Workday Security Overview

1. What is Workday?

Workday HCM is a cloud-based Human resource management software system that unifies a wide range of HR functionality into a single system.The software provides benefits, talent management, payroll, time tracking, compensation, workforce planning and recruiting.

2. Challenges before workday

  • Overlay Customized Legacy system.
  • Lack Of visibility into People and processes.
  • Reporting difficulties
  • Poor Employee Experience
  • Manual, Inefficient processes.

3. Overall Benefits of using Workday

  • Greater Transparency: Leads to better data Accuracy.
  • Mobile: Allowed associates and managers access to mobile versions of the HR System- Increasing visibility and enabling Quicker, easier access to paychecks, Leave Tracking and , for managers, approvals and Notifications.
  • Audit: We can audit every Transaction in the system, and have the process trial for any action taken.
  • Approvals: Implemented approvals in Workday for a variety of transactions- audit trial shows who approved and when with all comments captured.
  •  Recruiting: All Job openings to be posted in Workday to ensure proper procedures are followed, compliance assured and that recruiters can have over sight ; ensured that background tests occurred prior to Hire and I-9s are captured within the first few days of hiring.
  • Job offers: require to happen in workday assuring accurate and appropriate language- again, limiting variations, allowing for oversight and ensuring approvals.
  • Began requiring any associate/temp/contractor to be input into Workday in order to get global ID assigned.
  • Manager access: Provided access to associate information for all managers and supervisors.
  • Added position management: a way to track budgeted and head count rather than just unlimited job postings.
  • Eliminated manual hiring: Previously all hiring was done on paper.
  • Onboarding– Using workday learning, we can ensure that each associate receives and reviews the most up-to-date and required policies and proper up-to-date training( Safety, compliance) at the right time.
  • Payroll: Payroll closes and reconciles daily, allowing for much more accurate accounting and accruing.

4. Workday Security

    Your security groups configuration underpins all of your Workday tenants. These groups fall into three categories: role-based, user-based, and standard worker.In role-based groups, the role is given certain security permissions and is constrained on a Workday Organization (for example, Supervisory Organization, Company, etc). Any worker assigned to that role is able to see key data/perform the actions against workers and objects within the Organization (for example positions) as specified for that security group.User-based security access is generally tenant-wide and these security groups contain critical tenant maintenance functions (for example Business Process Administrator, Security Administrator).Standard workers are security groups that apply across the majority of the worker population (for example Employee as Self).

Components of Configurable Security:

  • Security Groups: Groups of users who need to perform actions or access data.
  • Domains: Defined tasks and reports that are functionally similar.
  • Domain Security Policies: Rules that dictate which security group can view or modify data within domains.
  • Business process: Workday-delivered processes. You cannot create new business processes, but you can configure them to meet your Workflow requirements.
  • Business Process policies: Rules that dictate which security groups can participate in the business process and in what ways they can participate.

Creating Role-based Security Groups:

Step1: Search for Maintain Assignable Roles Task to create a role.Step2: Input Role Name and Administered by security Groups names.Creating Role-based Security GroupsStep 3: Click Ok and Done.Step 4: Search for ‘Create Security Group’ Task.Step 5: Input the type of security group, you wish to create. In this scenario input ‘Role-Based security group (Constrained)’.Step 6: Enter the Name for Security Group.Enter the Name for Security GroupStep 7: Input Previously created Role in Group Criteria.Step 8: Leave Default ‘Access Rights to organizations’ and ‘Access rights to Multiple Job Workers’.Access Rights to organizationsStep 9: Click Ok and Done.

Creating User-based Security Groups:

Step1: Search for Create Security group task.Step2: Enter User-based Security Group in Type of security group:Enter User-based Security GroupStep 3: Click Ok and Done.Click Ok and DoneStep 4: Search for ‘Assign user-based security groups for Person’ task. Enter name of the person to whom you need to assign created User-based security group and click on Ok .Assign user-based security groups for PersonStep 5: Enter name of the Security group which you need to assign to the user and Click on Ok and Done.Enter name of the Security group

Important tasks and Functionalities related to security:

  1. To Find what policy to update for a given securable item use:
  • View Security for Securable item.
  1. To Find what security groups a user has use:
  •  View security Groups for user.
  1. To Find who are the members of a Security group :
  •  If User- based – View Security group.
  •  If not user –based, write a custom report with PBO(Primary business object): Security group,   Report field, Members)
  1. To find whether user has access to specific target using a given security group
  •  Test Security Group membership.
  1. To find how did this user get to this task or item and what security group allowed it.
  •    Security analysis for action.
  1. To add or remove a security group from Multiple domain security policies at once.
  • Maintain permissions for security groups.
  1. Given user’s security groups, to find their Cumulative access in tenant
  • Security Analysis for Workday Account.
  1. To find Unassigned roles:
  • Unassigned Organization roles audit.
  • Unassigned Roles audit
  • Unfilled assigned roles audit.
  1. Domain Security Policies can control:
  • Which group can view or modify items in a report/task and Get and Put transactions from an integration.
  1. To Modify Security in workday
  •  Security Configurator/ Security Administrator access should be given.
  1. Report and Task you can use to view and edit domains and BP types between the different Workday Modules.
  • Functional Area Report to View
  • Maintain functional Areas Task to edit.

       Scenario: Say that you, the Security administrator, inadvertently altered a security Policy that revoked access to several key Integrations in your System. What can you do to fix the problem and restore the security quickly ?

  • Run the “Activate previous security Time stamp” to revert to the previous time the Activate pending security policy changes was executed.’’

Report Security:

To Create Custom report you must be assigned to the Report-writer user-based security group  and must have access to Custom report creation Security Domain in addition to this you must have access to :

  • Security Domain for Datasource you want to use.
  • Security domains for report fields you want to add.

To edit and delete custom report, Report Owner and users must have access to

  •  Manage: All custom reports security domain.

Who can share the created Custom reports?

Report Writers must have access to below mentioned security domains to use the sharing options:

  • Domain:Report Definition sharing –All Authorised Users
  • Domain: Report Definition Sharing- Specific groups
  • Domain: Report Definition Sharing-Specific users

Who can transfer Ownership of a report?

Use Transfer ownership of custom reports task to transfer the ownership of a report.You must have access to the Custom Report Administration or Manage: All custom reports security domain to transfer ownership of reports owned by other users.

Leave a Reply

Your email address will not be published. Required fields are marked *