracle's application logic and not intended for direct modification or custom integration.

Key Information Stored

The table's primary purpose is to store the associative relationships between four key security entities. Its structure is defined by foreign key columns that reference other foundational security tables. The central column is ROLE_PERM_CRIT_ID, which serves as the unique primary key identifier for each association record. The other columns are all foreign keys: ROLE_PERM_ID links to the base role-permission grant, JTF_AUTH_PRINCIPAL_ID identifies the security role, JTF_AUTH_PERMISSION_ID identifies the specific application permission, and CRITERIA_ID points to the exact data access criterion (e.g., "WHERE SALES_REGION = 'WEST'") that restricts the permission. A timestamp column, LAST_UPDATE_DATE, is typically present for auditing.

Common Use Cases and Queries

Direct interaction with this table is strongly discouraged per Oracle's guidance. Its primary use case is internal: the Oracle application logic queries it at runtime to dynamically append WHERE clause criteria to SQL statements based on the user's role and the action being performed. For diagnostic or reporting purposes, administrators might query it to audit or analyze the criteria-bound permissions assigned within the system. A sample analytical query would join to its related tables to produce a human-readable report:

SELECT rp.ROLE_PERM_ID, p.PRINCIPAL_NAME, perm.PERMISSION_NAME, c.CRITERIA_NAME FROM JTF_DAC_ROLE_PERM_CRIT rpc JOIN JTF_AUTH_PRINCIPALS_B p ON rpc.JTF_AUTH_PRINCIPAL_ID = p.JTF_AUTH_PRINCIPAL_ID JOIN JTF_AUTH_PERMISSIONS_B perm ON rpc.JTF_AUTH_PERMISSION_ID = perm.JTF_AUTH_PERMISSION_ID JOIN JTF_DAC_CRITERIA c ON rpc.CRITERIA_ID = c.CRITERIA_ID WHERE p.PRINCIPAL_NAME = '&ROLE_NAME';

Related Objects

JTF_DAC_ROLE_PERM_CRIT sits at the intersection of several key security tables, as defined by its foreign key constraints. It has a direct many-to-one relationship with the following objects:

JTF_AUTH_PRINCIPALS_B: Links via JTF_AUTH_PRINCIPAL_ID to identify the security role or principal.
JTF_AUTH_PERMISSIONS_B: Links via JTF_AUTH_PERMISSION_ID to identify the specific application permission (e.g., "VIEW_CUSTOMER").
JTF_DAC_ROLE_PERMS: Links via ROLE_PERM_ID to the core table that records which permissions are granted to which roles, without criteria.
JTF_DAC_CRITERIA: Links via CRITERIA_ID to the table storing the actual SQL-based criteria definitions that filter data access.

The table JTF_DAC_ROLE_PERMS is often the immediate parent, with JTF_DAC_ROLE_PERM_CRIT providing the criteria-specific extensions to those base grants.

