Chapter 3: Security Flashcards by Christina Komoroski

A user must have access to what to access secured content?

Domain or bp security policy

How well did you know this?

Not at all

Perfectly

What is a Domain?

Collection of items that share the same security

How well did you know this?

Not at all

Perfectly

What does a business process represent in Workday?

Events or transactions

How well did you know this?

Not at all

Perfectly

Define secured content

Individual data instances such as worker, social security #, etc.

How well did you know this?

Not at all

Perfectly

Can you change domain and bp types in each functional area?

No, instead create security groups & configure membership

How well did you know this?

Not at all

Perfectly

What must be done before you can access a certain functional area?

Enable through ‘Maintain Functional Area’ task

How well did you know this?

Not at all

Perfectly

Define System Users

Individual users are added to security groups

How well did you know this?

Not at all

Perfectly

Define Security Groups

Determines what kind of access a user has - tie to a role or directly to specific user

How well did you know this?

Not at all

Perfectly

What are the two types of security policies?

Domain & business process

How well did you know this?

Not at all

Perfectly

Security groups can have what type of access to domain security policies?

View or modify access

How well did you know this?

Not at all

Perfectly

Security groups can have what type of access to bp security policies?

Access to different steps in the process

How well did you know this?

Not at all

Perfectly

What report do you run to see domain security policies?

Domain Security Policies for Functional Area

How well did you know this?

Not at all

Perfectly

What are securable actions?

Items such as delivered reports & tasks

How well did you know this?

Not at all

Perfectly

What are securable reporting items?

Items needed for custom reporting (i.e. data sources)

How well did you know this?

Not at all

Perfectly

How do you edit domain security policies?

Related Actions on domain security policy > Domain Security Policy > Edit Permissions

How well did you know this?

Not at all

Perfectly

What report do you run to see bp security policies?

Business Process Policies for Functional Area

How well did you know this?

Not at all

Perfectly

What is the difference between domain and bp security policies?

Domain gives you access to securable content, bp lists who can take action on certain bp

How well did you know this?

Not at all

Perfectly

How do you make changes to a bp security policies?

Search for bp policy using ‘Business Process Security Policies for Functional Area’, scroll down and click ‘Edit Permissions’ button

How well did you know this?

Not at all

Perfectly

What task needs to be completed before security policy change can take place?

Activate Pending Security Policy Changes

How well did you know this?

Not at all

Perfectly

What is Override Parent Permissions?

If child domain requires different permissions, you can override so it won’t inherit parent permissions

How well did you know this?

Not at all

Perfectly

What report should be used to determine how Workday secures a delivered item?

View Security for Securable Item

How well did you know this?

Not at all

Perfectly

What report should you use if you need to know how a certain user has access to securable item?

Security Analysis for Securable Item and Account

How well did you know this?

Not at all

Perfectly

How are integration permissions different from report/task permissions?

You can configure two levels of security group permissions

How well did you know this?

Not at all

Perfectly

Define Get

Provides access to extract data from Workday via web service operation

How well did you know this?

Not at all

Perfectly

Define Put

Provides access to both extract and load data into Workday via web service operation

What are the 3 ways a user can become a member of a security group?

Workday Delivered, Manually Assigned, and Derived

Define Workday Delivered

Workday defines security group definitions, determines membership criteria, and maintains

Is Workday Delivered configurable?

No - can't create, edit, or delete

Example of Workday Delivered

All Employees, Employee as Self

Define Manually Assigned

Manually add or remove users from user-based & integration system group types

Example of Manually Assigned

Payroll Administrator

Define Derived

Membership is based on certain security group criteria

Example of Derived

HR Partner Role

Group types in Derived

Role-based, Integration System, Location Membership

Define Constrained

Access to only their own instance of data or subset of data

Example of constrained

Contact information

Define Unconstrained

Access to all instances of data

Self-Service Security Group Type

Workday delivered access to user's own data

Example of Self-Service

Employee as Self

Role-Based Security Group Type

Membership derived from an assigned role, can be constrained or unconstrained

Example of Role-Based

HR Partner

Public Security Group Type

Workday delivered access to public data

Example of Public

All Employees

Segment-Based Security Group Type

Based on included security groups & allows constrained access to segments of values

Example of Segment-Based

Security group of sales managers to track travel expense specific to their department

Job-Based Security Group

Membership derived from job criteria, can be constrained or unconstrained

Example of Job-Based

What report do you use to see existing security groups?

View Security Group

What task do you use to create new security group?

Create Security Group

Once a new security group is created, how do you assign a user to that group?

Assign Users to _____ Security Group task - will depend on what type of group it is

What task do you use to edit security policy permissions to include new security groups?

Maintain Permissions for Security Group

How do you make security changes active?

Activate Pending Security Policy Changes task

What security group should you use as much as possible?

Workday-delivered

Avoid overusing which which security group type?

User-based

What task would you use to add or remove a security group from multiple domain security policies?

Maintain Permissions for Security Group

View Security Group report

Details about specific security group

View Security Groups report

All security groups in tenant

Action Summary for Security Group

Security policies tied to a security group

Security Analysis for Security Group

Domains, reports, tasks, integrations, and bp types for a security group

Security Analysis for a Workday account

User's cumulative access in a tenant

View Security Groups for User

Security groups a user is a member of

User-Based Security Group

Least restrictive, provides members unconstrained access to items in permitted security policies

What happens when you manually assign user-based security groups?

Stays with that user regardless of position or job changes

What security group is most appropriate for administrators?

User-based

Two tasks that can assign user-based security

Assign Users to User-Based Security Group, Assign User-Based Security Groups for Person

Role-Based Security

Assign permissions to the position the worker is in, rather than the worker themselves

What is the difference between user-based and role-based security?

User-based is based on individual user, role-based is based on position itself

What is a common way to enforce target constraints on members of a security group?

Organizations

Example of role-based security

Worker hired into a supervisory organization, but can also be part of company, cost center, or region

What is an Assignable Role?

Criteria for membership of Role-based security groups, responsibilities given to users for viewing, reporting, or managing data related to role-abled instance

What task do you use to create a new assignable role?

Maintain Assignable Roles

Testing Security Group Membership report

Can ask if the user is in a specified security group & has access to target instance

Compare Permissions of Two Security Groups report

Analyzes permissions of two security groups

Compare Security of Two Worker Accounts report

Lists the roles & security group assignments in common and exclusive between the two workers

Example of when a security change requires activation?

Adding a security group to a domain or bp security policy

Example of when a security change does not require activation?

Changing role assignments or membership is security groups

Which security group type requires you to manually assign and remove it?

User-based

Which security group type is tied to an assigned role and can be constrained or unconstrained?

Role-based

Which security group type provides unconstrained security access?

User-based

Constrained or Unconstrained: An HR Administrator needs to access total compensation records for all employees

Unconstrained

Constrained or Unconstrained: A manager needs access to records for the employees that report to them

Constrained

Constrained or Unconstrained: An HR Partner is filling in for a different department

Constrained

Constrained or Unconstrained: The IT HelpDesk Specialist needs to unlock Workday accounts tenant-wide

Unconstrained

Constrained or Unconstrained: A Payroll partner from the US is only supporting organizations in Europe

Constrained

Chapter 3: Security Flashcards

(84 cards)