cancel
Showing results for 
Search instead for 
Did you mean: 

HR Trigger and user id

former_member182655
Contributor
0 Kudos

Hi everybody!

Please explain me how the process looks like when we use HR trigger. I found the phrase from HR trigger doc "change in the info type 0105 and Subtype 0001 (User ID)". As I have understood, the HR-employee set User ID in PA30. But I don't understand where she/he gets user ids... So, my question is how should HR-employee decide what login to set? Can it set any login? Can we assign any data source for type 0105 and subtype 0001?

Regards,

Artem

Accepted Solutions (1)

Accepted Solutions (1)

antoine_foucault
Active Contributor

Hi:

subtype 0001 is the SAP user; that is where you link a user to an employee ID so that the system can resolve an employee data for example for ESS functionalities where the user is logged with his/her credentials.

SAP user are usually created by the SAP admins, so that is where you should probably start.

As for HR trigger... I think it would help if you past the whole sentence/paragraph.... because 7 words is probably not enough for any to understand.

former_member182655
Contributor
0 Kudos

Hi Antoine,

Thank you for the reply!

Sorry for the short text, I've got it from this link

"As an example, change in the info type 0105 and Subtype 0001 (User ID) would indicate that a new user has been created and hence this row would return the Action ID as Create."

And my question is how HR employee should get this User ID.

If you say that SAP admins create User ID, then I don't understand what is the role of GRC... In my ideal world 🙂 HR-employee should select generated (basing on rules determined by customer) user id and set it into subtype 001.

It's pity that GRC doesn't provide functionality to automate functionality. HR-employee should get a user id created by admins, as a result at least two people will be enrolled into the process. More over, the process will be based on the 'emailing' and take some time:

HR: write a request to create user id for person

(time)

Admins: done

(time)

HR: set user id into infotype -> a request created in GRC.

Did I get the process correctly?

If yes, the only possible way to resolve the problem is to make an enhancements and/or user exits.

Regards,
Artem

antoine_foucault
Active Contributor
0 Kudos

Yes, in the world I know you got it right; I think you might be forgetting the authorization aspect for your user in your ideal world... Yes HR request admins for a new SAP user but they also need to specify the scope of action for this user... so it kind of make it hard to automate a process if your authorization landscape is very well detailed... not sure of the capacity of your GRC to complete this process though however according to your quotes it seems things get in motion after IT0105/0001 is recorded and that can only be done after the SAP user has been created.

former_member182655
Contributor
0 Kudos

Thank you once again!

Exactly in our case there wouldn't be any security issues, because the user might be created just in CUA central system, where our GRC system takes/synchronize user ids. However, in common, I also don't see any problems with security, even if GRC or ERP is used as a user data source. GRC might have created an empty user without any role, but seems that is the question for other area of SAP - Idea Place 🙂

Answers (0)