Workday Security Interview Questions
There is no inheritance for business process security
policies (true / false)
True
Roles are used to drive business process management (true /
false)
Yes
Which type of security groups is optional and
customer-defined?
Job Based Security Group is optional
What type of Security Group are these: Report Writer; Setup
Administrator ?
User Based Security Group
Editing a security policy takes effect immediately? (true /
false)
False (Need to ‘Activate Pending Security Policy Changes)
The following are true about User-Based Security Groups
Grants access across the system
Multiple people can be members if same user-based security
group
Is it possible to activate a previous timestamp while making
changes needed to fix present security configuration?
Yes
You may configure securable actions and securable
reporting items in a domain security policy.
False
The following report views permissions the specified user
has an action & also security policies and groups that grant access
Security Analysis for Action
What are the different ways to assign security groups?
By the system based on a process
Manually
Is Report Writer a role-based security group
No
Which of the following is not securable area of
business process
Create new sub-processes
In case a secured item is included in more than one
domain security policy, workers who are granted different levels of access
permission in different domains get the most access granted
True
The following report views all domain security policies and
business process security policies that use the security
group:
Action Summary for Security Group
Editing a child security policy does not affect
inheritance in any of the others
True
Which Security Group is required for you to access
custom reports
Report Writer User Based Security Group
Can a role-based security tag to more than one
org?
Yes
In Security Breach, whom should you contact?
security@workday.com
What are the steps to create Role Based Security?
Steps-Org Role>>Maintain Org Role>>Attach
the Role
What are the two components of Workday Security?
Domain Security
Business Security
How to disable Functional area?
Maintain Functional area
How to activate security policy?
Activate pending Security Policy
What determines access to landing page?
Security
Which Report is used to see the Security Policy?
View Security for Securable Item
Defined tasks and reports that are
functionally similar
Domains
This dictates who can view / modify data w/in the domain
Domain Security Policies
What dictates who can participate in the business process
Business Process Policies
Type of security group automatically assigned based on
user’s job criteria
Job based security group
Security policies designate permissions for
security groups to view, or view and modify tasks within the domain
Domain Security Policy
Security Policies contain such securable
items as initiation steps, step actions, and actions on the process as a whole
Business Process Security Policy
Can you reassign a task to anyone?
No (It can be assigned to the users who have relevant
security group in BP Security Policy).
Which dictates who can participate in BP?
Business Process Security Policy
------------ are assigned to users based on
administrative responsibility
User-based
------------ are found as a related action off
worker’s name
User-based
----------- are assigned to users are based on
criteria selected
Job based
------------- are used to only approve business
process management tasks; they do not determine task or report access and
cannot initiate a business process
Job roles
--------- report views all details about security
group membership, security policies in which the group is used, the permissions
it has and the functional area
View Security Group
------- is automatically assigned based on criteria
selected
Job based
------------- is used to restore inheritance in a
child policy
Use Parent Permissions
***************
Reporting Interview Questions
What are Advance reports?
Advanced reports enable you to perform many actions on your
data from primary and related business objects, including: Counting, Grouping,
Summarizing, Totaling.
Output format of these reports can be table and charts.
Which filter would execute first? Filter or sub filter?
Sub filter will execute first. Because sub filters are
applied on related business object, so it will filter most of the data using
sub filters and then remaining data using filters.
What is RAAS?
RAAS is a normal report which is web service enabled. Making
a report as web service enable will help to call that report in EIB, studio
Integrations and BIRT. Otherwise, we cannot call that report in EIB, Studio or
BIRT.
What are the steps to create a report?
Choose Report type and Data Source>> Select
Objects and Fields>> Order Columns>> Sort
Output>> Define Filter Criteria
What is Workday Reporting? What are the types of workday
reports?
Workday reporting is a tool to gain information on data
which is stored in workday. This information can be in table format, chart
format etc.
Types: There are 2 types of Workday Reports. Custom
report, Standard Reports.
Standard Reports are again of two types.
Xpresso Reports:
These reports are delivered reports. User
cannot edit these reports. User can only run reports for which S/he have access
to.
Report Writer:
These reports are delivered reports. User can not directly
edit these reports. User have to copy these reports and then user can edit that
report.
Custom reports:
These are the custom reports created by user using report
writer tool. The task to create custom report is “Create custom
report”. The person who create the report is owner of that report.
How to make report as web service enable?
There are 2 ways to make a report as web service enable.
While creating an advance report, you can find a checkbox to
make report as web service enable.
