UW-Madison utilizes role-based security in Workday. This means that most security roles are assigned to positions, not directly to individual users. The roles assigned to a user’s position dictate what data they can view and what actions they can take.
Role-based security assignments are also based on organizations, which is how Workday groups together different positions and employees. For example, a supervisory organization (“sup org”) is made up of employees with the same supervisor. Each organization may have different people assigned to security roles, ensuring that business processes are initiated and approved by the appropriate users for each organization.
Learn more
Questions?
For assistance, please contact hris@ohr.wisc.edu.
How to change security roles in Workday
Security roles can be changed directly in Workday following the steps below:
- Step 1: A role-based access requester initiates the process
- Step 2: Approval of assignee’s manager (always required)
- Step 3: Approval of division (always required)
- Step 4: Approval of campus (always required)
- Step 5: Approval of Shared Services, Central Processing, or ERP Administration (required for some roles/security groups)
Benefits of role-based security
- The security roles are assigned to the position, so security does not need to be reconfigured when an employee leaves the position.
- Security roles are assigned based on organizations, which helps ensure that business processes route to the correct approvers.
- Role-based security assignments are often inherited down the organizational hierarchy, so multiple departments can have the same security role assignee, if desired.
- Role-based security assignments can be customized for each organization to fit the needs of different schools, colleges, and divisions– as well as their departments.
- Security role assignments are flexible and can be changed as a position’s responsibilities change over time; roles are not tied directly to job titles.
- For most roles, organizations can have multiple positions assigned to the same role, preventing bottlenecks when someone is out of the office.
See also: Frequently asked questions about HR security in Workday
Workday security resources
The table below links to different articles that provide more information about security-related processes and concepts in Workday. The following roles will be referenced throughout the articles:
- Assignee – the person whose position is assigned to a security role
- Role-Based Access Requester – a security role that initiates role-based access requests on behalf of a supervisory organization
- HR Access Approver (Division) – a security role that reviews and approves role-based access requests for HR roles at the school, college, or division level
- HR Access Approver (Campus) – a security role held by OHR staff that reviews and approves role-based access requests for HR roles at the campus level, after the request has been approved by the division
HR Security Roles
- Simplified HR security role catalog
A simplified, pre-filtered catalog of assignable HR roles in Workday, including a description and UW-Madison-specific notes for each role
Initiating Requests
- Find your role-based access requester in Workday
Instructions for employees to find the role-based access requester(s) for their supervisory organization - Request to add or remove a Workday security role assignment
Instructions for role-based access requesters to initiate access requests - Workday organization reference IDs and type abbreviations
List of abbreviations and Reference IDs that can be used to select the correct organization in the Assign Roles business process
Reviewing Requests
- Review and approve role-based access requests
Instructions for access approvers to review access requests
Concepts and Resources
- Useful Workday reports for role-based access requesters and approvers
Information about reports in Workday that provide useful information to access requesters and approvers - Guide to role inheritance and access rights in Workday
Details how security role assignments are inherited by subordinate organizations in Workday - Guide to security role pairing in Workday
Explains the concept of paired roles and provides examples
Troubleshooting and Support
- Frequently asked questions about HR security in Workday
Answers common questions related to Workday access