If you are used to a PeopleSoft security model, just forget everything you know, this is a totally different world. :)
Functional Areas - Workday security comes pre-delivered with defined functional areas such as 'Benefits', 'Staffing', 'Jobs & Positions' or 'Compensation'. Each of these areas is further divided into 'domains' and 'business processes'.
Business Processes - Each HR process in WD is set up as a 'business process'. So the steps and the roles that can perform each step, as well as any approvals or notifications are defined. Examples of a business process can be large like 'Hire' or smaller like 'Passport and Visa change'. There's more to say about buisness processes, but we'll save that for another day.
For today, imagine a swim lane flow chart in Visio with roles assigned to certain tasks.
Domain - This one can be difficult to grasp as it's quite foreign from anything I've seen in other HR Systems. Basically, a domain is a collection of related securable items, such as tasks and reports. WD delivers similar items together within domains, and you cannot change which items are assigned to which domains. There are also sub-domains in some cases, but that's for a later day too.
To give you some ideas, a Domain would be 'Set Up: Jobs & Positions' and examples of sub-Domains under that would then be:
- Set Up Job
- Set Up Position
Domain Security Policy - This is where we can do some configuration. While we cannot change what comes delivered in a Domain, with the domain security policy we control access to it. So we control who can 'View and Modify' or 'View Only' or 'Get and Put'.
Within this security policy we address 'Securable Actions' and 'Securable Reporting Items'. So for the Task 'Create Job Profile' or 'Delete Job Family', we say that it is a 'Modify' task rather than 'View' task.
For individual fields that fall under this area, we can then define if those are viewable or not too.
So let's work with an example so far:
- In the Functional area of 'Jobs & Positions' we have a Domain called 'Set Up: Jobs & Positions'.
- We have Business Processes such as 'Edit Position' or 'Create Position'.
- We apply a Domain Security Policy to 'Set Up: Jobs & Positions' so that various tasks are given either view or modify rights.
I realize the above is quite a complex topic--you can see why this can be a full training course from Workday! Let's talk some more about the User piece on a different day...