Security roles in Workday can be inherited. Inheritance reduces the need to manually assign the same role to a position for multiple organizations within the same organizational hierarchy, which streamlines access control.
Using the Simplified HR Security Role Catalog or the UW Security Catalog: Assignable Roles and User Based Groups report in Workday, you can determine whether subordinate organizations inherit role assignments for each role by looking at the Access Rights to Organizations column. If it says one of the following, then role assignments are inherited as explained:
- Current Organization and All Subordinates means that workers with the specified role can access secured items for the current organization and all subordinate organizations.
- Example: Charlie has the Payroll Analyst (Supervisory) UW role for the top-level UW-Madison supervisory organization. Since this role is enabled for the current organization and all subordinates, Charlie can access data for workers in all subordinate supervisory organizations, which would include all workers at UW-Madison.
- Current Organization and Unassigned Subordinates means that workers with the specified role can access secured items for the current organization and all subordinate organizations that don't have anyone with the specified assignable role.
- Example: Mary has the Absence Partner (Supervisory) role for the top-level UW-Madison supervisory organization. Xavier has this role for the School of Medicine and Public Health (SMPH), which is subordinate to the UW-Madison supervisory organization. Mary can access data and transactions for workers in all supervisory organizations at UW-Madison, except data for workers in SMPH, which Xavier is already assigned to.
- Current Organization Only means that access for this role is constrained to organizations where they have the role assignment. Subordinate organizations do not inherit the role assignment.
- Example: Priya has the Unit Timekeeper UW role for the Office of the Chancellor supervisory organization. Priya cannot act as the Unit Timekeeper for workers in any other supervisory organization, including subordinate organizations.
Additional information about how the role functions for workers with multiple jobs is in the Access Rights to Multiple Job Workers column.
- Role has access to the positions they support only grants access to jobs in the assigned organization.
- Example: Avery has a job at UW-Madison and an additional job at UW-Oshkosh. Frank has the Compensation Partner (Local) role for the UW-Madison location hierarchy, and can transact on Avery's UW-Madison job. Frank cannot transact on Avery's UW-Oshkosh job.
- Role has access to all positions grants access to all jobs associated with a worker, as long as one of the jobs is in the assigned organization.
- Example: Marcel is a professor at both UW-Madison and UW-Milwaukee. Susan has the Shared Services - Academic Faculty UW role for the UW-Madison academic unit hierarchy, and can transact on both of Marcel's academic appointments (UW-Madison and UW-Milwaukee).