Node / Responsibility Trust Level in Oracle Applications (E-Business Suite 11i/R12)

Node Trust Level

Node or Responsibility Trust Level : is profile option, to restrict access to set of responsibilities based on Web Server from which user logs in.

This profile option can take one of three values –
Administrative
Normal (Default Value)
External

Lets suppose E-Business Suite (11i/R12) is deployed with four middle tier where two nodes (node1 & node2) are internal(for intranet users) and two nodes (node3 & node4) are external (for internet users – iSupplier, iProcurement, iRecruitment..).  

        You (or Security Team) want that users coming from external machine (node3 & node4) should see only selected responsibility (assume resp1 and resp2). You could achieve this using profile option “Node Trust Level & Responsibility Trust Level

.
1. Set Profile Option “Node Trust Level” at Server level (for External Nodes i.e. node3 & node4) to “External” – Leave value of this profile option at “Site Level” to “Normal”
2. Set Profile Option “Responsibility Trust Level” at Responsibility Level (for resp1 & resp2) to “External” – Leave value of this profile option at “Site Level” to “Normal”
3. Bounce external middle tier (Restart Apache using adapcctl.sh).

Assume users1 with access to responsibility; resp1, resp2, resp3, resp4 try to login
1. If User, user1 login from external node (node3 & node4)  :  user1 can only see two responsibility (resp1 & resp2)

2. If same User, user1 login from internal node (node1 & node2) : user1 can see all four responsibility (resp1, resp2, resp3 & resp4)

.
Things good to know
If you set “Node Trust Level” value to external, for any node, this will create URL Firewall (url_fw.conf) for that particular node. If you wish to know more about Apps URL Firewall check my previous post here

.

Reference

  • 380490.1  Oracle E-Business Suite R12 Configuration in a DMZ
  • 287176.1  DMZ Configuration with Oracle E-Business Suite 11i
  • 364439.1  Tips and Queries for Troubleshooting Advanced Topologies
  • 308271.1  Enable Web Access By External Supplier Users to Oracle iSupplier Portal and Oracle Sourcing
  • 460564.1  Hints and Tips for Troubleshooting the URL Firewall

About the Author Atul Kumar

Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Oracle Gold Partner specialising in Design, Implement, and Trainings.

follow me on:

Leave a Comment:

7 comments
Cher says November 4, 2008

It’s a very good site !! Very nice work, admin :) Good luck !,

Reply
Giochi Di Ben10 says July 21, 2010

Thank for this cool tip!!

Reply
Muhabbet says August 15, 2010

Thank you a lot about very beneficial to my work was very useful thank you

Reply
karen says October 10, 2011

Can anyone tell me if their is any differences in Oracle GRC suite V12 relating to Oracle Reponsibilities. e.g does it still have AZN menu responsibilties and what effect it will have on User responsibilities in the up grade. And what effect it may have on Forms?
Thanks so much
Karen

Reply
Steve says March 30, 2012

We don’t have SSO and want to know if there is a way to block internal user access through the DMZ. This is to keep internal accounts from being locked by DMZ mischief of 3 failed attempts. Is this even necessary?

Thanks,

Reply
San says September 19, 2013

How to configure multiple I modules in sigle DMZ server.
If i have one i module running on DMZ how to configure second i module.

Please clarify me on two i-modules configurations on same DMZ server.

San

Reply
shapram says February 28, 2017

Excellent very helpful Thanks

Reply
Add Your Reply