University of Wisconsin–Madison

Workday Security (Human Resources)

UW-Madison utilizes role-based security in Workday. This means that most security roles are assigned to positions, not directly to individual users. The roles assigned to a user’s position dictate what data they can view and what actions they can take.

Role-based security assignments are also based on organizations, which is how Workday groups together different positions and employees. For example, a supervisory organization (“sup org”) is made up of employees with the same supervisor. Each organization may have different people assigned to security roles, ensuring that business processes are initiated and approved by the appropriate users for each organization.

Learn more

Questions?

For assistance, please contact hris@ohr.wisc.edu.

How to change security roles in Workday

Security roles can be changed directly in Workday following the steps below:

  • Step 1: A role-based access requester initiates the process
  • Step 2: Approval of assignee’s manager (always required)
  • Step 3: Approval of division (always required)
  • Step 4: Approval of campus (always required)
  • Step 5: Approval of Shared Services, Central Processing, or ERP Administration (required for some roles/security groups) 

See also: Review and approve role-based access requests

Benefits of role-based security

  • The security roles are assigned to the position, so security does not need to be reconfigured when an employee leaves the position.
  • Security roles are assigned based on organizations, which helps ensure that business processes route to the correct approvers.
  • Role-based security assignments are often inherited down the organizational hierarchy, so multiple departments can have the same security role assignee, if desired.
  • Role-based security assignments can be customized for each organization to fit the needs of different schools, colleges, and divisions– as well as their departments.
  • Security role assignments are flexible and can be changed as a position’s responsibilities change over time; roles are not tied directly to job titles.
  • For most roles, organizations can have multiple positions assigned to the same role, preventing bottlenecks when someone is out of the office.

See also: Frequently asked questions about HR security in Workday

Workday security resources

The table below links to different articles that provide more information about security-related processes and concepts in Workday. The following roles will be referenced throughout the articles:

  • Assignee – the person whose position is assigned to a security role
  • Role-Based Access Requester – a security role that initiates role-based access requests on behalf of a supervisory organization
  • HR Access Approver (Division) – a security role that reviews and approves role-based access requests for HR roles at the school, college, or division level
  • HR Access Approver (Campus) – a security role held by OHR staff that reviews and approves role-based access requests for HR roles at the campus level, after the request has been approved by the division

HR Security Roles

Initiating Requests

Reviewing Requests

Concepts and Resources

Troubleshooting and Support

Did you find what you need?