Node / Responsibility Trust Level in Oracle Applications (E-Business Suite 11i/R12)

Node Trust Level

Node or Responsibility Trust Level : is profile option, to restrict access to set of responsibilities based on Web Server from which user logs in.

This profile option can take one of three values –
Normal (Default Value)

Lets suppose E-Business Suite (11i/R12) is deployed with four middle tier where two nodes (node1 & node2) are internal(for intranet users) and two nodes (node3 & node4) are external (for internet users – iSupplier, iProcurement, iRecruitment..).  

        You (or Security Team) want that users coming from external machine (node3 & node4) should see only selected responsibility (assume resp1 and resp2). You could achieve this using profile option “Node Trust Level & Responsibility Trust Level

1. Set Profile Option “Node Trust Level” at Server level (for External Nodes i.e. node3 & node4) to “External” – Leave value of this profile option at “Site Level” to “Normal”
2. Set Profile Option “Responsibility Trust Level” at Responsibility Level (for resp1 & resp2) to “External” – Leave value of this profile option at “Site Level” to “Normal”
3. Bounce external middle tier (Restart Apache using

Assume users1 with access to responsibility; resp1, resp2, resp3, resp4 try to login
1. If User, user1 login from external node (node3 & node4)  :  user1 can only see two responsibility (resp1 & resp2)

2. If same User, user1 login from internal node (node1 & node2) : user1 can see all four responsibility (resp1, resp2, resp3 & resp4)

Things good to know
If you set “Node Trust Level” value to external, for any node, this will create URL Firewall (url_fw.conf) for that particular node. If you wish to know more about Apps URL Firewall check my previous post here



  • 380490.1  Oracle E-Business Suite R12 Configuration in a DMZ
  • 287176.1  DMZ Configuration with Oracle E-Business Suite 11i
  • 364439.1  Tips and Queries for Troubleshooting Advanced Topologies
  • 308271.1  Enable Web Access By External Supplier Users to Oracle iSupplier Portal and Oracle Sourcing
  • 460564.1  Hints and Tips for Troubleshooting the URL Firewall

Share This Post with Your Friends over Social Media!

About the Author Atul Kumar

Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Specialising in Design, Implement, and Trainings.

follow me on:

Leave a Comment:

Cher says November 4, 2008

It’s a very good site !! Very nice work, admin 🙂 Good luck !,

Giochi Di Ben10 says July 21, 2010

Thank for this cool tip!!

Muhabbet says August 15, 2010

Thank you a lot about very beneficial to my work was very useful thank you

karen says October 10, 2011

Can anyone tell me if their is any differences in Oracle GRC suite V12 relating to Oracle Reponsibilities. e.g does it still have AZN menu responsibilties and what effect it will have on User responsibilities in the up grade. And what effect it may have on Forms?
Thanks so much

Steve says March 30, 2012

We don’t have SSO and want to know if there is a way to block internal user access through the DMZ. This is to keep internal accounts from being locked by DMZ mischief of 3 failed attempts. Is this even necessary?


San says September 19, 2013

How to configure multiple I modules in sigle DMZ server.
If i have one i module running on DMZ how to configure second i module.

Please clarify me on two i-modules configurations on same DMZ server.


shapram says February 28, 2017

Excellent very helpful Thanks

Add Your Reply