Table: JTF_DAC_ROLE_PERM_CRIT 12.1.1
owner:JTF, object_type:TABLE, fnd_design_data:JTF.JTF_DAC_ROLE_PERM_CRIT, object_name:JTF_DAC_ROLE_PERM_CRIT, status:VALID, product: JTF - CRM Foundation , description: Do not use , implementation_dba_data: JTF.JTF_DAC_ROLE_PERM_CRIT ,
Table: JTF_DAC_ROLE_PERM_CRIT 12.2.2
owner:JTF, object_type:TABLE, fnd_design_data:JTF.JTF_DAC_ROLE_PERM_CRIT, object_name:JTF_DAC_ROLE_PERM_CRIT, status:VALID, product: JTF - CRM Foundation , description: Do not use , implementation_dba_data: JTF.JTF_DAC_ROLE_PERM_CRIT ,
APPS.IBU_DAC_CRITERIA_PKG dependencies on JTF_DAC_ROLE_PERM_CRIT 12.1.1
APPS.JTF_DAC_ROLE_PERM_CRIT_PKG dependencies on JTF_DAC_ROLE_PERM_CRIT 12.1.1
APPS.JTF_DAC_ROLE_PERM_CRIT_PKG dependencies on JTF_DAC_ROLE_PERM_CRIT 12.2.2
APPS.IBU_DAC_CRITERIA_PKG dependencies on JTF_DAC_ROLE_PERM_CRIT 12.2.2
SYNONYM: APPS.JTF_DAC_ROLE_PERM_CRIT 12.1.1
owner:APPS, object_type:SYNONYM, object_name:JTF_DAC_ROLE_PERM_CRIT, status:VALID,
VIEW: JTF.JTF_DAC_ROLE_PERM_CRIT# 12.2.2
VIEW: JTF.JTF_DAC_ROLE_PERM_CRIT# 12.2.2
owner:JTF, object_type:VIEW, object_name:JTF_DAC_ROLE_PERM_CRIT#, status:VALID,
SYNONYM: APPS.JTF_DAC_ROLE_PERM_CRIT 12.2.2
owner:APPS, object_type:SYNONYM, object_name:JTF_DAC_ROLE_PERM_CRIT, status:VALID,
APPS.IBU_DAC_CRITERIA_PKG dependencies on JTF_AUTH_ROLE_PERMS 12.1.1
APPS.IBU_DAC_CRITERIA_PKG dependencies on JTF_AUTH_ROLE_PERMS 12.2.2
TRIGGER: APPS.JTF_DAC_CRITERIA_TR2 12.2.2
owner:APPS, object_type:TRIGGER, object_name:JTF_DAC_CRITERIA_TR2, status:VALID,
TRIGGER: APPS.JTF_DAC_CRITERIA_TR2 12.1.1
Table: JTF_DAC_ROLE_PERMS 12.2.2
owner:JTF, object_type:TABLE, fnd_design_data:JTF.JTF_DAC_ROLE_PERMS, object_name:JTF_DAC_ROLE_PERMS, status:VALID, product: JTF - CRM Foundation , description: Do not use , implementation_dba_data: JTF.JTF_DAC_ROLE_PERMS ,
APPS.JTF_DAC_ROLE_PERM_CRIT_PKG SQL Statements 12.2.2
APPS.JTF_DAC_ROLE_PERM_CRIT_PKG SQL Statements 12.1.1
TRIGGER: APPS.JTF_DAC_ROLE_PERMS_TR1 12.2.2
owner:APPS, object_type:TRIGGER, object_name:JTF_DAC_ROLE_PERMS_TR1, status:VALID,
TRIGGER: APPS.JTF_DAC_CRITERIA_TR1 12.2.2
owner:APPS, object_type:TRIGGER, object_name:JTF_DAC_CRITERIA_TR1, status:VALID,
TRIGGER: APPS.JTF_DAC_CRITERIA_TR2 12.2.2
APPS.IBU_DAC_CRITERIA_PKG SQL Statements 12.2.2
TRIGGER: APPS.JTF_DAC_ROLE_PERMS_TR2 12.2.2
TRIGGER: APPS.JTF_DAC_ROLE_PERMS_TR2 12.1.1
owner:APPS, object_type:TRIGGER, object_name:JTF_DAC_ROLE_PERMS_TR2, status:VALID,
Table: JTF_DAC_CRITERIA 12.2.2
owner:JTF, object_type:TABLE, fnd_design_data:JTF.JTF_DAC_CRITERIA, object_name:JTF_DAC_CRITERIA, status:VALID, product: JTF - CRM Foundation , description: Do not use , implementation_dba_data: JTF.JTF_DAC_CRITERIA ,
Table: JTF_DAC_CRITERIA 12.1.1
owner:JTF, object_type:TABLE, fnd_design_data:JTF.JTF_DAC_CRITERIA, object_name:JTF_DAC_CRITERIA, status:VALID, product: JTF - CRM Foundation , description: Do not use , implementation_dba_data: JTF.JTF_DAC_CRITERIA ,
TRIGGER: APPS.JTF_DAC_ROLE_PERMS_TR2 12.2.2
owner:APPS, object_type:TRIGGER, object_name:JTF_DAC_ROLE_PERMS_TR2, status:VALID,
TRIGGER: APPS.JTF_DAC_ROLE_PERMS_TR1 12.1.1
owner:APPS, object_type:TRIGGER, object_name:JTF_DAC_ROLE_PERMS_TR1, status:VALID,
TABLE: JTF.JTF_DAC_ROLE_PERM_CRIT 12.1.1
owner:JTF, object_type:TABLE, fnd_design_data:JTF.JTF_DAC_ROLE_PERM_CRIT, object_name:JTF_DAC_ROLE_PERM_CRIT, status:VALID,
Table: JTF_DAC_ROLE_PERMS 12.1.1
