Sunday, September 6

All Custom Reports Errors - Identify and Fix

 Fix Custom Report errors across Tenant

Make use of the delivered report Custom Report Exception Audit to identify all the errors pertaining to the custom reports with in the tenant. This is one of the Audit report that helps in keeping your system error free.

Notice any one of the below 3 types of severity once you run the report in your tenant. Workday provides you the problem existing with the report and the possible solution to fix the issue.

Critical - Action is required and the issue to be fixed.

Warning - An alert, nothing big happens if you don't take any action.

Information - Helping you understand about some detailing on the respective report.

Notice the highlighted fields and fix the issues.

Saturday, September 5

Integration Common Issues in PROD

 Integration Common Issues in Production

Here are some of the common Issues related to files that you would encounter while supporting any type of integrations in Production. 

For example, an ongoing EIB Outbound integration, you would typically see issues like below:

File Empty:

The file that was sent to the end point is empty where as they were expecting some data in the file. You need to check your Data Source and specially parameters / filters on your integration event. Which parameters were passed during the launch of integration. Check for the data parameters, and try to run your report by passing the same parameters and see if you fetch any rows.

File Not Received:

In the above case, the file was sent but if was empty. Here, the file was not received at the end point. This is most probably something to do with your Delivery method. Check if the SFTP / FTP passwords got changed or any address / directory got changed so that you can update it and relaunch the integration.

File Has Incorrect Data:

In this scenario, the file was sent and the data in the file was not as expected. It could be of two scenarios 

1. More rows than expected 

2. Less rows than expected.

Its not always the fault on our side, there are times when your end point had a different understanding. So it is important to analyze the data as what was sent vs what is expected. You need to know your data source or web service and filters, sub filters properly. 

Example: If your file is missing some employees, you can ask for the sample Employees who are being missed and try to analyze what is causing that employees to miss in the output file. Same goes with the additional employees in the file.

Friday, September 4

Custom Domains

 How to Enable Custom Domains and Use them for Custom Objects

You cannot create new domains nor move delivered items between delivered domains.

Workday offers you 200 custom domains (as of 2020R2) that allows you to configure security permissions for custom items such as custom dashboards and custom objects. You can find these in the System functional area.

All the custom domains from 1 to 200 are available in the Parent Domain Custom Domains, as shown below.

1. Choose the Custom Domain that you want from the list of Subdomains

2. Enable the domain that you identified.

3. Add the Security Groups and Permissions by going to the navigation
        Domain Security Policy >> Edit Permissions

4. Activate Pending Security Policy Changes.
        With this you domain is available to use.
5. Custom Object: Go to your Custom Object and in the Permissions tab add the newly enabled Custom Domain.


Custom Dashboard: In the Edit custom dashboard settings, add the newly enabled Custom Domain. Here you will notice all the domains that weren't enabled. If you are making use of one which you haven't enabled, make sure to enable at later stage.


Thursday, September 3

Security Related Tasks and Reports

Security Tasks and Reports

View Security Groups for User 

Lists all the security groups on a given Workday account. The user’s access is a union across all the security group permissions.

Security Analysis for Workday Account

Provides a comprehensive view of a user’s access given all their security group permissions. 

View Security Group 

Shows details of a security group, including the description, type, and the domain and/or business process security policies that the security group has permissions to.

Action Summary for Security Group

Lists the domain and business process security policies the security group has permission to and details about each security policy. 

View Security for Securable Item 

Shows which domain or business process security policy provides access to a given securable item.

My Leadership Roles 

Displays any leadership roles to which your position is assigned. (You are also displayed on the organization chart as the leader of any organization(s) to which your position has a leadership role.)

My Supporting Roles

Displays any supporting roles to which your position is assigned. 

Role Assignments for Worker Position 

Displays an overview of assignable roles, security group membership, and access rights for the specified worker. The role information includes whether the role is inherited or directly assigned, and whether the role is active or inactive. You can limit results to specific roles as well as filter out inactive organizations and inherited role assignments.

Role Assignment Permissions

Displays the security group whose members can administer each role. Enables you to view or edit what security groups are allowed to assign workers to each assignable role. 

Roles for Organization and Subordinates 

Displays the organization hierarchy of subordinate organizations. Enables you to click on an organization in the hierarchy to see all the assignable roles, the worker in each, and whether they fill that role by assignment.

