1. What are Workday Security roles?
Security roles in Workday determine what you can see or do within the platform. They specify the data you can view in reports, profiles, and informational screens. Additionally, they specify the actions you can take on particular tasks, such as initiating, reviewing, approving, or canceling transactions. Security roles also facilitate the automatic routing of business processes, so you do not need to know who is responsible for the next step. Employees involved in a business process receive notifications or tasks in their Workday My Tasks inbox guiding them on what to do to move the process forward.
2. What are position-based roles? How do they work?
Security roles are not intended to directly match your business title or job description, nor are they designed to dictate how departments should divide up their work. Instead, security roles are assigned based on the functions of a position and are generally assigned to the position number, not the employee. The number of security roles a position has will vary by department, and those roles can change if needed.
3. What is the "Employee as Self" role?
Every employee and contingent worker receives the "Employee as Self" role, which allows them to perform self-service tasks. Employees can submit time off requests, update their emergency contacts, update their demographic information, and make changes to their direct deposit information, among other tasks. Employees can also view generally available data about other employees (e.g., job titles, departments, locations, and organization charts).
4. What are advanced security roles?
Advanced roles allow you to see more data, take actions impacting employees or financials, or complete tasks on behalf of others within Workday.
For instance, individuals with employees reporting directly to them have the "Manager" advanced security role. They are responsible for approving their direct report's time off requests, expense reports, and other transactions that support the supervision of their team. They can also access job and compensation information on their direct employee reports but not payroll data. Why can't they see payroll data? These data include payroll-specific information like wage garnishments and benefit elections, which are considered sensitive employee information.
Some employees are responsible for managing their department's purchasing activities. The Financial Administrative Assistant (FAA) advanced role allows employees to create purchase requisitions and expense reports as well as process Pcard verifications on behalf of another employee in their assigned cost centers. However, the FAA role is not a reporting role. If the employee requires the ability to generate financial reports, they will need additional advanced roles.
5. Who determines employees' security roles?
Managers (aka direct supervisors) are responsible for ensuring their employees have appropriate security roles to perform their job duties. Importantly, business processes can route to multiple people for a given step when more than one person in a department has the same security role. Thus, managers are responsible for providing oversight and orchestrating how their employees work together to initiate, review, or approve transactions in Workday.
Assigning appropriate security roles to employees is essential for several reasons:
-
Ensures employees have the security roles they need to perform their duties and effectively support their departments or units.
-
Safeguards department and university assets by ensuring that no employee has complete control of a business process and minimizes errors and fraud.
6. How do I look up the security roles assigned to my position?
The information below provides instructions for determining the roles a position has in Workday. Employees can run a report to see a listing of roles assigned to their positions. Managers have several options for determining the roles assigned to a position that reports to their team.
Viewing and Employee's Roles
Role Assignment for Worker Position
Every active employee can access this report, which provides the position-based roles assigned to the organizations and units they support. Follow these steps to run the report:
- Type Role Assignment for Worker Position in the search bar
- Enter the worker's name (required) in the filter prompt
- Do not adjust the effective date or time zone
Managers
HCM Roles assigned by Supervisory Organization - CR (UNLV)
This report lets managers view the positions assigned Human Capital Management (HCM) roles within a supervisory organization and its subordinates. This report is helpful for many reasons, such as allowing managers to find all positions with the Administrative Assistant, Timekeeper, and other HCM roles. Follow these steps to run the report:
- Type HCM Roles assigned by Supervisory Organization - CR(UNLV) in the search bar
- Type the Supervisory Organization
- The ‘include subordinate organizations’ is defaulted to be checked. Uncheck this default if only running for one supervisory organization
- Remove any of the listed roles for more direct results
User Assigned Roles - TCH - CR(UNLV)
This report allows managers to find roles assigned to a position by the effective date. The design includes the organization and organization type. Follow these steps to run the report:
- Type User Assigned Roles - TCH - CR(UNLV) in the search bar
- Type in the effective date only to filter effective dates earlier than today
- Type the role you wish to filter (e.g., Financial Administrative Assistant)
7. What is inheritance? How can it break?
Inheritance
Supervisory Organizations (Sup Org) and the Financial Data Model (FDM) are the primary hierarchies for security role assignments. Assigning roles at the appropriate level of these hierarchies is important because it determines assignments and notifications for business process steps, actions, and approvals. It allows for backup coverage when a position becomes vacant (i.e., no employee working).
When a vacancy occurs, the next-level manager or employee will automatically "inherit" that position's security and allow them to see data or perform tasks that come with those privileges. Suppose the vacant position has direct employee reports. In that case, the next-level manager can supervise these employees and approve tasks like time-off requests.
"Breaking: Inheritance
Assigning security roles at the appropriate level is essential. If not done carefully, it can cause a breakdown. These problems occur when a position-based role is assigned to a specific position at a lower level of the Sup Org or FDM hierarchy. It "breaks" the ability of the next-level manager or employee who has that security role to perform tasks or see data within that hierarchy when a vacancy occurs.
Recommendation: The most efficient practice is to assign position-based roles at the highest level of the FDM or Sup Org.