cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

HR Trigger BRF+ modification of Decision table adding new data element

Go to solution
Former Member

on ‎06-01-2014 9:27 AM

0 Kudos

Dear Experts,

I have Prototyped in our organization the functionality of HR integration
with GRC Access control during hiring and firing process.

The process working absolutely fine but there is a small change in business requirements,
the business requesting to have only staff employees to be created through GRC
workflow in backend systems but all NON-staff not to be created.

To achieve this I need to modify the BRF+ HR trigger Application I have
element data object with DDIC element name PERSG and activated.

When I try to insert column in decision table with above data object element
unable to add it as the above data element not sown, I also try to modify the structure table but unable to modify as it’s under
binding condition binding table name is GRAC_S_HR_TRIGGER_BRFP where when I
checked in the backend through SE11 the data type doesn’t contain data element PERSG?

Thanks and Regards

mujtaba Siddiqui

Thread edited by moderator at author's request.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎06-16-2014 4:54 PM
0 Kudos

Dear Mutjaba.

I have same scenario but with some different business requirements.

Let me explain you that part of the HR positions has roles mapped and other part does not have roles mapped. So, i am facing that some employees are being created into my ECC system without roles (only the user).

I have to restrict the hiring process to only these position that has roles mapped. So the first rule implemented, with the infotype 0105 and subtype 0001, must also check this prior condition.

Please mind i don't have developer knowledge so the sentence mentioned by Christian is not pretty clear for me:

"So if you want to add a new field to this table you first have to do this in the backend be enhancing the DDIC structure. Then you have to refresh the DDIC binding of the table in the BRF+ application. This refresh will then add the field to your table and create a new data object for the added component of the table. Be aware that the refresh of the DDIC binding will only add new components. Changed existing components will not be updated."

Regards and thank you.

Show replies
Show replies
Former Member
‎06-16-2014 5:22 PM
0 Kudos

Hi Sara,

if I understand your question correctly you need to filter positions not mapped with roles from HR triggering ?!

I don't know how are you achieving this is it with info  type 0001 (organization assignment) or you want to add new Field in the structure of HR Trigger

for adding new Field  I am working with SAP I don't have full workable solution once its resolved I  will post here the solution

meanwhile you can check the Link for custom Fields in GRC its help full, good steps to create custom filed

http://scn.sap.com/docs/DOC-1567

adding a custom Field to BRF+ structure its purely development work you need to have support of developer 

Thanks and Regards

Mujtaba Siddiqui

Former Member
‎06-16-2014 5:41 PM
0 Kudos

Hi Mutjaba.

Yes, let me detail you. Structure P1001 contains the role mapped with the position. More in detail the following fields:

  • P1001 - RSIGN = B
  • P1001 - RELAT = 007
  • P1001 - SCLAS = Role

And this field contains the name of the role to mapp to the position:

  • P1001 - SCLAS = Name of the role.

So my idea is to check this structure once i have fetched the data of the position of the employee. That is to say:

If (P1001 - SCLAS = empty)

then DO NOT create the request for the user.

This part of the code will be at the Decision table.

So my question is how could i retrieve this information to the Decision table?

Regards.

Former Member
‎06-18-2014 4:50 PM
0 Kudos

Hi Sara,

My issue is resolved you have similar scenario  as I have you want to filter requests for positions having role and positions not assigned to roles to not generate access request

and in my case i want to filter request for only certain employee groups other groups GRC should not generate request for them ... we have same case with different infotypes and Field names

Solution:-  unfortunately there is no solution without development SAP replied to my ticket  with attached Badi for HR trigger  you need to take your developer support to implement the same for your scenario and I hope it should work fine with you as well

the idea behind this badi is it will validate in the backbend (SAP ECC HR system) with mentioned logic and send data to GRC for only required request

Means it will filter all positions which have empty value in the filed SCLAS


Thanks and Regards

Mujtaba Siddiqui

PS: send me on my mail ID as i am unable to attach the document here mujtabaasiddiqui@gmail.com

SAP Solution:- If you want to send OR avoid sending the data for specific info-types to GRC, you need to enhance the implementation of the BADI “/GRCPI/GRIA_HRINFADD_NEW” in the GRC HR Plugin system. Further you need to amend the method highlighted below to customize the code suiting to your requirement for HR action. NOTE: BADI “/GRCPI/GRIA_HRINFADD_NEW” is available in the HR system where GRC Plugin GRCPIERP is installed. Within the following method, you need to define your logic to DELETE or POPULATE the highlighted table. For example use case: You want the GRC request to be created only if employee type is “PERMANENT” employee. If the employee is a “CONTRACT” employee, NO REQUEST SHOULD BE CREATED. SOLUTION: You need to write the logic with “IF” condition based on employee data, if employee type is “Permanent”, send an empty “ET_TRIG_DATA1” table. IF THIS DATA IS SENT BLANK, no data will be sent to GRC and hence no request will be created. But, if the data is passed by this table, GRC receives the data from this table in this BADI, and hence the request will be created in GRC.

