Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
It enables customers to modify or accept delivered default security groups and security policies
that control view and modify access to workday. It helps to answer questions like:
Can you run a task? For Whom? For Yourself? For What items?
Security Group represents one or more workers with similar access and modification needs, such
as HR partner. A Security Policy details the report fields, tasks, and views that the group can
access and or modify. A Domain or a Business Process is a collection of securable items (Domain)
or a specific Business Process type. Business Processes are separately secured from Domains and
Sub-Domains.
Security acts as a bridge between Workday-owned metadata and customer-owned tenanted
access to functionality, Security Groups and Security Policies are in the customer / tenanted
realm, with little developer involvement. Domains reside in the metadata realm, and are off-
limits to customers.
SECURITY LANDSCAPE
Workday has grouped parts of the Workday system into Functional Areas. These functional areas
contain Domains and Business Processes.
A functional area is a collection of related securable items. These items include actions, reports,
report data source or custom report fields. The Functional Areas report will display all functional
areas and included domains and business processes. Functional Areas can be enabled and
disabled for each tenant with the Maintain Functional Areas task.
Domains are pre-defined by Workday and cannot be modified by customers. Workday provides
customers the ability to specify security policies that govern permissions for the content of a
domain. A domain security policy grants a group of users access to the securable items contained
in the domain.
Business Process types are delivered by Workday. You cannot create new business process types;
however you can copy and modify definitions. A business process security policy controls
permissions to tasks and view capabilities for business process types.
The following graphic outlines the steps for configuring security. Users are added to or removed
from security groups. In many instances, new security groups will be created to meet your needs.
There are several types of security groups. You cannot create new types. Security groups are
added to or removed from security policies. When changes are made to a security policy, those
changes are saved, but are pending until the Activate Pending Security Policy Changes task is run.
Once you activate those changes, Test, Test, and Test!
HOW CHANGE CONTROL WORKS
Four elements make Workday security policy change control possible:
Workday records the time of every security change.
Workday evaluates security as of a timestamp, ignoring later changes, which are "pending."
You can activate pending changes by time-stamping your current security configuration.
You can tell Workday Security to activate a previous timestamp.
When you tell Workday Security to use a timestamp as the security evaluation moment, changes
made after that timestamp don't take effect until you activate them. Use the Activate Pending
Security Policy Changes task to create a new, current timestamp.
For example, if you activate security policy changes in March, June, and September and then
discover a serious error in the September security configuration, you can activate the March
timestamp using the Activate Previous Security Timestamp task. The changes from June and
September are considered pending changes along with whatever new changes you make to fix
the problems with the September security configuration. When you run the Activate Pending
Security Policy Changes task, it creates a new timestamp and activates all of the changes made
since March.
Workday no longer allows you to activate the September timestamp, which it deems a bad
configuration. It appears in the View All Security Timestamps report, but no longer appears on
the list for activating previous timestamps. We recommend that you edit the timestamp
comment to indicate that it is not a valid security configuration.
Security timestamps look at domain and business process security policies and functional areas.
They include changes made by adding or removing security groups from policies, enabling or
disabling domains or functional areas, and whether business processes can be delegated.
----------------------- X -----------------------