Node or Responsibility Trust Level : is profile option, to restrict access to set of responsibilities based on Web Server from which user logs in.
This profile option can take one of three values –
—Normal (Default Value)
Lets suppose E-Business Suite (11i/R12) is deployed with four middle tier where two nodes (node1 & node2) are internal(for intranet users) and two nodes (node3 & node4) are external (for internet users – iSupplier, iProcurement, iRecruitment..).
You (or Security Team) want that users coming from external machine (node3 & node4) should see only selected responsibility (assume resp1 and resp2). You could achieve this using profile option “Node Trust Level & Responsibility Trust Level”
1. Set Profile Option “Node Trust Level” at Server level (for External Nodes i.e. node3 & node4) to “External” – Leave value of this profile option at “Site Level” to “Normal”
2. Set Profile Option “Responsibility Trust Level” at Responsibility Level (for resp1 & resp2) to “External” – Leave value of this profile option at “Site Level” to “Normal”
3. Bounce external middle tier (Restart Apache using adapcctl.sh).
Assume users1 with access to responsibility; resp1, resp2, resp3, resp4 try to login
1. If User, user1 login from external node (node3 & node4) : user1 can only see two responsibility (resp1 & resp2)
2. If same User, user1 login from internal node (node1 & node2) : user1 can see all four responsibility (resp1, resp2, resp3 & resp4)
Things good to know
If you set “Node Trust Level” value to external, for any node, this will create URL Firewall (url_fw.conf) for that particular node. If you wish to know more about Apps URL Firewall check my previous post here
Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Oracle Gold Partner specialising in Design, Implement, and Trainings.