HRDOC User Maintenance
The HRDOC transaction can be used to manually or automatically establish new users or update existing users in the Advantage system. In addition to providing administrators the ability to manage user information, it also provides the ability to grant and to remove security, workflow roles, and business roles as well as user workgroups for the different advantage applications. The HRDOC also specifies the Security Role IDs for the User Type fields. These fields provide10 different values (User 1 through User 10) that can be utilized to define the level of security access that a user should have. Since HRDOC is a transaction, this method of user setup and maintenance provides the ability to require approvals during the user establishment and administration process. The HRDOC links the User ID to an employee in the system.
A site can choose to have the HRDOC auto generated. When the Personnel Action has the User Access Option set to User Default Access, and an Employee Status Maintenance (ESMT) or New Employee (NEMP) is submitted for the employee using that PACT, an HRDOC is auto generated with the employee’s information and their access established.
For employee transfers, an HR Administrator can establish a PACT where the User Access Option value is set to Org Update. The new Home Department and Home Unit information for the employee will be updated on the HRM and Administration tables.
When an employee is suspended, the HRM Administrator can establish a PACT with the User Access Option field set to Suspend. When the PACT code is used on an ESMT, the auto generated HRDOC sets the Locked Out field on the HRDOC to true, the employee’s access to all Advantage application(s) is then locked. When the employee logs out of all of their current sessions and logs back in they will receive the following error message: Your User ID is locked. Please contact your security administrator.
The HRM Administrator then has the ability to establish a PACT where the User Access Option field is set to Restore Suspended. When the PACT code is used on an ESMT, the auto generated HRDOC clears the Locked Out field on the HRDOC. The employee sees that their access has been restored when they log back into their assigned Advantage application(s).
If the HRM Administrator is establishing a PACT with the User Access Option value set to Revoke, the employee is no longer able to access any Advantage application(s).
The HR Administrator can also select to not have an HRDOC auto generated by selecting the Not Applicable value from the drop-down list. There is no change to the employee’s security setting.
The HRM Administrator has the ability to establish a PACT with the User Access Option value set to Revoke and Lock Out. When the PACT code is used on an ESMT, the auto generated HRDOC sets the Locked Out field on the HRDOC to true; the employee’s access to all Advantage application(s) is then locked. When the employee logs out of all of their current sessions and logs back in they will receive the following error message: Your User ID is locked. Please contact your security administrator. The HRDOC also revokes any Advantage application(s) set for the employee. If workflow rules have been set for Revoke and Lock Out, the HRDOC revokes the employee’s access upon successful submission of the ESMT and the HRDOC in the Pending phase. Once the HRDOC has been approved, the check boxes in the Applications section are set to unchecked (false), and the action to delete any workgroups, workflow roles, security roles, and business roles associated to the employee is set and the transaction is submitted to the Final phase.
Note: If a change is being made to an existing record, then upon creation of the HRDOC, the user should add the User ID of the employee being updated and click the row-level menu within the header section for related actions and select Populate From Existing User. This will populate the HRDOC with the employees’ current Security, Workflow, and Business rules. If a specific role needs to be removed for the employee, the user can click on the row-level menu at the line level and select Remove from the row-level menu. The specific line will then be marked as removed and upon submit will revoke the users access to that specific role. The Security Roles, Business Roles, and Workflow Roles sections on HRDOC also allows users to change the action for removing multiple lines without navigating to each and every line on the section. Select the check box next to each individual line that needs updated. After you have selected the lines in the grid that you want to remove, select Remove Selected Roles from the related actions row-level menu. All selected lines will then be marked as removed and upon submit, will revoke the user’s access to those roles.
If the HRDOC is for a future date, the user is presented with an error message that allows them to either change the Trigger Date to a current date, or the HRDOC is placed in the Rejected status/Draft phase. When the trigger date has been reached, a SMU (Sys Man Utility) job can be kicked off; (for example, nightly or some other user defined time) and the HRDOC transaction is submitted to the Final phase, since the date constraint would no longer prevent the submission.
Use this tab to enter/view User ID and Header information.
You can enter the number of bad logins since the user's last successful Login in Bad Logins Count.
You can check the Reset Password field to specify that the password should be reset, check Generate New Password if new a new password should be generated.
This tab allows you to enter the information regarding the applications and external directory ID to which the user would need access to.
Infer Home Department and Unit
In the event that a user has access to only a single Department or Department/Unit so that the creation of transactions should always default the Home Department and any Home Unit, this indication is the first configuration point to make that happen. The second location is Transaction Control (DCTRL). Users that access multiple Departments or multiple Units within a Department can use this feature to default a value or values, however, they will have to remember to override before or after defaulting for cases with the ‘home’ values are not desired.
When true, the system will infer a user's Home Department and any Home Unit defined while creating a transaction using a Transaction Catalog. Locations creating transactions that already have logic to determine the Department and Unit (for example, Matching Status) do not use this feature. If user creates a transaction through batch processing or spreadsheet upload, then the inference will not happen even if the indication is true.
Use this tab to enter/view Security Roles information.
Use this tab to enter/view workflow roles and role identification code in Role ID.
Use this tab to enter/view Business Role information.
Employee InformationEmployee Information
Use this tab to enter/view employee information. Enter the Action, Employee ID and date the HRDOC should become active in Triggering Date. You can also enter the other fields.
Application Business RoleApplication Business Role
Note: This tab will be displayed when the ENABLE_APP_SPECIFIC_BUS_ROLE flag is enabled on the ERPCTRL page. This feature provides the ability to configure a primary (default) Business Role for each Advantage application. For example, an HRM Business Role can be the primary when navigating to Advantage from an HRM transaction workflow approval email or other hyperlinks.
TasksTasks
Refer to the following topics to perform the HRDOC transaction related tasks:
-
To use an HRDOC to suspend an employee, refer to the Suspending an Employee's Access topic.
-
To use an HRDOC to restore an employee that was previously suspended, refer to the Restoring a Suspended Employee topic.
-
To use an HRDOC to revoke an employee's access to an application, refer to the Revoking Employee Access topic.
-
To use an HRDOC to lock out an employee and revoke employee access to an application, refer to the Revoking and Locking Out an Employee topic.
