on 05-22-2014 2:42 PM
Hello, masters and GURUs.
I have recently deployed HR trigger in our system, and it works fine - creating requests for lock or unlock users.
But i am wondering if it is possible to create access request not only for the systems, but also for business roles using standard functionality.
For example:
We'v department where people must have the same authorization to do their job.
When they hire a new employee, HR triggers this event(only for this department) and creates access request with pre-defined business roles.
I hope, i explained good enough my idea.
I will be very thankful for any thoughts or ideas.
With best regards, Ivan.
Hi Ivan,
There is a functionality of default roles, that you could use to add roles to your request by implementing this logic in your BRF rule for HR triggers.
The bad news is that assignment for the default roles based upon Department is not supported.
There are only a certain fields which are supported for the Default Roles assignment, below:
Business Process, Business Subprocess, Company, Role Critical Level, Functional Area, Landscape, Location, Project Release, Role sensitivity, and System.
Lets suppose you can use Functional Area instead of Department. You will need to maintain Default Roles settings in SPRO, at REQUEST level, (parameters 1302, 2009, 2010, 2011, 2012, 2013).
In NWBC>Access Management>..>Default Roles, make sure that the entry maintained there (for attribute Functional Area) has SYSTEM set to "All Systems" or "All system in the role Landscape".
This should work.
Note 1964884 has a correction for this functionality, so if you go for it, make sure to have this Note applied.
Now, if any of the fields available for Default Roles will be good for your scenario, then it will not be possible to use Role Defaults, thus I am not aware of any customization on this area.
Hope this helps!
Luciana.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Ivan,
In your HR trigger BRFplus rule, you need to make sure that the attribute used to map default roles is populated, so that when the request is created, the attribute has the value that satisfies the condition to add the default roles.
Example: the functional area of the user coming from HR must be mapped to AC field, so that when the new request is created, this information comes along from HR into the request, and into the field which is the attribute checked for default roles.
I have not tested this scenario with Default roles and HR trigger, but I know this is something possible.
Hope it helps!
Luciana.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.