Permissions Required for Workday

Permissions Required for Workday

Following list of permissions are required for Workday:

View/Modify AccessDomain Security PolicyDescriptionPurposeTrade-off if not allowed

Get Only

Manage: Organization Integration

This domain provides access to the organization.

Gets organization details with all organization types for example: company, cost center, custom, matrix, pay group, region, retiree, supervisory, company hierarchy, cost center hierarchy, location hierarchy, region hierarchy.

The Netskope SSPM asset fetching and evaluation process will fail due to non-accessibility of data.

Get Only

User-Based Security Group Administration

This domain controls which groups can edit any user-based security group.

Retrieves Workday account and it's assigned user-based security groups.

View and Modify

Workday Query Language

This domain grants access to Workday Query Language (WQL). Users can execute REST calls using the WQL API to extract data from Workday data sources and view associated performance log information.

Netskope makes WQL API calls to get data.

View Only

Workday Accounts

This domain provides access to the management of Workday accounts.

Gets Workday accounts for a user.

Get Only

Special OX Web Services

This is a special domain that includes all web services required to migrate objects using Object Transporter (OX). Access to items secured to this domain only occurs while using OX.

Retrieves data related to Workday accounts associated with an integration system, and view group share configurations in tenant setup.

Get Only

Integration Security

This domain provides access to creation of system users and Workday accounts for integration systems.

Retrieves data related to Workday accounts associated with an integration system.

Get Only

Drive Web Services

This domain provides access to web service tasks for Drive items, such as viewing all user items, creating new items for users, and removing data for users.

Retrieves data for group share configurations in tenant setup.

View Only

Security Configuration

This domain provides access to security configuration including functional areas, security groups, domain security policies and business process security policies. It also includes reports to analyze and review the current security configuration.

Get Workday account details of a user.

View Only

Security Administration

This domain provides access to security administration tasks such as maintaining password rules, user name rules, tenant challenge questions, setting security proxies, etc. It also includes reports for security reviews.

View Only

Security Activation

This domain secures tasks for activating security policies. By having the activation to its own domain, customers can choose to implement segregation of duties, where one group of users has access to maintain policies and a separate group of users has access to activate the pending changes. This effectively introduces an "approval" into the process.

Note

On adding this domain security policy, following child polices get added too:

  • Lock Out Workday Accounts

  • Set Up: Public Profile

  • Set Up: Security Rules

  • Manage Authorized Applications

View Only

Purge Person Data

This domain provides access to run purges of privacy-regulated data for all persons returned by the report selected.

Note

On adding this domain security policy, Purge Single Entity Data child policy gets added too.

View Only

Integration Reports

This domain provides access to reports on Integration Events and Messages

Retrieves data related to Integration System

View Only

Integrations: EIBs

This domain provides access to view EIB integration templates

Retrieves data related to Integration System

View Only

Drive Administrator

This domain provides access to audit-related tasks for Drive items, such as viewing all user items, transferring ownership, and removing sharing data for terminated or inactive accounts

Retrieves data related to Domain

View Only

Business Process Administration

This domain provides access to Business Process Definitions and all related functionality such as Checklists, Notifications, Conditions Rules, etc

Retrieves data related to Business Process Type

Get Only

Integration Configure

This domain provides access to configure integration systems once they have been created and defined.

Retrieves web service security configuration data for integration system user.

Share this Doc

Permissions Required for Workday

Or copy link

In this topic ...