- SAP Community
- Products and Technology
- Additional Q&A
- SAP GRC - Automatization Request and HR Trigger
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
SAP GRC - Automatization Request and HR Trigger
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 09-16-2013 6:20 PM
Dear all.
We are considering to implement HR triggers and perform the automatization of the Request for user maintenance through the backends. So we would like to know which premises must we accomplish or consider in order to proceed implement the automatization. Premises, both in HR and GRC systems.
We have read all the possible related documentation SAP note:
- 1602301- Changes done in in HR trigger 10.0 from 5.3 version.
- 1591291GRC 10.0 - This note contains the detailed description on HR Trigger configuration
But we are still having doubts:
· 1. Is necessary to user the HR organization structural? the HR structural roles?
· Let's say for example that if user change their position then HR indicates to GRC to create a new request (based on the rules). But which information exactly is set at the infotype of position? is a number? is an ID?
· 2. Where is the mapping done between the position infotype and the backend roles?
· 3. How HR systems indicates to GRC which role must be deleted and added at the new request?
· 4. If a new employee access to the company, how HR creates the relationship between roles and position?
Many thanks in advanced.
Best regards.
Accepted Solutions (0)
Answers (2)
Answers (2)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Jebeni
Here the answers to your questions.
1. Is necessary to user the HR organization structural? the HR structural roles?
· Let's say for example that if user change their position then HR indicates to GRC to create a new request (based on the rules). But which information exactly is set at the infotype of position? is a number? is an ID?
No it's not necessary to use the HR structural roles, the HR Trigger works anyway.
If you use the structural roles in HR, you have to connect the role to the position, organizational unit or job.
· 2. Where is the mapping done between the position infotype and the backend roles?
In the organizational HR structure. Tcodes: P013, PPOME, PPOM etc.
3. How HR systems indicates to GRC which role must be deleted and added at the new request?
It depends, which process you use. If you use the HR structural roles, then the roles are connected already to the user, if it will be maintained in HR.
If you not use it, then you have to select the roles in GRC for the new roles. There you have to possibility to define defaut roles, which will be assigend automatically in the request. All other roles have to select by a user.
· 4. If a new employee access to the company, how HR creates the relationship between roles and position?
See answer to question 2. Generally if you implement such a process, you have to research the HR processes and to define further tasks for the HR employees. These are new tasks for them, mains you have to train them, what they have to do. For the relationsship, the HR consultants have to speak with the Access Manager (or somebody who is responsible for that).
I hope that's help.
Regards
Martin
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Dear Martin,
Thanks in advance for your response. Although we have some more doubts. First of all, we explain you the scenario we would like to implement and which requisites we need to perform this scenario.
User/Employee should have two types of roles:
- Composite Technical Role with functional tasks. It corresponds to position of employee into HR System.
- Organizational Composite Technical Role with organization values. It correspond to specific organization values.
Taking into account this requisites, please, could you recommend/advise us following doubts we have?
1. Composite Technical Role vs. position. You mentioned in your last message that user has to select Roles directly in GRC if we don't use HR structural roles. Is there any other option to make relationship position between Composite Technical Role in HR System or Backend System or GRC System like an internal table or Field or something like that?
3. How we can obtain organization of user? Does it possible to obtain from HR SAP field ORGEH (Organizational Unit) or BUKRS (Company Code) or which one?
4. Does it possible to get mapping of Organization and Organizational Composite Role? How we can obtain this relationship if we don't use HR structural roles?
5. Employees can be more than one organization. How does HR SAP mantain more than one organization by employee? Does it possible to make it technically? How we can get this information in SAP GRC?
5. All employees with User ID in infotype 0105 and subtype 0001 don't need to be created into backend System. Is there any possibility to know which user is necessary create or not into backend System through SAP GRC? Does it possible to create it depending of position (Roles) or another parameter?
6. Is there any option to know user which SAP Backend System has to be created? Could we know through position or another parameter?
We really appreciate if you can advise us. Thank you so much in advance.
Best Regards.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Dear all.
We have another question:
We are working with organizational roles as well. And in the infotypes there is a field called site indicating this. So how SAP HR indicates the organizational role? How is the mapping done?
Many thanks in advanced.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
jatin_grover
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hello Jatin.
I am facing same problem. So in SAP HR should be done first this mapping. If this is not done then the HR trigger is not supported?
On the other hand, how does the SAP HR know for who user id is the changing being done? I mean in SAP HR we only have employee ID, not SAP User ID. There is a mapping done as well between Employee ID and SAP User ID.
Thank you in advanced.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Sara
The HR trigger is going to send the data to the GRC system. The data include all new entries and changes in the infotypes.
To have a connection from the HR personell entry to the SAP User ID, you have to maintain the infotyp 0105 with the SAP User ID (is a separte field). This mapping is necessary. Then the GRC systems knows for which user the request will be generated.
I hope this helps.
Regards
Martin
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hello Jatin.
I have clear now that the relationship between role and the position is done through the PO13. However i only can see roles from the same HR system. I mean i would like to have the relationship between the position and roles from other SAP systems like a R/3, son on...Is that possible?
Thanks and best regards.
- Possible applications the RFWT0010 Program in SAP in Financial Management Blogs by SAP
- SAP Field Logistics: Centralized Supplier Item Repository for an Optimized Rental Process in Supply Chain Management Blogs by SAP
- Upload Excel using SAP RAP Only in Technology Blogs by Members
- Automatic Hire in Human Capital Management Blogs by SAP
- how to create destinations on mufti tenancy subscriber account with java cloud sdk in Technology Q&A
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.