About Workday Security

One of the great things about Workday is that it places Financials, Payroll, and HCM into one system with one set of data that everyone works on. In this deeply collaborative environment, it’s important that the system gives every user access to the tools they need to do their job, while also adhering to NSHE policies put in place to heighten transparency and secure information. To meet those needs, Workday supplies a detailed set of security controls and protocols to managers and security administrators at the system level and at the institution level.

How Workday Manages Access

Workday gives users access to different levels and areas of functionality through an organized system of security groups and security policies. Security groups allow access to things like functional areas (HCM, Financials, and Payroll), data sources, and reporting. Security policies govern business processes—they control what roles perform activities like initiating or approving items within each specific business process.

At NSHE, most Workday security groups are assigned to roles, managing access to collections of functionality based on the role’s business purpose. For example, the position of someone who performs financial reporting functions as part of their job will have the role of Accounting Analyst in Workday—which has been assigned the security group that gives that role access to Workday’s financial reporting functions. Adding multiple roles to one position is how a position receives access to more than one collection of functionality. As an example, an individual who analyzes procurements and performs financial reporting will have the Procurement Analyst role and the Accounting Analyst role attached to their position.

How NSHE and the Institutions Assign Access to Users

Assigning or updating a position’s security roles is a two-person process on the campuses, started by a Security Initiator and completed by a Security Partner. The Security Initiator is someone who understands which roles a position requires to accomplish its responsibilities. The Security Partner double-checks that the changes proposed by the Security Initiator follow NSHE Workday security governance policies and that the roles as configured don’t present any kind of conflict of interest.  For example, this two-person Security Assignment process follows NSHE’s best-practice policy of separating duties—the Security Initiator, who has direct involvement in determining the work assigned to a position starts the process, and the Security Partner, who is a neutral party outside of the Security Initiator’s reporting structure, finishes the process. Also, by having one person initiate and another complete the process, potential conflicts of interest are prevented.

Currently, NSHE and its institutions use several isolated systems that don’t share one set of data. When it goes live in October, Workday will replace them with one unified set of data and tools that will work for everyone. Workday’s security features help to ensure that users get the right amount of access by giving NSHE and its member institutions unprecedented control over who can see their data and use their workflows.