Issues with client role assignment rules?

Pete R1 · ‎06-11-2019

Does the client role assignment functionality work for you guys? It seems to be very inconsistent in both my company's instance and my dev instance. I have not made any modifications to the script includes or the scheduled job.

Example from my dev instance.

Condition for the employee role:

Employee Condition Criteria (Notice that 562 profiles match):

After running the "Assign HR Client Roles for Integration Users Sync" job:

Once in a while it will seem to work but I cannot figure out a pattern.

Justin Lucas · ‎06-14-2019

Hi Peter,

We ran into a similar issue in our instance where client roles were not being assigned appropriately. The issue was due to the user being referenced in the Run As field for the "Assign HR Client Roles for Integration Users Sync" scheduled job did not have the appropriate permissions to assign the roles (was set to System Admin OOTB when it needed to be HR Admin). After changing the user, the roles were being assigned consistently. You might also check the "Update Client Roles" scheduled job. I believe the former only applies when you're using an integration.

Note: you may need to add the Run As field to the Scheduled Job form view since it's not on the form by default.

Hope that helps!

Justin

View solution in original post

manasamaniac · ‎06-11-2019

Hi Peter,

Scenario 1:

Updating HR profile in dev instance will trigger Business rule "Assign HR Roles" which will check client role assignment rules and then accordingly assign roles.

Scenario 2:

Updating HR profile via integration will trigger Business rule "Assign HR Roles" which will check client role assignment rules and then accordingly assign roles.But the issue is Business rule will call script include and the matching.....() function wherein addUserRole function is not working .

Currently Raised a HI Ticket waiting for response.

Thanks

Manasa

Kiel Sanders · ‎06-11-2019

The roles should be getting assigned by the matchingPortalRoles() method within the hr_Utils script include. I'd first check that to make sure the script included hasn't been modified and that it is still activate. Also, confirm there is no caller access requirements and it's accessible from all application scopes within the script include.

If all of that checks out and the Business Rule that Manasa recommended (Assign HR Roles) is active, I agree that the next step would be to create a HI incident for Support to assist in troubleshooting.

Christian Prob2 · ‎04-10-2020

Hi @Kiel Sanders - "The roles should be getting assigned by the matchingPortalRoles() method within the hr_Utils script include." When should this happen? I just stood up a fresh PDI instance (Orlando) and just kicked of an "Request Onboarding" request as a user just with the *employee role and the new hire user did not get any role assigned. Is that intended behavior?

I manually triggered the two scheduled jobs ("Assign HR Client Roles for Integration Users Sync" and "Update Client Roles") and that (the later one) fixed it. I would expect that the new hire should have that role immediately as not every use case can wait for the overnight job to run. (Also I made first sure that both BR 'run as:HR admin').

...in our prod / non-prod New York instances this is also not working. Happy to log a HI ticket or submit an idea...

Thanks,

Christian

Justin Lucas · ‎06-14-2019

Hi Peter,

We ran into a similar issue in our instance where client roles were not being assigned appropriately. The issue was due to the user being referenced in the Run As field for the "Assign HR Client Roles for Integration Users Sync" scheduled job did not have the appropriate permissions to assign the roles (was set to System Admin OOTB when it needed to be HR Admin). After changing the user, the roles were being assigned consistently. You might also check the "Update Client Roles" scheduled job. I believe the former only applies when you're using an integration.

Note: you may need to add the Run As field to the Scheduled Job form view since it's not on the form by default.

Hope that helps!

Justin