Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CathyG Security > Advanced Configurable Security > Flashcards

Advanced Configurable Security Flashcards

1
Q

When creating an intersection security group, which field would you configure to hide instances that members would have otherwise seen?
Link to see screenshot: See Chapter 1, Quest 1

	a. Security Groups to Include
	b. Security Groups to Exclude
	c. Exclude Target Position in Organization
	d. Applies to Current Organization Only

Chapter 1

A

Security Groups to Exclude

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

True or False?

This intersection security group configuration would limit self-service to contingent workers and employees in all locations other than Sweden.

Link to see screenshot: See Chapter 1, Quest 2

Chapter 1

A

True

Security Groups to Include

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How would you ensure that when a user runs the Trial Balance report, they only see certain Ledger Account values?

	a. Use a role-based constrained security group to constrain them to assigned ledger accounts
	b. Set up ledger account security segments and grant segment-  based security groups permission to the Access Ledger Account (Segmented) domain.
	c. The trial Balance report an only be accessed via user-based unconstrained security groups
	d. You cannot secure access to Ledger Account values.

Chapter 2

A

Set up ledger account security segments and grant segment-based security groups permission to the Access Ledger Account (Segmented) domain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which domain security policy would give users in a segment-based security group access to allowed spend category values?

	a. Procurement Segmented Setup
	b. Access Requisition Spend Category (Segmented)
	c. Access Procurement Items (Segmented)

Chapter 2

A

Access Requisition Spend Category (Segmented)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How would you ensure that a given user only accesses integration events for certain integrations systems?

	a. Use a constrained integration system security group.
	b. Set up integration system security segments and grant segment-based security groups permission to the Integration Events domain.
	c. A given user can only see their own integration events when running the integration events report.
	d. You cannot configure access to certain integration events.

Chapter 2

A

Set up integration system security segments and grant segment-based security groups permission to the Integration Events domain.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Ture or False?

After adding a security group to an aggregation security group that is already in use, you do not have to activate pending security policy changes.

Chapter 3

A

True.
A benefit of using aggregation security group is that you can add security groups to an existing aggregation without needing to modify the security policies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

An aggregation security group contains constrained service center security groups for different regions. If an approval step is routed to the aggregation group, who receives the action step?

	a. All members of the aggregation security group.
	b. Members in the intersection of included security groups. 
	c. Members with target access based on the context of the event.
	d. No one-service center representatives cannot take actions in business processes.

Chapter 3

A

Members with target access based on the context of the event.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Scenario: Self-service expenses is to be expanded to Canadian employees.

Review the existing security design. How would you change the design to support the expansion to Canadian employees?

Go to chapter to study for Chapter 4 & 5

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Chapter 1 Considerations
Best Practices p.67
Follow these best practices when using intersection security:
1. If intersecting role-based constrained security groups, remember to:
a. Maintain the additional role assignments.
b. Assign the same worker/position to both roles being intersected.
c. Create a custom report to audit aps in role assignments
2. When changing business process security policies to remove security groups and replace with the intersection security group, you can impact existing business process definitions that may still be routing a step to the removed security group. Run the Business Process Exception Audit report to identify errors and resolve them.
3. Wen changing access to worklets (e.g., self-service worklets), be sure to run Security Exception Audit to resolve any permissions issues with landing page worklet configurations.
4. Verify all needed removals and replacements with the intersection security group by running the following reports:
a. Action Summary for Security Group
b. Domain Security Policies for Functional Area
c. Business Process Security Policies for Functional Area
5. Test, Test, Test

Tip: use the Maintain Permissions for Security Group task to ease removals and replacements in domain security policies.

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Chapter 2 Considerations
Use Case: Document Categories
Segmented security is commonly used with document categories because access to worker documents is secured to a single domain. Without segmentation, security groups with permission to the Worker Data: Add Worker Documents and Worker Data: Edit and Delete Worker Documents domains would have access to view all documents for a given worker. By using document category values to identify the type of document and then using segment-based security, you can configure access to certain document category values.

Example: Benefits partners and administrators may have access to view and modify worker documents in Benefits document category via the Benefits categories segment-based security group

Use the Create Document Category Security Segment and Edit Document Category Security Segment tasks to define segments of values. These tasks are secured to the Document Categories Segmented Setup domain. Document categories must already be defined using the Maintain Document Categories task. A given document category security segment can contain one more document category values and a segment based security group can give members access to one or more security segments.
»»»See text book for screenshot

The following example gives the recruiter-related security groups access to view worker contract-related documents, such as offer letters and employment contracts.
»»»See text book for screenshot

In addition to domain access for worker documents, it is important to review business process security policy configurations for access to worker documents that are attached as part of a business process event. Security groups with View All access to the business process will have access to documents associated with the event. You can also configure access to attachments separately.

