cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC10 HR Triggers - Role assignment

simon_persin4
Contributor

on ‎05-21-2012 2:22 PM

0 Kudos

Hi All,

I have an interesting scenario which I could do with some help to solve.

My client has a scenario where users require a different set of default roles in 2 systems depending on their grade in the business (ESS v MSS access mainly). These roles are conflict free and should be assigned without the need for approval based upon the HR employee records.

I have configured HR triggers to auomatically trigger a request and create the user in both systems with the generic access without approval (as requested) but I have only been able to do this through the assignment of default roles per system which means every request gets the same roles.

How can I get the HR triggers functionality to look at the employee record and derive the correct roles to assign rather than just a global one?

I cannot use Indirect role provisioning as this requires roles to be assigned wider than just the HR system itself and also would be a massive data maintenance headache.

I was considering using default roles based upon Functional Area but the functional area is a single entry and therefore cannot be triggered effectively from an HR trigger where there could be multiple values.

I basically want to get a BRF+ rule for assigning roles to requests as well as triggering action IDs! Is there a way of doing that?

Simon

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

former_member646189
Discoverer
‎04-07-2020 9:56 AM
0 Kudos

Good Day

I have the same request for my client. Was there a solution for this question and per the originated ask?

Show replies
Show replies
Former Member
‎03-19-2014 1:37 PM
0 Kudos

Hello experts,

I'm trying to add default roles to HR trigger, could you explain how it works?

BR,

Lucas

Show replies
Show replies
Former Member
‎04-23-2015 3:16 PM
0 Kudos

Hi Lucas,

         I have been testing this and think I've found a way.

  1. We created a custom request type just for the HR Trigger New Hire. To this, we maintained "Assign Object", "User Defaults", and "Change & Unlock User" actions (we used "change" incase we have rehires that were locked by our terms process).
  2. We configured our Path for the HR Trigger New Hire request type to not have any approval stages, so the request would be auto-approved.
  3. To this custom request type, we maintained Default roles at the Request Level, based on values in the "Location" field on the access request form (we used "Location" as it was one of the few/only free-text fields that Default Roles will leverage out of the box; we also weren't using it for anything else)
  4. We created the HR Trigger to fire the HR Trigger New Hire request type. We configured the trigger to add the System to the request. With the default roles, once the system is added to the request, and the Location field is populated with a matching value, the request is also populated with the default roles.

With these steps above, I am able to have the HR trigger add default roles to the request automatically without any approval.

The only challenge I am having is populating the "Location" field on the request form with fields from HR. I want to bring over Personnel Subarea to map to the Location field, but am having issues with standard config--may require some custom development for that.

Thanks

Former Member
‎05-19-2015 4:49 PM
0 Kudos

Hi Brett,

I am trying to set up defualt roles for HR triggers and was wondering how you were able to achieve the third step:


"3. To this custom request type, we maintained Default roles at the Request Level, based on values in the "Location" field on the access request form (we used "Location" as it was one of the few/only free-text fields that Default Roles will leverage out of the box; we also weren't using it for anything else)"


I would appreciate if you could provide some details on how you were able to set up Default roles at request level.


Thanks,

Pawan

Former Member
‎05-26-2015 3:05 PM
0 Kudos

Hi Pawan,

  1. We maintained the following config in SPRO. Note the Request Type is the one we utilize for our HR Trigger New Hire Creation
  2. We utilize the "Location" field on the request as a field that maps to our Default Roles table:
  3. When our HR Trigger creates the access request at the "System" level, as long as the Location field on the request is populated with a matching value in the Default Roles table, our roles are automatically added to the request.
  4. We maintained no approval stage for our HR Trigger New Hire request type, so the roles are auto-provisioned.

Thanks

Former Member
‎05-27-2015 3:50 AM
0 Kudos

Hi Brett,

Thank you very much for your response. This is very helpful.

I just wanted to know how you were able to populate Location field from HR master data. I tried mapping Location Field as below but could not get the required data populated in Maintain Mapping for Actions and Connector Groups:

Access Request Field - LOCATION

Field Name - PERSG

Table Name - PA0001

Subtype -

Thank you,

Pawan

Former Member
‎05-27-2015 6:17 PM
0 Kudos

Hi Pawan,

     I haven't been able to figure out how to populate that field with standard config, per my original post. Hoping someone from the community can help. I would like to populate that field with Personnel Subarea from P0001, but I do not have Personnel Subarea available to me to select as a mapping when I try to do so.

Thanks

Former Member
‎05-27-2015 7:10 PM
0 Kudos

Hello Pawan,

You can map following values in HR trigger field mapping under configuration "Maintain Mapping for Actions and Connector Groups"

In case you need Personnel Area
AC Field nameLOCATION
System field nameWERKS
Table name0001
Sub typeBlank
In case you need Company code to map
AC Field nameLOCATION
System field nameBUKRS
Table name0001
Sub typeBlank
Former Member
‎05-27-2015 8:35 PM
0 Kudos

Hello Dilip,

Thank you for your response.

Our timesheet roles are based on Employee Type (PERSG) and I have already tried the below mapping but for some reason it is still not populating Location field in Access Request. I have set this for all connectors groups.

Please suggest.

Thanks,

Pawan

Former Member
‎03-22-2013 2:15 AM
0 Kudos

Hi Simon,

Were you able to achieve the functionality using the BRF+ Rules?

We have exactly the same requirement and need to assign some non HR roles to users in non HR systems based on HR Trigger Actions.

These roles do not need to undergo any apporval cycle and should just be assigned based on their grades in business.However as written by you default roles too cannot be used sicne they get allocated to all users in a specific system.

Regards,

Furqan

Show replies
Show replies
Former Member
‎12-05-2012 5:03 AM
0 Kudos

We have resolved the issue assigning ESS and MSS role by  custom dynamic program and role mapping. Plesae contact me via email for more information.

Dilip

Show replies
Show replies
Former Member
‎11-13-2013 11:00 AM
0 Kudos

Dear Dilip,

I have seen your answer in the following scn post:

GRC10 HR Triggers - Role assignment

We want to use GRC to assing Organizational and function roles using and HR system with the HR triggers.

At the moment the BRF+ that we have created only brings position roles and we couldn't find a way to assignt functional/bussiness roles when the position is changed.

In the post you say that solved the problem of assigning roles by a dynamic program and role mapping. Could you give some details?

Dou you know if its possible to use HR triggers for our purpose?

I could find your email for direct writting.

Thanks in advanced

Former Member
‎11-19-2013 10:01 AM
0 Kudos

Hi Ovidio,

We have the same issue. Did you find any solution to this?

Thanks in advanced

Former Member
‎11-19-2013 1:21 PM
0 Kudos

Roger,

the class that uses HR Trigger is CL_GRAC_HR_TRIGGER. Maybe someone in the SAp community can help us.

Thanks

Former Member
‎11-19-2013 7:51 PM
0 Kudos

Please provide your requirement in details so I can provide some idea on this.

Thank you,

Dilip

Former Member
‎11-20-2013 8:21 AM
0 Kudos

Hi Dilip,

In class CL_GRAC_HR_TRIGGER there is a method called FILL_SYSTEM_REQUEST_LINEITEM. In this method the HR System is asked for its position roles (type S) and we want to add code to include job and organizational roles.

Thanks

Ask a Question