on 05-21-2012 2:22 PM
Hi All,
I have an interesting scenario which I could do with some help to solve.
My client has a scenario where users require a different set of default roles in 2 systems depending on their grade in the business (ESS v MSS access mainly). These roles are conflict free and should be assigned without the need for approval based upon the HR employee records.
I have configured HR triggers to auomatically trigger a request and create the user in both systems with the generic access without approval (as requested) but I have only been able to do this through the assignment of default roles per system which means every request gets the same roles.
How can I get the HR triggers functionality to look at the employee record and derive the correct roles to assign rather than just a global one?
I cannot use Indirect role provisioning as this requires roles to be assigned wider than just the HR system itself and also would be a massive data maintenance headache.
I was considering using default roles based upon Functional Area but the functional area is a single entry and therefore cannot be triggered effectively from an HR trigger where there could be multiple values.
I basically want to get a BRF+ rule for assigning roles to requests as well as triggering action IDs! Is there a way of doing that?
Simon
Good Day
I have the same request for my client. Was there a solution for this question and per the originated ask?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello experts,
I'm trying to add default roles to HR trigger, could you explain how it works?
BR,
Lucas
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Lucas,
I have been testing this and think I've found a way.
With these steps above, I am able to have the HR trigger add default roles to the request automatically without any approval.
The only challenge I am having is populating the "Location" field on the request form with fields from HR. I want to bring over Personnel Subarea to map to the Location field, but am having issues with standard config--may require some custom development for that.
Thanks
Hi Brett,
I am trying to set up defualt roles for HR triggers and was wondering how you were able to achieve the third step:
"3. To this custom request type, we maintained Default roles at the Request Level, based on values in the "Location" field on the access request form (we used "Location" as it was one of the few/only free-text fields that Default Roles will leverage out of the box; we also weren't using it for anything else)"
I would appreciate if you could provide some details on how you were able to set up Default roles at request level.
Thanks,
Pawan
Hi Pawan,
Thanks
Hi Brett,
Thank you very much for your response. This is very helpful.
I just wanted to know how you were able to populate Location field from HR master data. I tried mapping Location Field as below but could not get the required data populated in Maintain Mapping for Actions and Connector Groups:
Access Request Field - LOCATION
Field Name - PERSG
Table Name - PA0001
Subtype -
Thank you,
Pawan
Hi Pawan,
I haven't been able to figure out how to populate that field with standard config, per my original post. Hoping someone from the community can help. I would like to populate that field with Personnel Subarea from P0001, but I do not have Personnel Subarea available to me to select as a mapping when I try to do so.
Thanks
Hello Pawan,
You can map following values in HR trigger field mapping under configuration "Maintain Mapping for Actions and Connector Groups"
In case you need Personnel Area | |
AC Field name | LOCATION |
System field name | WERKS |
Table name | 0001 |
Sub type | Blank |
In case you need Company code to map | |
AC Field name | LOCATION |
System field name | BUKRS |
Table name | 0001 |
Sub type | Blank |
Hi Simon,
Were you able to achieve the functionality using the BRF+ Rules?
We have exactly the same requirement and need to assign some non HR roles to users in non HR systems based on HR Trigger Actions.
These roles do not need to undergo any apporval cycle and should just be assigned based on their grades in business.However as written by you default roles too cannot be used sicne they get allocated to all users in a specific system.
Regards,
Furqan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
We have resolved the issue assigning ESS and MSS role by custom dynamic program and role mapping. Plesae contact me via email for more information.
Dilip
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Dilip,
I have seen your answer in the following scn post:
GRC10 HR Triggers - Role assignment
We want to use GRC to assing Organizational and function roles using and HR system with the HR triggers.
At the moment the BRF+ that we have created only brings position roles and we couldn't find a way to assignt functional/bussiness roles when the position is changed.
In the post you say that solved the problem of assigning roles by a dynamic program and role mapping. Could you give some details?
Dou you know if its possible to use HR triggers for our purpose?
I could find your email for direct writting.
Thanks in advanced
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.