Revoking and Locking Out an Employee

The HRM application allows the ability to automatically revoke and lock out an employee's access to all Advantage applications based on the Personnel Action used on an Employee Status Maintenance (ESMT) transaction. To do this, you can establish a Personnel Action with the User Access Option value set to Revoke and Lock Out. When this Personnel Action Code is used on an Employee Status Maintenance (ESMT), two HRDOC transactions are automatically generated and submitted. One HRDOC is generated with the Locked Out field checked.  The employee’s access to all Advantage application(s) is then locked. When the employee logs out of all of their current sessions and logs back in they receive the following error message: Your User ID is locked. Please contact your security administrator. A second HRDOC is also automatically generated to revoke any Advantage application(s) set for the employee. If workflow rules have been set for Revoke and Lock Out, this second HRDOC revokes the employee’s access upon successful submission of the ESMT and the HRDOC in the Pending Phase. Once the revoking HRDOC has been approved. The check boxes in the Applications section are set to unchecked (false), the action to delete any workgroups, workflow roles, and security roles associated to the employee is set, and the transaction submitted to the Final Phase.

Note: If the user’s access is changed, and the user is currently logged into an Advantage session, their access changes will not occur until the user has logged out of all Advantage application sessions, and logs back into the Advantage application(s).

Note: If the user’s access is revoked in error, the security administrator must manually reinstate the employee through the Advantage Administration application or the Department HRM administrator must manually reinstate the employee through the HRM application.

To lock out and revoke employee access, perform these steps:

  1. Create an Employee Status Maintenance (ESMT) transaction.

  2. Complete each of the required sections on the Employee Status Maintenance transaction.

  3. In the Personnel Action Code, enter a code from Personnel Action that has the User Access Option set to Revoke and Lock Out.

  4. Validate and Submit the Employee Status Maintenance transaction. The auto generate HRDOC process is invoked. An HRDOC is automatically generated with the check boxes in the Applications section unchecked (false), and the action to delete any workgroups, workflow roles, and security roles associated to the employee is set.  

  • If Workflow is implemented, the HRDOC is placed in the Submitted status/Pending phase until the transaction has been approved and submitted to the Final Phase/Submitted Status.

  • If the Employee Status Maintenance transaction is for a future date, the auto generated HRDOC is placed in the Rejected Status/Draft Phase until the Trigger Date has been reached. When the trigger date has been reached, a System Maintenance Utility (SMU) job is kicked off; (for example, nightly or some other user defined time) and the transaction is submitted in the Final Phase, when the date constraint would no longer prevent the submission.