on 06-12-2012 12:46 PM
Hello,
I have an issue here with HR Triggers.
We are using Position based security in our SAP HR Security where Roles are assigned to position (Relationship B007 created at Position through PO13).
We have configured HR Triggered for hiring action.
Requirement is: whenever a user is hired in SAP HR System against a position, an automatic CUP Request is created, with Roles assigned at User's position and based on the roles the CUP request goes to approver.
In our case the CUP Request is not getting created because roles are not getting read from user's position, hence the error says no approver found.
Please help!!!
Did you resolve this?
Seems that for new hires, roles are automatically added only if you use the pre-delivered request type NEW_HIRE. For us this works, however if we set up our own new hire request type with the same settings, roles are not coming.
For position change or terminations initiated through HR trigger, you can use your own request type, roles from position are magically attached.
Regards
Daniela
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Aditi,
Please check the following things:
1. Frontend HR Trigger jobs are successfully completed and not in busy status. HR Trigger Background jobs should be schedule in the order: HR Trigger Load data and then HR Trigger job
2. Connector type should be set to Type HR.
3. Check back-end tables for data (SE16):
/VIRSA/DATA – Check data within a trigger
/VIRSA/INT_TRIG – To check if the HR event is triggered, it will have trigger ID in column INTERFTRIGID
4. Please make sure that the frontend and backend data should be in sync.
Hope this helps!
Regards,
Shreya
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Shreya,
All the points listed by you are configured correctly.
The only issue is the CUP Request is not getting created because roles are not getting fetched from position.
If we do not assign roles at position but manually assign them in CUP Request created through HR Triggers, then everything works fine. But when we are assigning roles at positions they are not getting fetched through HR Triggers hence at role approver stage we are getting error: No Approver Found, because there are no roles attached to the request.
Hi Aditi,
At the moment, I don't believe that the HR Trigger can look through the HR records to find the roles to propose onto the access request. You can automatically assign default roles based upon the request header or system assignment but it will not be able to pick the appropriate roles based upon the position. You may have to rely on manually adding the roles through the "Existing Assignment" but that will rely on you having a stage prior to Role owner because there will not be any roles assigned.
Simon
I'm saying that I don't think that it will be able to read and propose the roles subject to approval.
If the roles are already assigned to the position and the user is also assigned to the position, then the user has the access anyway so why would you want an access request in the first place?
Hello Simon,
Actually our requirement is: whenever a user is hired in SAP HR System against a position (which already has roles assigned to it), an automatic CUP Request is created having the roles which are present at the user's position. Now based on the roles attached to CUP Request it goes to the approver, which does Risk Analysis and all and once the request is approved in CUP, the SU01 record of newly hired user is created in SAP with the same roles assigned to it that were present at the position.
Now the issue is when we are hiring user in SAP at a position with roles already assigned to it, CUP request is not getting created because NO Roles are selected for the request which means Roles from Position in SAP are not getting transffered to CUP Request in CUP.
Ok, so you do direct role assignment but have the roles already mapped to the position?
That seems quite complicated to me. If you've gone to the trouble of already mapping the roles into job positions, then your risk analysis and approval of access should be based upon the assignment of a user to that position. The very fact that you've hired the person into that position demonstrates that you think them capable of doing that job so I'm not sure what value the additional approval workflow actually has in the user management process.
The proper workflow approval should be focussed on changes of authorisations assigned to that position which would then use the indirect provisioning functionality but not HR Triggers.
I would be inclined to amend your controls to align with your authorisation management processes.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.