Aug. 15, 2024

Workday security roles determine what employees can access and do within the system. Properly assigned roles help protect university data and ensure smooth business operations, particularly during position vacancies.

What are security roles?

Workday security roles establish the data employees can view in reports, profiles, and informational screens and specify task actions such as initiating, reviewing, approving, or canceling transactions. Security roles also facilitate the automatic routing of business processes to the appropriate party. Employees involved in a business process receive notifications or tasks in their Workday “My Tasks” inbox guiding them to the next steps in a process. 

Who determines employees' security roles?

Managers and unit leaders are responsible for ensuring employees have appropriate security roles to perform their job duties. Business processes can route to multiple people for a given step when more than one person in a department has the same security role. Managers and unit leaders are responsible for providing oversight and orchestrating how their employees work together to initiate, review, or approve Workday transactions.

Assigning appropriate security roles to employees:

  • Ensures they can perform their duties and effectively support their departments or units
  • Safeguards department and university assets by ensuring that no employee has complete control of a business process and minimizes errors and fraud. 

Inheritance

Supervisory Organizations (Sup Orgs) and the Foundation Data Model (FDM) are the primary hierarchies for security role assignments. Assigning roles at the correct hierarchy level within Workday determines assignments and notifications for business process steps, actions, and approvals. Proper role assignments also ensure backup coverage when a position becomes vacant, maintaining continuity in operations.

Because security is assigned to position numbers and not the specific worker, when a vacancy occurs, the next-level manager or employee will automatically "inherit" that position's security, allowing them to see data or perform tasks associated with that position’s privileges. For example, if a vacant position is assigned the manager role, the next-level manager would become the inherited manager responsible for approving  tasks, such as time-off requests until that vacant position is filled or a different  worker is assigned the manager role.

"Breaking" Inheritance

Position-based roles should be assigned at the highest level of the Sup Org or FDM to prevent a breakdown in the hierarchy’s position inheritance. This issue is called “breaking inheritance" and can prevent the next-level manager or employee with a security role from performing tasks or seeing hierarchy vacancy data. Workers in positions that are assigned security at the highest FDM hierarchy or HCM Sup Org of the unit will inherit access to all orgs beneath it unless otherwise assigned.

To update an employee’s security roles, visit the Workday webpage

If you have any questions, please reach out to elora.paik@unlv.edu (Finance) or danielle.gross@unlv.edu (HCM)