After creating a report, you can also go to advance tab and
select web service enable checkbox. This way you can also disable report as web
service, so it cannot be used in EIB, Studio and BIRT.
What is difference between advance reports and simple
reports?
Simple reports will not have option to sub filter, prompts
and will have less functionality, wherein advance reports will have these
features.
Also, simple reports cannot be used as web service.
The Tab on the Report definition allows you to control the
order in which data will be presented and grouped is
Sort
Which Report cannot publish Web service?
Simple
What is the task to convert a report from simple to
advanced?
Related action >> custom report >> Change to
Advanced Report type
How do you compare the WD reporting with Relational DB?
Data Source -
View
Object
- Table
Related Object - Child Table
Class Report Field - (CRF) Column
Instance
- Row
What is Matrix Report?
Matrix reports are similar, but not identical to, pivot
tables and cross-tabs found in other systems. You group data in a row
group and optionally a column group. Values in the matrix cells display
aggregate values scoped to the intersection of the row and column groups to
which the cell belongs.
What is RAAS?
You may create custom reports and enable them as a web
service to be used in an Outbound EIB (Enterprise Integration Builder) as a
data source. If you select this option, then you must also define Column
Heading Override and Group Column Heading values on the Columns tab, and
provide Label Overrides for all prompts on the Prompts tab.
What is Worklets?
A worklet is a report that can be displayed in a
"tile" on the Workday "landing pages", which are: My
Workday, All About Me, and My Team, and the Dashboard slide-out. Worklets
provide users quick access to frequently referenced data and tasks common to a
specific functional area.
You can create your own worklets by using the Report Writer
and specifying either the advanced or the matrix report type, and then
selecting Enable As Worklet on the Output tab. If you choose to share a
worklet, it becomes available for authorized users to select when configuring
their Workday landing pages.
What is Trended Worker Data source?
Trended Worker Data source encompasses a number of fields
that fall into 3 general categories:
Monthly worker snapshots. This type of data includes data
about workers as of the last day of the month, including compensation
data, headcount numbers, and biographical information.
Staffing events. These include hires, terminations,
transfers, promotions, changes in position, addition or deletion of additional
jobs, move events, and international assignments.
Calculated metrics. These are calculations ,we can make
based on the trended data, such as turnover rate and span of control.
Workday automatically updates the Trended Workers data
source at the end of each month. Data is collected for the last 36 months (that
is, data is collected for as many months that are available in Workday, up to
36 months). Any data older than 36 months is automatically purged from the data
source. Additionally, any retroactive changes that have been made to a worker
in the last 3 months are automatically incorporated into the trended data.
What is Trending report?
Using Trending Report, Workday enables to report on and
analyze trends in worker data such as headcount and attrition through a number
of Workday delivered standard reports. We could create custom Trending report
types that use trended data. By using either standard reports or custom
reports, we can analyze important trends in our workforce directly in Workday,
without the need for a third-party analytical tool.
At the core of all trending report types is the Trended
Workers data source.
What is Indexed Data source?
Indexed data sources are a special type of data source
optimized for performance, aggregation, and faceted filtering on large volumes
of data.
Can custom field be used in Report?
Yes.
What are the different types of custom reports?
Simple, Advanced, Matrix, nBox, Search, Simple, Transposed,
Trending.
What is the difference between Filter and Sub-Filter?
Filter is used to provide filter condition for Primary
Business Object and Sub-Filter is used to provide filter condition for
Secondary Business Object
Additional Reads
Workday Standard Reports
Workday Custom Reports
Workday EIB Interview Questions
Workday Security Interview Questions
Workday Core Connectors Interview Questions
at May 09, 2020
Email ThisBlogThis!Share to TwitterShare to FacebookShare to Pinterest
Labels: Interview
Questions, Workday
Core HCM Interview Questions, Workday
Interview questions, Workday
Reporting, Workday
Reporting Interview Questions
Location: Gachibowli, Hyderabad, Telangana, India
Friday, 10 April 2020
Security
Security Terms
Security Groups -
A collection of system users used to grant access to Workday. Security Groups
are added to security policies to give members permissions to secured items in
Workday. Group of users who need to perform actions or access data
Domain Security Policy-
Rules that dictate which security group can view or modify data within the
domains
Components of Configurable Security:
Security Groups
Domains
Domain Security Policies
Business Processes
Business Process Security Policies
What are the 3 types of security constraints?
