cancel
Showing results for 
Search instead for 
Did you mean: 

GRC 10.1 Business role and HR Trigger

Former Member
0 Kudos

Hello, masters and GURUs.

I have recently deployed HR trigger in our system, and it works fine -  creating requests for lock or unlock users.

But i am wondering if it is possible to create access request not only for the systems, but also for business roles using standard functionality.

For example:

We'v department where people must have the same authorization to do their job.

When they hire a new employee, HR triggers this event(only for this department) and creates access request with pre-defined business roles.

I hope, i explained good enough my idea.

I will be very thankful for any thoughts or ideas.

With best regards, Ivan.

Accepted Solutions (1)

Accepted Solutions (1)

0 Kudos

Hi Ivan,

There is a functionality of default roles, that you could use to add roles to your request by implementing this logic in your BRF rule for HR triggers.

The bad news is that assignment for the default roles based upon Department is not supported.

There are only a certain fields which are supported for the Default Roles assignment, below:

Business Process, Business Subprocess, Company, Role Critical Level, Functional Area, Landscape, Location, Project Release, Role sensitivity, and System.

Lets suppose you can use Functional Area instead of Department. You will need to maintain Default Roles settings in SPRO, at REQUEST level, (parameters 1302, 2009, 2010, 2011, 2012, 2013).

In NWBC>Access Management>..>Default Roles, make sure that the entry maintained there (for attribute Functional Area) has SYSTEM set to "All Systems" or "All system in the role Landscape".

This should work.

Note 1964884 has a correction for this functionality, so if you go for it, make sure to have this Note applied.

Now, if any of the fields available for Default Roles will be good for your scenario, then it will not be possible to use Role Defaults, thus I am not aware of any customization on this area.

Hope this helps!

Luciana.

Former Member
0 Kudos

Thank you for your answer, you opened my eyes.

Really helpful.

One more question to clarify:

I have maintained all parameters. Set default roles in NWBC.

And i guess now i have to maintain/correct BRF+ to stick Defaults roles with action.

Can u please show an example?

Thanks beforehand, Luciana.

0 Kudos

Hi Ivan,

In your HR trigger BRFplus rule, you need to make sure that the attribute used to map default roles is populated, so that when the request is created, the attribute has the value that satisfies the condition to add the default roles.

Example: the functional area of the user coming from HR must be mapped to AC field, so that when the new request is created, this information comes along from HR into the request, and into the field which is the attribute checked for default roles.

I have not tested this scenario with Default roles and HR trigger, but I know this is something possible.

Hope it helps!

Luciana.

Answers (0)