Workday Security
Overview
May 2011
Workday Security Overview
 What data will the user be able to see?
• Functional data areas
• Special considerations
 What can the user do within the data?
 “View” – access to look at data (reports)
 “Do” – transactions (business processes)
 How is this access bestowed?
 Roles assigned to positions
What data will the user be able to see?
HR
Functional Area Group
Special Consideration
Worker
Leave
Compensation Personal
Org
Position
Safety
Directory
Talent
Accruals
Ethnicities/gender/age
Emergency Contacts
SSN / confidential
Payroll
Benefits
Garnishment
Medical LV
Principle
 Appropriately provide broad access based upon standard data
groupings applied consistently across the university
What can the user do within the data?
 Workday organizes all functionality into “reports” and “tasks”
Note: All lookup data displays are considered “reports”
 Define what the user can “view” and/or “do”
 “View” access to a specified grouping of data (list of “reports”)
 “Do” access to a specified set of transactions (business processes)
• e.g. business process steps – initiate, approve
Note: “Update” access does not exist in Workday
 For a specified supervisory organization hierarchy
 Specialized functions: RESCIND, CANCEL, CORRECT
How is this access bestowed?
 Organizational roles are assigned within the supervisory
organization structure – by position
• Examples: manager, management partner, hr partner, payroll partner,
benefit partner, finance partner
Note: access remains with the position regardless of incumbent’s status
 User based roles are assigned to persons and typically bestow
some kind of system wide access
 System administrator tasks
 Report writer
Note: access remains with the person until removed
Manager/Management Partner Data Access
HR
Worker
Leave
Compensation Personal
Org
Position
Safety
Directory
Talent
Accruals
Ethnicities/gender/age
Emergency Contacts
Payroll
Benefits
Some payroll
data
SSN / confidential
Garnishment
 Access to core HR and some payroll info
 “View” all, “Do” as specified
Medical LV
HR Partner Data Access
HR
Worker
Leave
Compensation Personal
Org
Position
Safety
Directory
Talent
Accruals
Ethnicities/gender/age
Emergency Contacts
Payroll
Benefits
Some payroll
data
SSN / confidential
Garnishment
Medical LV
 Access to core HR and some payroll info
 “View” all, “Do” as specified
 Confidential and/or sensitive data questions
Payoll Partner Data Access
HR
Worker
Leave
Compensation Personal
Org
Position
Safety
Directory
Talent
Accruals
Ethnicities/gender/age
Emergency Contacts
Payroll
Payroll access to subset of HR
data
SSN / confidential
Some benefit
data
Garnishment
 All primary payroll, some HR, some benefits
 “View” all, “Do” as specified
 garnishment data as needed
Benefits
Medical LV
Benefits Partner Data Access
HR
Worker
Leave
Compensation Personal
Org
Position
Safety
Directory
Talent
Accruals
Ethnicities/gender/age
Emergency Contacts
Payroll
Benefits
Benefits access to subset of HR data
Some payroll
data
SSN / confidential
Garnishment
Medical LV
 Access to benefits data, some HR and some payroll info
 “View” all, “Do” as specified
 Confidential and/or sensitive data questions
Conclusion
