Select rows from one table where mapping exists in another table

Question

My question revolves around using an Oracle Database to manage a mapping between Raw Entitlements to Business Friendly Roles.

Basically, I have two tables:

Mapping Table - this would contain what entitlements are required to fit into a particular applicationrole. Note that you must have ALL of the entitlements for a particular applicationrole to have it. Also, this could change on any day, so queries need to be dynamic in the sense that it could be 3 entitlements = a role or 10 entitlements = a role.

Application ApplicationRole     Resource    Action
--------------------------------------------------------
Test1       Admin               appserver1  admin
Test1       Admin               appserver2  admin
Test1       Admin               appserver3  admin
test2       ReadOnly            appserver1  ro
test2       ReadOnly            appserver2  ro

Accounts Table - this table would contain raw data from servers, like what accounts exist on what servers:

Account Resource    Action      Application
-------------------------------------------------
abc123  appserver1  admin       Test1
abc123  appserver2  admin       Test1
abc123  appserver3  admin       Test1
test2   ReadOnly    appserver1  ro

What I am aiming for is to find what applicationroles (business friendly grouping) are applicable to my accounts. In this example, account abc123 has 3 entitlements, for appservers 1, 2 and 3, and has the admin entitlement. Looking at the mapping table, I can now say this account has applicationrole "admin". However, account test2 only has ro on a single server, and the mapping says it needs ro on two servers to have the role "ReadOnly", therefore, account test2 does NOT have the role.

The output from a query on this same data should look like:

Account   Application   ApplicationRole
----------------------------------------------
abc123    Test1         Admin

Later on, I'll also want a query that returns the opposite;all accounts that DON'T fit into a role. Eg

Account   Application   Resource    Action
----------------------------------------------
test2     test2         ReadOnly    appserver1

Let me know if I can provide any more info! I can't really find what I am after online, seems pretty hard to search for.

Thanks guys! :)

EDIT: I've managed to write up this query and it seems to work for the first part; not sure if it's the best way though, and any guidance would be great :)

SELECT *
FROM TEMP_USERDATA b
LEFT JOIN TEMP_MAPPINGTABLE a
ON a.application = b.application
AND a.oresource  =b.oresource
AND a.action     =b.action
WHERE (SELECT COUNT(c.application||c.oresource||c.action)
  FROM temp_mappingtable c
  WHERE c.application=a.application) =
  (SELECT COUNT(DISTINCT application||oresource||action||account)
  FROM temp_userdata
  WHERE temp_userdata.application=a.application
  );

Answer 1

Try this:

;WITH mapingdata AS (  SELECT application,
applicationrole,
resource,
action,
COUNT ( * ) AS rowcount
FROM    temp_mappingtable
GROUP BY application,
applicationrole,
resource,
action),

WITH userdata AS (  SELECT   account,
                                      resource,
                                      action,
                                      application,
                                      COUNT ( * ) AS rowcount
                             FROM   user_data
                        GROUP BY   account,
                                      resource,
                                      action,
                                      application)
SELECT  *
  FROM  mapingdata m, userdata u
 WHERE       m.application = u.application
            AND m.resource = u.resource
            AND m.action = u.action
            AND m.rowcount = u.rowcount;