cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

HR Trigger Termination - Requests getting stalled

ManjunathaUmesha
Explorer

on ‎2019 Dec 05 10:45 AM

0 Kudos
1,360

In GRC 10.1 Access control, we have HR Triggers configured for user termination in the SAP HR system, requests are getting created, but only a few of the requests are getting processed. Thousands of requests are getting stalled, without any error message logs and not even moving to escape path.

GRC request user details sources are configured with LDAP as first and SAP HR as second sequence.

On termination of user, the user's manager should receive notification.

Requests are getting created without manager details and no error message found in Audit log.

In SLG1, we can see below error message. slg1.png

Kindly assist to update the manager details in the request.

Also, any HR Trigger request debugging or troubleshooting is highly appreciated.

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (0)

Answers (5)

Answers (5)

RameshVithanala
Active Participant
‎2019 Dec 19 8:22 PM
0 Kudos

Hi Manju,

Check the following SAP Note

1799311 - Manager Information is not filled in Access Request if it exists in Different Org Unit on LDAP Server in GRC AC 10

Thanks

Ramesh

Show replies
Show replies
RameshVithanala
Active Participant
‎2019 Dec 12 2:10 PM
0 Kudos

Hi Manju,

I see the manager is getting populated and also position as 9999999 which is default position from HR..From where you are reading the manager from HR or LDAP(Datasource).I agree you might have both datasources to get the missing information...But I am curious about Manager?

Thanks

Ramesh

Show replies
Show replies
ManjunathaUmesha
Explorer
‎2019 Dec 13 8:03 AM
0 Kudos

Hi Ramesh,

Here is the user detail data source configured in the system.

Generally, our request has LDAP has a primary data source.

Though manager data is available, not sure why HR Trigger requests are not getting updated with manager details.

Thanks,

Manju

RameshVithanala
Active Participant
‎2019 Dec 12 1:34 PM
0 Kudos

Hi Manju,

Just curious. How its behaving when you try to replicate directly from NWBC using terminate request(Select Request type : Termination and Select the same user that's in question and hit enter),let me know what's showing in the User Details/Manager field...Manager Populating or Just Blank, if you have the screenshot that would help....

Thanks

Ramesh

Show replies
Show replies
ManjunathaUmesha
Explorer
‎2019 Dec 12 2:05 PM
0 Kudos

Hi Ramesh,

Manual creation of HR trigger requests is not allowed through NWBC.

However, we tried with other access request and could see the user details getting populated as expected.

Thanks,

Manju

RameshVithanala
Active Participant
‎2019 Dec 10 3:43 PM
0 Kudos

Hi Manu,

I have a question here..Upon Termination the users Manager should approve the GRC request or only email notification to the manager..In theory the termination request should flow through as its already approved by HR and Manager..

Like Vijay mentioned the users manager should exist in DATASOURCE,if not you have update the EUP to remove the mandatory check on manager and add the EUP to the path for the termination.

Thanks

Ramesh

Show replies
Show replies
ManjunathaUmesha
Explorer
‎2019 Dec 12 10:27 AM
0 Kudos

Hi Ramesh,

There is no approval configured, only email notification will be sent to the user's manager.

User's manager details exist in Datasource - LDAP (Sequence 1), but still manager details are not reflecting in request.

Since client requirement is to send a notification to the manager, we don't have the option to skip this field.

Any other alternate approach is highly appreciated.

vijayakumarsuth
Product and Topic Expert
Product and Topic Expert
‎2019 Dec 06 9:25 PM
0 Kudos

Hi Manju,

I would first check for which employee-id the manager not found then, i will check in LDAP system if LDAP can find the manager for same id (through tcode LDAP and execute search) and then check in your HR system as well using PA30 tcode to find the manager for given employee-id.

The expectation, atleaset one of your detailed datasrouces (LDAP or HR) should have manager for given employee-id .

Also, it is good suggestion to have parameter 5021 and 5023 configured based on your requirements

Show replies
Show replies
ManjunathaUmesha
Explorer
‎2019 Dec 12 10:12 AM
0 Kudos

Thank you Vijay,

I can see the manager details in LDAP.

Here, is the 5021, 5023 parameters maintained in GRC system.

Can you please help me with more details about 5021 and also please let me know current system referred here (Datasource or GRC).

As we could not find any error details in Audit log or SLG1, is there a way to troubleshoot / debug the complete workflow.

Regards,

Manju

Ask a Question