on 05-12-2015 7:28 AM
Dear all.
I have implemented the HR trigger as per user guides given below:
Understanding HR Triggers in Access Control 10.0 - Governance, Risk and Compliance - SCN Wiki
http://wiki.scn.sap.com/wiki/display/GRC/Understanding+HR+Triggers+in+Access+Control+10.0
And per our business requirement for new hire is, every time when we fill the infotype 0105 and the subtype 0001 with a User ID which located in US and CANADA region (which the region is defined based on the company code maintained in the infotype 0001 in HR master data), the HR systems sends the data to GRC where it will indicated there is an new user and creates a new request with default roles assigned.
However this scenario not working as expected as all employees that are being filling with these fields in the HR are being created in the backend system without taking the "company code" field into consideration; in which those users who did not have US/CANADA company code assigned in the HR master data, the GRC system will still triggered the HR trigger new hire request to have these user created in the SAP backend system.
My question is how could i restrict that only new users who has US/CANADA company code assigned must be created? i wouldn't want to create the users without the defined company code assigned to the users.
Appreciate the help and advise here.
Regards and thank you.
Merdelyn
Dear Meredlyn,
you need to update your decision table in BRF+ so that only triggers with company code US/CANADA are processed. HR system will send all triggers whereas GRC then decides if they are processed or not.
Regards,
Alessandro
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Alessandro,
Yes, we have tried to add in additional attributes in our BRFplus to restrict the GRC request creation based on the rules defined. However, the HR trigger failed to generate with error " Rules are not satisfied for Employee ID XXX" in the SLG1 log
Below is the brfplus rules that we have defined where the "region" attributes is the one that we have added into our brfplus.
Appreciate your help.
Thanks ,
Merdelyn
Hi Alessandro,
From SLG1 log, seem like the region's value was not sent via the hr trigger and i suspected it's because the company code field is resided in infotype 0001 instead of 0105.
Is there a way for us to design the brfplus rules to pick up the value from 2 different infotype for the same action ID and how can we do that?
The SLG1 log:
Thanks
Merdelyn
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.