Unassigned Roles Audit

Displays roles for which no positions are assigned. Details include the organization type, unassigned roles, and the minimum roles to assign to each role. 

Unfilled Assigned Roles Audit 

Displays roles assigned to unfilled position(s). Enables you to include or exclude inactive roles in the results.

View Assignable Roles

Displays an overview of all assignable roles, including: the types of organizations for which each role is enabled; the default role, if any; and whether it is restricted to single assignment, hidden if not assigned, or a leadership role. You can also see which security groups are allowed to assign specific roles. This report also includes security group and access right information associated with each role. 

Worker Roles Audits 

Displays the workers in a specified organization and any assignable roles, user-or job-based security groups, or process-maintained roles to which they belong.

Wednesday, September 2

Security Related Question and Answers

Security Related Question and Answers


Below Q & A gives you a better deal to understand which task or report to use based on the scenario.

What can a security group do? What does it have access to? 
View Security Group 
Security Analysis for Security Group 
Action Summary for Security Group

How can I tell what security policy to update for a given item?
View Security for Securable Item 

How can I tell what security groups a user has? 
View Security Groups for User

How can I compare access between users?
Compare Security of Workday Accounts 

How can I compare security groups? 
Security Analysis for Security Groups

Who are the members of a security group?
If user-based, use View Security Group.
If not, write a custom report (PBO: Security Group, Report Field: Members).

How can I find out if a user is a member of a given security group? 
Test Security Group Membership

How can I tell if a user has access to a given target using a given security group?
Test Security Group Membership 

How did this user get to this task or item? What security group allowed it? 
Security Analysis for Action

Given a user’s security groups, what is their cumulative access in tenant?
Security Analysis for Workday Account 

How do I add or remove a security group from multiple domain security policies at once?
Maintain Permissions for Security Group

How can I tell who has access to a given task or item?
View Security for Securable Item

How can I see all the roles that are defined in tenant? 
View Assignable Roles

What if I need to add new roles?
Maintain Assignable Roles

How can I tell what roles are unassigned? 
Unassigned Organization Roles Audit 
Unassigned Roles Audit 
Unfilled Assigned Roles Audit

How can I tell what role assignments exist for a given worker?
Role Assignments for Worker Position 

How can I tell what role assignments exist for a given organization? 
Roles for Organization and Subordinates 
Worker Roles Audit

How can I tell which security groups are allowed to assign workers to each role?
Role Assignment Permissions

How can I see all the domains and business processes available for a given functional area? 
Functional Areas

How can I see the current security configuration for a given functional area?
Domain Security Policies for Functional Area
Business Process Security Policies for Functional Area 

How can I see all the security groups in the tenant? 
View Security Group

How can I see a full list of reports around security?
Run Workday Standard Reports for security-related categories. You can also write custom reports using security-related data sources.

How can I see an audit trail of changes to security policies? Who did what, and when? 
Domain Security Policy History 
Business Process Security Policy History 
Domain Security Policies Changed within Time Range 
Business Process Security Policies Changed within Time Range 
Audit Trial - Security

How can I audit a given Workday Account?
View User or Task or Object Audit Trail

How can I audit what a user viewed or changed? 
View User Activity

How can I see a history of security changes for either an organization (e.g., role assignments) or for a worker?
Security History
Security History for User

How can I activate changes to security policies? 
Activate Pending Security Policy Changes

Can I select which pending security policies to activate?
No – The Activate Security Policy Changes task will activate all pending security policy changes in the tenant since the last activation. 

If there is more than one person making security policy changes in the tenant, when one person activates pending security policy changes will it only activate that person’s changes? 
No – the Activate Security Policy Changes task will activate all pending security policy changes in the tenant since the last activation, regardless of who made the change.

How can I see what security policy edits are pending activation?
Domain Security Policies with Pending Changes
Business Process Security Policies with Pending Changes 

How can I revert back to a previous security configuration in the tenant? 
Activate Previous Security Timestamp

When I activate a previous timestamp, do my changes since that timestamp get removed or deleted?
No – your changes will still be there but instead in a pending state. You must edit the security policy manually to correct or remove the changes. 

How can I see how many times security has been activated in tenant? 
View All Security Timestamps

How can I see if there are issues with the security configuration?
Security Exception Audit