owner:JTF, object_type:TABLE, fnd_design_data:JTF.JTF_DAC_ROLE_PERMS, object_name:JTF_DAC_ROLE_PERMS, status:VALID, product: JTF - CRM Foundation , description: Do not use , implementation_dba_data: JTF.JTF_DAC_ROLE_PERMS ,
PACKAGE BODY: APPS.IBU_DAC_CRITERIA_PKG 12.2.2
owner:APPS, object_type:PACKAGE BODY, object_name:IBU_DAC_CRITERIA_PKG, status:VALID,
TRIGGER: APPS.JTF_DAC_ROLE_PERMS_TR2 12.1.1
TRIGGER: APPS.JTF_DAC_CRITERIA_TR2 12.1.1
owner:APPS, object_type:TRIGGER, object_name:JTF_DAC_CRITERIA_TR2, status:VALID,
PACKAGE BODY: APPS.JTF_DAC_ROLE_PERM_CRIT_PKG 12.1.1
owner:APPS, object_type:PACKAGE BODY, object_name:JTF_DAC_ROLE_PERM_CRIT_PKG, status:VALID,
PACKAGE BODY: APPS.JTF_DAC_ROLE_PERM_CRIT_PKG 12.2.2
owner:APPS, object_type:PACKAGE BODY, object_name:JTF_DAC_ROLE_PERM_CRIT_PKG, status:VALID,
TABLE: JTF.JTF_DAC_ROLE_PERM_CRIT 12.2.2
owner:JTF, object_type:TABLE, fnd_design_data:JTF.JTF_DAC_ROLE_PERM_CRIT, object_name:JTF_DAC_ROLE_PERM_CRIT, status:VALID,
Table: JTF_AUTH_PERMISSIONS_B 12.2.2
owner:JTF, object_type:TABLE, fnd_design_data:JTF.JTF_AUTH_PERMISSIONS_B, object_name:JTF_AUTH_PERMISSIONS_B, status:VALID, product: JTF - CRM Foundation , description: This table will store the permissions [which are simple strings] for all the domains in the system. We will partition the permissions by applicationID for hosting purposes. , implementation_dba_data: JTF.JTF_AUTH_PERMISSIONS_B ,
TRIGGER: APPS.JTF_DAC_CRITERIA_TR1 12.1.1
owner:APPS, object_type:TRIGGER, object_name:JTF_DAC_CRITERIA_TR1, status:VALID,
Table: JTF_AUTH_PRINCIPALS_B 12.1.1
owner:JTF, object_type:TABLE, fnd_design_data:JTF.JTF_AUTH_PRINCIPALS_B, object_name:JTF_AUTH_PRINCIPALS_B, status:VALID, product: JTF - CRM Foundation , description: A principal will be a user or a role. If the principal is a user then the column IS_USER_FLAG is set to 1 and USER_ID points to a user in FND_USER. We will later use application id to stripe the data for hosting purposes. , implementation_dba_data: JTF.JTF_AUTH_PRINCIPALS_B ,
PACKAGE BODY: APPS.IBU_DAC_CRITERIA_PKG 12.1.1
owner:APPS, object_type:PACKAGE BODY, object_name:IBU_DAC_CRITERIA_PKG, status:VALID,
APPS.IBU_DAC_CRITERIA_PKG SQL Statements 12.1.1
Table: JTF_AUTH_PERMISSIONS_B 12.1.1
owner:JTF, object_type:TABLE, fnd_design_data:JTF.JTF_AUTH_PERMISSIONS_B, object_name:JTF_AUTH_PERMISSIONS_B, status:VALID, product: JTF - CRM Foundation , description: This table will store the permissions [which are simple strings] for all the domains in the system. We will partition the permissions by applicationID for hosting purposes. , implementation_dba_data: JTF.JTF_AUTH_PERMISSIONS_B ,
TRIGGER: APPS.JTF_DAC_CRITERIA_TR1 12.2.2
TRIGGER: APPS.JTF_DAC_ROLE_PERMS_TR1 12.1.1
TRIGGER: APPS.JTF_DAC_ROLE_PERMS_TR1 12.2.2
Table: JTF_AUTH_PRINCIPALS_B 12.2.2
owner:JTF, object_type:TABLE, fnd_design_data:JTF.JTF_AUTH_PRINCIPALS_B, object_name:JTF_AUTH_PRINCIPALS_B, status:VALID, product: JTF - CRM Foundation , description: A principal will be a user or a role. If the principal is a user then the column IS_USER_FLAG is set to 1 and USER_ID points to a user in FND_USER. We will later use application id to stripe the data for hosting purposes. , implementation_dba_data: JTF.JTF_AUTH_PRINCIPALS_B ,
TRIGGER: APPS.JTF_DAC_CRITERIA_TR1 12.1.1
APPS.IBU_DAC_CRITERIA_PKG dependencies on JTF_AUTH_PRINCIPALS_B 12.1.1
APPS.IBU_DAC_CRITERIA_PKG dependencies on JTF_AUTH_PRINCIPALS_B 12.2.2
PACKAGE BODY: APPS.JTF_DAC_ROLE_PERM_CRIT_PKG 12.2.2
PACKAGE BODY: APPS.JTF_DAC_ROLE_PERM_CRIT_PKG 12.1.1