Permissions Required for Workday
Permissions Required for Workday
Following list of permissions are required for Workday:
View/Modify Access | Domain Security Policy | Description | Purpose | Trade-off if not allowed |
---|---|---|---|---|
Get Only | Manage: Organization Integration | This domain provides access to the organization. | Gets organization details with all organization types for example: company, cost center, custom, matrix, pay group, region, retiree, supervisory, company hierarchy, cost center hierarchy, location hierarchy, region hierarchy. | The Netskope SSPM asset fetching and evaluation process will fail due to non-accessibility of data. |
Get Only | User-Based Security Group Administration | This domain controls which groups can edit any user-based security group. | Retrieves Workday account and it's assigned user-based security groups. |
|
View and Modify | Workday Query Language | This domain grants access to Workday Query Language (WQL). Users can execute REST calls using the WQL API to extract data from Workday data sources and view associated performance log information. | Netskope makes WQL API calls to get data. |
|
View Only | Workday Accounts | This domain provides access to the management of Workday accounts. | Gets Workday accounts for a user. |
|
Get Only | Special OX Web Services | This is a special domain that includes all web services required to migrate objects using Object Transporter (OX). Access to items secured to this domain only occurs while using OX. | Retrieves data related to Workday accounts associated with an integration system, and view group share configurations in tenant setup. |
|
Get Only | Integration Security | This domain provides access to creation of system users and Workday accounts for integration systems. | Retrieves data related to Workday accounts associated with an integration system. |
|
Get Only | Drive Web Services | This domain provides access to web service tasks for Drive items, such as viewing all user items, creating new items for users, and removing data for users. | Retrieves data for group share configurations in tenant setup. |
|
View Only | Security Configuration | This domain provides access to security configuration including functional areas, security groups, domain security policies and business process security policies. It also includes reports to analyze and review the current security configuration. | Get Workday account details of a user. |
|
View Only | Security Administration | This domain provides access to security administration tasks such as maintaining password rules, user name rules, tenant challenge questions, setting security proxies, etc. It also includes reports for security reviews. |
||
View Only | Security Activation | This domain secures tasks for activating security policies. By having the activation to its own domain, customers can choose to implement segregation of duties, where one group of users has access to maintain policies and a separate group of users has access to activate the pending changes. This effectively introduces an "approval" into the process. Note On adding this domain security policy, following child polices get added too:
|
||
View Only | Purge Person Data | This domain provides access to run purges of privacy-regulated data for all persons returned by the report selected. Note On adding this domain security policy, Purge Single Entity Data child policy gets added too. |
||
View Only | Integration Reports | This domain provides access to reports on Integration Events and Messages | Retrieves data related to Integration System | |
View Only | Integrations: EIBs | This domain provides access to view EIB integration templates | Retrieves data related to Integration System | |
View Only | Drive Administrator | This domain provides access to audit-related tasks for Drive items, such as viewing all user items, transferring ownership, and removing sharing data for terminated or inactive accounts | Retrieves data related to Domain | |
View Only | Business Process Administration | This domain provides access to Business Process Definitions and all related functionality such as Checklists, Notifications, Conditions Rules, etc | Retrieves data related to Business Process Type | |
Get Only | Integration Configure | This domain provides access to configure integration systems once they have been created and defined. | Retrieves web service security configuration data for integration system user. |