University of Wisconsin–Madison
Human Resources

Changing Security Roles for a Vacant Position

Since security roles in Workday are assigned to positions, security role assignments can be edited even when a position is vacant. This is especially useful when you want to set up security roles for a new employee before their official hire date. Just like when assigning roles to an occupied position, you must have the Role-Based Access Requester security role for the supervisory organization that contains the position.

Please note that this article does not discuss the task that is automatically generated when a position is vacated. For more information about this, please see Reviewing Security Roles When a Position is Vacated.

  1. Using the search bar in Workday, search for the supervisory organization ('sup org') that contains the vacant position, then select the correct sup org.

    1. Tip: Use the search prefix Sup: and the campus code UWMSN to easily find the desired sup org. For example, instead of searching for "Astronomy", try searching for "Sup: UWMSN Astronomy".
  2. From the sup org page, select the Staffing tab.

  3. Under the Position Restrictions column, select the Related Actions next to the correct position. Next, hover over Roles. Then, select Assign Roles - Add/Remove.
    Screenshot showing the Staffing tab with the three dot icon selected next to a selected position. The related actions panel is displayed and the Roles option has been selected and the Assign Roles - Add/Remove sub option has also been selected.

  4. On the Assign Roles – Add/Remove pop-up window:

    1. Select an Effective Date.

    2. Optional: Select an option for the Copy Role Assignments from field. This allows you to copy security roles from another position. If you select this option, you will be prompted to select the specific roles that you want to copy.

    3. Optional: Check the Remove All Roles for Assignee checkbox to remove all the roles currently assigned to the position.

    4. Click OK.

  5. On the Assign Roles – Add/Remove window:
    Screenshot showing the Assign Roles - Add/Remove window. A plus sign icon is highlighted, a select field in the Role Enabled for column is highlighted, and another select field is highlighted in the Role column.

    1. Select the (+) to add a row. If you accidentally add a row and need to remove it, click the (-) for the row.

    2. Select an organization in the Role Enabled For column. Since there are many different organizations and organization types (supervisory, academic unit, etc.), instead of searching for an organization by name, we recommend using a search prefix with an organization reference ID. You can find the correct search prefix and a list of common organization reference IDs in the Workday Organization Reference IDs and Type Abbreviations article. If you are unsure what type of organization to choose for a certain role, consult the Simplified HR Security Role Catalog or the UW Security Catalog: Assignable Roles and User Based Groups report in Workday.

    3. Select a security role in the Role column. The available roles are based on what type of organization you selected in the Role Enabled For field. If you are not able to find the desired role, you may need to select a different organization.

    4. If you need to add multiple security roles, repeat steps A-C.

    5. If you want to remove an existing role from the position, select the Remove checkbox.

    6. Enter a comment to justify the request. The comment should provide adequate context about why the user needs the role in order to perform their job responsibilities. Role requests submitted without a sufficient justification may be sent back to the requester.
      1. Example: "We will be hiring a new employee into this position who will serve as a backup time approver, and they will need the Unit Timekeeper UW role in order to perform their job responsibilities."

    7. Click Submit. Click Save for Later if you are not ready to submit but would like to save your current progress.

      1. Note: If you receive a yellow alert message, it is because a role you requested would create a Separation of Duties (SOD) conflict, where the assignee could perform multiple related functions in violation of checks and balances. Role assignments that create SOD conflicts should not be requested or approved. The Simplified HR Security Role Catalog and the UW Security Catalog: Assignable Roles and User Based Groups report in Workday show the SOD conflicts for each role.

  6. Next steps:

    1. The next approver, usually the position's manager, will see the Assign Roles request in their My Tasks. The approver can take actions that include approving, sending back, or adding approvers. If approved, the request will then route to a divisional approver, and finally, will route to a campus approver in the Office of Human Resources (OHR). For more information, please see Review and Approve Role-Based Access Requests.

    2. If the requested role is at the Central Processing, Shared Services, or ERP Administration level of operations, the approval will route to an additional approver at that level of operations.

      1. Consult the Simplified HR Security Role Catalog or the UW Security Catalog: Assignable Roles and User Based Groups report in Workday if unsure of a role's level of operations.

Updated: Nov. 11, 2025
Source URL: https://hr.wisc.edu/hr-guides/for-hr-professionals/changing-security-roles-for-a-vacant-position/

Did you find what you need?