Unconstrained: members have access to available data
instances
Constrained: members will only have access to data for
assigned constraints
Mixed: Members have a mix of constrained and
unconstrained
User-based security groups-
These groups are assigned manually to individual users to grant tenant wide
access in Workday. Usually intended for administrators that needs system wide
access.
Two types of Security Policies-
Domain security policies and Business process security policies.
Domain-
Domains are a collection of items that share the same security, including:
- Tasks
- Reports and report fields
- Web service operations
Domain Security Policies control which security groups have access to data in
the domain
- View Security for Securable Item Report
Functional Area-
Represent the main grouping of delivered domains and BP types. These groupings
are typically for a specific module or area of Workday, such as Procurement,
Integrations, or Personal Data. Functional areas can be enabled or disabled.
Functional Area Report-
Functional Areas report is a "top-down" report which allows you to
see a top-down view of Workday functional areas and the domains and business
process types in each
Business Process Security Processes-
Business Processes Security Policies control which security groups can
participate in the business process (initiate, perform actions, approve,
cancel, delegate, etc.)
Have to give permission for multiple policies (ex. Approve, review, etc.)
Each business process type has a single security policy that secures all
business process definitions of its type
Steps for Configuring Security:
1. Identify users- who needs access to what?
2. Create security groups- identify existing security group or create a new one
for your employees
3. Edit Security Policies- grand view/ modify permissions to domains or grant
business process permissions (sometimes domain OR business process or sometimes
combo of both)
4.Activate Pending Changes to take effect
5. Test Changes to verify changes made provide the expected access (for both
those who got access and those who don't need access)
Workday-Assigned Security Groups
These Security Groups grant GENERAL access and are AUTOMATICALLY assigned by
the Workday system
- Assigned to a person
- Based on process such as hiring/ terminating
Ex. Employee as self, worker, all employees, all users, manager's manager
User-Based Security Groups-
These Security Groups grant ADMINISTRATIVE access tenant wide- typically for
maintenance/admin groups
- Responsibility applies throughout the system (not just supervisory orgs but
for entire tenant)
- User-based security groups are manually assigned to a worker
- Multiple people can be members of the same user-based security group
○ Ex. Benefits admin, compensation admin, payroll admin, report writer, HR
admin, etc.
Steps for Creating a User-Based Security Group:
1. Create user-based security group
2. Configure security group on security policies
3. Activate pending security policies
4. Assign users to security group
5. Test (user can create an exit interview, testing it on who should be able vs
who should not)
*Don't forget to add group for "administered for security groups" like
Security Administrator, otherwise they wont be able to access anything
Role-Based Security Groups:
These Security Groups help identify your support or leadership staff
- Membership is derived based on being assigned an organizational role
- Roles are assigned to organizations (or location hierarchies)
- Roles are assigned to positions, NOT workers
- Roles inherit from superior org if not filled (if configured to do so)
- Access can be defined as constrained and unconstrained
Steps for Creating a Role-Based Security Group:
1. Use "maintain assignable roles" to create or modify assignable
roles (supplemental book page 34-35)
2. Create role-based security group
3. Configure security group on security policies
4. Activate security policy changes
5. Assign roles to jobs/ positions to organizations
Test
Job-Based Security Group:
Identify members based on a job criterion
Job profile
Job category
Job family
Management level
Work shift
Include exempt jobs
Include non-exempt jobs
Automatic membership, Can be constrained or unconstrained
Membership-Based Security Groups:
1. Location (meant for more specific location, not US
as a whole)
Grants access to a
task based on the location for a worker
Once created, automatically assigned
based on users location
Example: for initial deployment of time tracking, only London workers
enter time on Workday
2. Organization
Grants access to a task based
on the user's membership in org
Once created, automatically
assigned based on organization assignments
Example: business unit, company, cost center, pay group, USA as a whole, etc.
Combination Security Groups:
1. Intersection -
Grants access based on membership
in ALL of the included security groups
Includes only users who meet all of
the specifications
2. Aggregation Security Group -
Includes users who are in ANY of the
selected security groups
User does not have to be in every
included group
Security Domain
A predefined set of related securable items that include reports, tasks, report
fields, data sources, and data source filters
- The securable item that make up a domain cannot be changed
- Each domain has its own security policy that controls access to the security
items
Which security group is assigned directly to a worker?
User based security-Tenant wide
Role based security group permissions are given to a worker when their position
is linked to what?
Support Role
Editing a security policy takes effect immediately
False- Need to activate
Business Process Policies-
Defines which security groups can participate in the business process
Security group that allows self service access?
Employee as self
Groups of users who need to perform actions or access data?
Security Groups