Workday Security Overview May 2011 Workday Security Overview What data will the user be able to see? • Functional data areas • Special considerations What can the user do within the data? “View” – access to look at data (reports) “Do” – transactions (business processes) How is this access bestowed? Roles assigned to positions What data will the user be able to see? HR Functional Area Group Special Consideration Worker Leave Compensation Personal Org Position Safety Directory Talent Accruals Ethnicities/gender/age Emergency Contacts SSN / confidential Payroll Benefits Garnishment Medical LV Principle Appropriately provide broad access based upon standard data groupings applied consistently across the university What can the user do within the data? Workday organizes all functionality into “reports” and “tasks” Note: All lookup data displays are considered “reports” Define what the user can “view” and/or “do” “View” access to a specified grouping of data (list of “reports”) “Do” access to a specified set of transactions (business processes) • e.g. business process steps – initiate, approve Note: “Update” access does not exist in Workday For a specified supervisory organization hierarchy Specialized functions: RESCIND, CANCEL, CORRECT How is this access bestowed? Organizational roles are assigned within the supervisory organization structure – by position • Examples: manager, management partner, hr partner, payroll partner, benefit partner, finance partner Note: access remains with the position regardless of incumbent’s status User based roles are assigned to persons and typically bestow some kind of system wide access System administrator tasks Report writer Note: access remains with the person until removed Manager/Management Partner Data Access HR Worker Leave Compensation Personal Org Position Safety Directory Talent Accruals Ethnicities/gender/age Emergency Contacts Payroll Benefits Some payroll data SSN / confidential Garnishment Access to core HR and some payroll info “View” all, “Do” as specified Medical LV HR Partner Data Access HR Worker Leave Compensation Personal Org Position Safety Directory Talent Accruals Ethnicities/gender/age Emergency Contacts Payroll Benefits Some payroll data SSN / confidential Garnishment Medical LV Access to core HR and some payroll info “View” all, “Do” as specified Confidential and/or sensitive data questions Payoll Partner Data Access HR Worker Leave Compensation Personal Org Position Safety Directory Talent Accruals Ethnicities/gender/age Emergency Contacts Payroll Payroll access to subset of HR data SSN / confidential Some benefit data Garnishment All primary payroll, some HR, some benefits “View” all, “Do” as specified garnishment data as needed Benefits Medical LV Benefits Partner Data Access HR Worker Leave Compensation Personal Org Position Safety Directory Talent Accruals Ethnicities/gender/age Emergency Contacts Payroll Benefits Benefits access to subset of HR data Some payroll data SSN / confidential Garnishment Medical LV Access to benefits data, some HR and some payroll info “View” all, “Do” as specified Confidential and/or sensitive data questions Conclusion