Workday Security (Human Resources)

How to change security roles in Workday

Security roles can be changed directly in Workday following the steps below:

• Step 1: A role-based access requester initiates the process
• Step 2: Approval of assignee’s manager (always required)
• Step 3: Approval of division (always required)
• Step 4: Approval of campus (always required)
• Step 5: Approval of Shared Services, Central Processing, or ERP Administration (required for some roles/security groups) 

See also: Review and approve role-based access requests

Benefits of role-based security

• The security roles are assigned to the position, so security does not need to be reconfigured when an employee leaves the position.
• Security roles are assigned based on organizations, which helps ensure that business processes route to the correct approvers.
• Role-based security assignments are often inherited down the organizational hierarchy, so multiple departments can have the same security role assignee, if desired.
• Role-based security assignments can be customized for each organization to fit the needs of different schools, colleges, and divisions– as well as their departments.
• Security role assignments are flexible and can be changed as a position’s responsibilities change over time; roles are not tied directly to job titles.
• For most roles, organizations can have multiple positions assigned to the same role, preventing bottlenecks when someone is out of the office.

See also: Frequently asked questions about HR security in Workday

Workday security resources

The table below links to different articles that provide more information about security-related processes and concepts in Workday. The following roles will be referenced throughout the articles:

• Assignee – the person whose position is assigned to a security role
• Role-Based Access Requester – a security role that initiates role-based access requests on behalf of a supervisory organization
• HR Access Approver (Division) – a security role that reviews and approves role-based access requests for HR roles at the school, college, or division level
• HR Access Approver (Campus) – a security role held by OHR staff that reviews and approves role-based access requests for HR roles at the campus level, after the request has been approved by the division

HR Security Roles

• Simplified HR security role catalog
  A simplified, pre-filtered catalog of assignable HR roles in Workday, including a description and UW-Madison-specific notes for each role

Initiating Requests

• Find your role-based access requester in Workday
  Instructions for employees to find the role-based access requester(s) for their supervisory organization
• Request to add or remove a Workday security role assignment
  Instructions for role-based access requesters to initiate access requests
• Workday organization reference IDs and type abbreviations
  List of abbreviations and Reference IDs that can be used to select the correct organization in the Assign Roles business process

Reviewing Requests

• Review and approve role-based access requests
  Instructions for access approvers to review access requests

Concepts and Resources

• Useful Workday reports for role-based access requesters and approvers
  Information about reports in Workday that provide useful information to access requesters and approvers
• Guide to role inheritance and access rights in Workday
  Details how security role assignments are inherited by subordinate organizations in Workday
• Guide to security role pairing in Workday
  Explains the concept of paired roles and provides examples

Troubleshooting and Support

• Frequently asked questions about HR security in Workday
  Answers common questions related to Workday access