Oracle Applications has the capability to restrict access to a responsibility based upon the Web server from which the user logs in. This capability is provided by tagging Web servers with a “server trust level.”
The server trust level indicates the level of trust associated with the Web server.
Currently, three trust levels are supported: 1) administrative, 2) normal, and 3) external.
Web servers marked as “administrative” are typically those used exclusively by system administrators. These servers are considered secure and may contain highly sensitive information. Servers marked as “normal” are those used by employees within a company’s firewall. Users logging in from normal servers have access to only a limited
set of responsibilities. Lastly, servers marked as “external” are those used by customers or employees outside of a company’s firewall. These servers have access to an even smaller set of responsibilities.
Setting the Server Trust Level for a Server
To assign a trust level to a Web server, set the Node Trust Level profile option. The Node Trust Level profile option uses the Server profile hierarchy type, meaning that the value of the profile depends on the particular middle-tier server accessing the profile.
This profile option can be set to either 1, 2, or 3, with the following meanings.
• 1 – Administrative
• 2 – Normal
• 3 – External
To avoid having to set the Node Trust Level profile option for every Web server, you may wish to set it to a default level of trust at the site level, such as level 1. If no value is set for the Node Trust Level profile option for a Web server, the Web server is assumed to have a trust level of 1 (Administrative).
Restricting Access to a Responsibility
To restrict access to a responsibility, set the security-based Responsibility Trust Level (internal name APPL_SERVER_TRUST_LEVEL) profile option value for that responsibility to be the number 1, 2, or 3. Setting this profile value ensures that only Web servers with the same or greater privileged trust level may access that responsibility.
Like the Node Trust Level profile option, the default value for the Responsibility Trust Level is 1.
When fetching the list of valid responsibilities for a user, Oracle Applications checks to find only responsibilities with a Responsibility Trust Level value greater than or equal to the Web server’s Node Trust Level. In this way, a responsibility with Responsibility Trust Level set to 1 would only be available if the Web server has the Node Trust Level set to 1 as well. A responsibility with Responsibility Trust Level set to 2 would only be available if the Web server has Node Trust Level set to either 1 or 2.
Recent Comments