My question revolves around using an Oracle Database to manage a mapping between Raw Entitlements to Business Friendly Roles.
Basically, I have two tables:
Mapping Table - this would contain what entitlements are required to fit into a particular applicationrole. Note that you must have ALL of the entitlements for a particular applicationrole to have it. Also, this could change on any day, so queries need to be dynamic in the sense that it could be 3 entitlements = a role or 10 entitlements = a role.
Application ApplicationRole Resource Action -------------------------------------------------------- Test1 Admin appserver1 admin Test1 Admin appserver2 admin Test1 Admin appserver3 admin test2 ReadOnly appserver1 ro test2 ReadOnly appserver2 ro
Accounts Table - this table would contain raw data from servers, like what accounts exist on what servers:
Account Resource Action Application ------------------------------------------------- abc123 appserver1 admin Test1 abc123 appserver2 admin Test1 abc123 appserver3 admin Test1 test2 ReadOnly appserver1 ro
What I am aiming for is to find what applicationroles (business friendly grouping) are applicable to my accounts. In this example, account abc123 has 3 entitlements, for appservers 1, 2 and 3, and has the admin entitlement. Looking at the mapping table, I can now say this account has applicationrole "admin". However, account test2 only has ro on a single server, and the mapping says it needs ro on two servers to have the role "ReadOnly", therefore, account test2 does NOT have the role.
The output from a query on this same data should look like:
Account Application ApplicationRole ---------------------------------------------- abc123 Test1 Admin
Later on, I'll also want a query that returns the opposite;all accounts that DON'T fit into a role. Eg
Account Application Resource Action ---------------------------------------------- test2 test2 ReadOnly appserver1
Let me know if I can provide any more info! I can't really find what I am after online, seems pretty hard to search for.
Thanks guys! :)
EDIT: I've managed to write up this query and it seems to work for the first part; not sure if it's the best way though, and any guidance would be great :)
SELECT *
FROM TEMP_USERDATA b
LEFT JOIN TEMP_MAPPINGTABLE a
ON a.application = b.application
AND a.oresource =b.oresource
AND a.action =b.action
WHERE (SELECT COUNT(c.application||c.oresource||c.action)
FROM temp_mappingtable c
WHERE c.application=a.application) =
(SELECT COUNT(DISTINCT application||oresource||action||account)
FROM temp_userdata
WHERE temp_userdata.application=a.application
);
Try this:
;WITH mapingdata AS ( SELECT application,
applicationrole,
resource,
action,
COUNT ( * ) AS rowcount
FROM temp_mappingtable
GROUP BY application,
applicationrole,
resource,
action),
WITH userdata AS ( SELECT account,
resource,
action,
application,
COUNT ( * ) AS rowcount
FROM user_data
GROUP BY account,
resource,
action,
application)
SELECT *
FROM mapingdata m, userdata u
WHERE m.application = u.application
AND m.resource = u.resource
AND m.action = u.action
AND m.rowcount = u.rowcount;
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.