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Chapter 3 Considerations
Decide early how much aggregation to use.
• Security policies and business process definitions are built differently based on whether aggregation is used or not
• If you decide later that additional aggregation needed, this will cause significant rework
• Start small with the lowest common denominator of access for the aggregation
What if I find out later I need my subordinate groups to have different permissions?
• There is a risk of this happening, so be clear on requirements up front.
• Security groups access can be “topped off”. Place extra permissions on subordinate groups, not on the aggregation.
• The opposite is not possible. Any permission (as opposed to span of control) placed higher in the chain inherits down.

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which security groups types include other security groups to determine membership?
(Select three correct answers)

a. Role-based security groups
b. Aggregation security groups
c. Segment-based security groups
d. Service center security groups
e. Intersection security groups

Question from pro practice test

A

Segment-based security groups
Intersection security groups
Aggregation security groups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Intersection security groups:

Grant access based on user membership in all included security groups.
Include only users who meet all of the specifications
Intersect the constraints of the security groups within.
Cannot include other intersection security groups in the intersection
Can include aggregation security groups in the intersection.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How do you configure an intersection security group?

A

Intersection security groups have two main areas for configuration:

  1. In the Intersection Criteria section, specify the security group(s) to include (and intersect) as members
  2. In the Exclusion criteria section, you can specify exceptions to target access. This configuration hides targets that members would have otherwise seen. Exclusions are identified by organization. Positions in the organizations listed are not visible to members of the intersection security group.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Reminder : A security group will only impact access in the tenant when
added to a domain or business process security policy. For example, if we
added our HR-Partner-Intersection group to, the Exit interview domain
security policy, User B will be able to run the Exit interview report secured
to this domain and will only see data for workers who are in the IT
supervisory organization who are also in the USA location hierarchy. He
will only have this intersected target access constraint in security policies
where the intersection security group is used.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

True or False

You can create a new assignable roles enabled for an organization type using the Maintain Assignable Roles task.

A

True

17
Q

True or False

Role-base security groups can only reference on assignable role and assignable roles should be enabled for one organization type.

A

True

18
Q

What are the steps to create a role-based intersection configuration?

A

Role-based Intersection Configuration

The following steps outline how to intersect role based security groups:

  1. Ensure assignable roles are defined for needed organization types. Use the task: Maintain Assignable Role
  2. Assign roles to work chairs. Be sure the same worker chair is assigned to all needed roles to ensure membership in the role-based security groups being intersected.
  3. Create role-based constrained security groups for each assignable role.
  4. Create an intersection security including the role-based constrained security groups.
  5. Add the intersection security group in relevant security policies. Be sure to remove any references to the included role-based security groups form the policies.
  6. Activate security policy changes
  7. Test
19
Q

Steps for SELF-SERV CE SECURITY GROUPS intersection security configuration

A

Create a security group to identify a population of workers.

  1. Create an intersection security group and define intersection criteria using a self-service group and a security group representing the specific populations.
  2. Remove and replace the intersection group in relevant security policies.
  3. Activate security policy changes.
  4. Test
20
Q

What are the steps on how to use intersection exclusion criteria to hide certain workers?

A
  1. Identify the hidden worker positions by organization. Create a custom organization if needed, and place the hidden worker positions in the custom organization.
  2. Configure the intersection security group with the hidden worker organization specified in the exclusion criteria.
  3. Remove the security groups and replace them with the intersection group in security policies that control visibility to other workers.
  4. Test
21
Q

What are the step to set up

A
22
Q

True or False

Segment-based security groups - Configuration

  1. Determine who needs access to what segment of values. Identify members with existing security groups or create new security groups if needed.
  2. Determine what values to secure in what segments. Create and maintain !he security segments by adding values lo needed segments.
  3. Determine which security groups have access to which security segments. Create and Maintain the segment-best security groups.
  4. Configure the segment-based security groups in the necessary domain security policies to enable segmented access.
A

True

23
Q

True or False

Use job-based security groups to identify members based on a single job criterion, such as job profile, job family, management level, or exempt vs. nonexempt jobs. Target access can be constrained or unconstrained.

A

True

24
Q

True or False

Segmented security is only available in certain areas of Workday. Workday determines the items available to segment.

A

True

Securable items often configured with segmented security include:
Document Categories
Integration Systems
Pay Components
Requisition Spend Categories (Procurement)

25
Q

True or False

Is it important when configuring a segment-based security group in a domain security policy, be sure to remove any references in the security policy to security groups included in the segment-based security group.

A

True

CathyG Security (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions