Hi All,
I have an interesting scenario which I could do with some help to solve.
My client has a scenario where users require a different set of default roles in 2 systems depending on their grade in the business (ESS v MSS access mainly). These roles are conflict free and should be assigned without the need for approval based upon the HR employee records.
I have configured HR triggers to auomatically trigger a request and create the user in both systems with the generic access without approval (as requested) but I have only been able to do this through the assignment of default roles per system which means every request gets the same roles.
How can I get the HR triggers functionality to look at the employee record and derive the correct roles to assign rather than just a global one?
I cannot use Indirect role provisioning as this requires roles to be assigned wider than just the HR system itself and also would be a massive data maintenance headache.
I was considering using default roles based upon Functional Area but the functional area is a single entry and therefore cannot be triggered effectively from an HR trigger where there could be multiple values.
I basically want to get a BRF+ rule for assigning roles to requests as well as triggering action IDs! Is there a way of doing that?
Simon