Answers (1)

Answers (1)

christianlechne
Active Contributor
‎06-02-2014 8:50 AM
0 Kudos

Hi Mujtaba,

I am not an expert in the GRC domain, so I cannot judge if this is the optimal solution from that point of view.

Nevertheless if you want to a new field to the context of the BRF+ application it is not sufficient to add just the data element. If I understand you correctly the relevant table is GRAC_S_HR_TRIGGER_BRFP which is available in the BRF+ context and has a DDIC binding.

So if you want to add a new field to this table you first have to do this in the backend be enhancing the DDIC structure. Then you have to refresh the DDIC binding of the table in the BRF+ application. This refresh will then add the field to your table and create a new data object for the added component of the table. Be aware that the refresh of the DDIC binding will only add new components. Changed existing components will not be updated.

The other way round (enhancing the table in BRF+ -> derive changes to backend) does not work

Hope that helps

BR

Christian

Show replies
Show replies
Former Member
‎06-02-2014 9:00 AM
0 Kudos

wowow Chris,

thanks a lot Just now i finish the development with our developer and exactly the same we have done what you said above

and Yes the result is same we have enhance the object through SE11 and went to BRF+ refresh the structure binding is now showing the added field just need to test the overall logic with HR integration

Thanks again for your reply   

Thanks and Regards

mujtaba Siddiqui

Former Member
‎06-05-2014 10:22 AM
0 Kudos

Hi Christian Lechner,

i have another issue after modification becouse the system is integrated scenario here is my explanation about  it

 

Background: For integration of GRC with HR the
standard logic was working fine without any issue the workflows triggered
during Hiring and Termination

But there is a requirement from business to have workflows
only for staff employees and non-staff the workflow shouldn’t be triggered 

For this requirements I was looking for BRF+ Structure and
the standard Fields Defined are Connector, Tab.name (info type), Sub type,
Field Name, New Field Val, Old Field Val, to satisfy the requirement I need to
add PERSG (Employee group) in the structure and as you know structure is binded
with DDIC element to achieve so I have performed the following

Under the functional Module GRAC_HR_TRIGGER_EVENT_RECIEVER
following structures appended with PERSG (Employee group)  

  1. GRAC_S_HR_TRIGGER_USER_DATA
  2. GRAC_S_HR_TRIGGER_BRFP   

Then after structure appending we refresh the binding in
BRF+ and values, we modified structure and table type then decision table
everything simulated (functions, decision table...) and working perfectly with
BRF+

We also tested manually (debugging) as per the instruction
from Wiki for “Debugging
HR Trigger - GRAC_HR_TRIGGER_EVENT_RECIEVER”  and its working absolute correct with request
generation (as per the instruction from SE37 with functional Module GRAC_HR_TRIGGER_EVENT_RECIEVER) also SLG1 log showing
complete steps and successful generation of data

When we try to test from PA40 the requests are not
generating and SQM1 log is empty as well no log in SLG1

We understand that the GRC side every part working perfectly
after structure appending but still data not passed to GRC

We check the same @ Back end side (HR ECC system with Plugin
GRCPIERP) we follow the steps from Wiki
to debug HR PA40 Log “Debugging
HR Trigger - PA40 and infotypes logged” in class  /GRCPI/CL_IM_GRIA_HRINFADD  and method IN_UPDATE we found the employee
group field is not in the following standard structure /GRCPI/GRIA_S_HR_USER_DATA
we appended the structure to make it compatible with GRC Appended structure as
described above and put necessary breakpoints with developer and analyze the
steps but still data not populated in appended field mentioned structure

Issue:  data is not being populated in the new appended
field to the structure /GRCPI/GRIA_S_HR_USER_DATA complete data is populating
except new Field appended to the structure PERSG (Employee group) also there is
no log for the request generation after hiring process from PA40 

Kindly I need your support to help with the name of BADI or
enhancement-point to achieve business requirements

Thanks and Regards

mujtaba Siddiqui

christianlechne
Active Contributor
‎06-05-2014 11:47 AM
0 Kudos

Hi Mujtaba,

as already mentioned I am definitly no expert in the GRC domain, so as far as I understood you enhanced all necessary structures in the backend system an refreshed teh DDIC binding in BRF+ so the field itself is available. The issue is that the field does not get filled.

I would propose to debug the process in the backend in order to check if there is a BAdI where you can fill the appended field.

Second option: Is the BRF+ function called within a BAdI? if yes then you could propably add the data for the additional field there.

If none of the two options help you, perhaps you post this question in the GRC space Governance, Risk and Compliance (SAP GRC) as this seems to be more suitable for this kind of problem

BR

Christian

Ask a Question