Security Roles Explained

Ahead of the Launch of Workday Student, it is critical that staff and faculty have access to the business capabilities, functions, and data within the new system that enable them to perform the tasks required for their positions at UBC. 

In the current Student Information System (SIS), access to data, information, and the ability to complete tasks is dependent on permission groupings. When UBC makes the transition to Workday Student, the format of security access to the system will be similar to the SIS and current Workday HR/Finance, through role-based permissions, and refined based on the needs of users to perform tasks and view data to support operations.

What are Security Roles? 

Security Roles are permission groupings that allow access to data, reports, and functionalities within Workday.

Security Roles are already being utilized by UBC staff and faculty in Workday HR/Finance. As an example, an individual in a managerial role will require different access and permissions within the system than an individual who does not manage staff. In this example, it would be reasonable to assume that an individual in a managerial role would have access to viewing certain personal information for their staff members, the ability to complete tasks such as approving expense reports or time off. The staff member, on the other hand, will not have access to these permissions within the system as their Security Role only allows them to see capabilities, functions, and data that are required for their position at UBC.

Within Workday Student, Security Roles will continue to be assigned to positions within UBC, not individual people. In order to perform the various tasks required by a role, positions can have more than one Security Role. These permission groupings will ensure staff and faculty have the access required to do their job when Workday Student launches, including, for example, initiating business processes, viewing or updating specific information, and approving tasks or transactions. 

Security Roles are fixed to a position, much like a desk or computer. If an employee leaves their position, for example a Faculty Advisor, their Security Roles do not transfer with them to their new position; rather they are left for the next candidate who takes over the role. That next candidate will inherit the desk, the computer, and the Security Roles that are assigned to the Faculty Advisor position.

Point solutions integrated with Workday, such as the Admissions Solution (ADM) and Appian BPMS, will follow the same position-based security access approach but will be further tailored for each system’s integration. Specific access to point solutions will be provisioned by a user’s Security Role in Workday Student to link role-based access between the systems.

Examples of Types of Security Role Access

While there are many types of Security Roles, we have highlighted three examples below to assist in differentiating the role-based access between them. These Security Role groupings highlight what access each permissions group will enable as it relates to capabilities within Workday Student, and operational objectives of each role.

For example:

Security Role Grouping: Undergraduate Academic Advising – Faculty Level

Users who are grouped into this Security Role primarily perform faculty-level academic advising. These users have the access to grant academic concessions, modify pathways, registration, and program completion.

Security Role Grouping: Undergraduate Academic Advising – Program Level

Users who are grouped into this Security Role primarily perform program-level academic advising. These users have the access to modify pathways and registration, but are limited to programs and courses within their specific academic unit.

Security Role Grouping: Graduate Program Officer (one of three GPO security roles)

Users who are grouped into this Security Role primarily focus on supporting graduate students throughout their journey at UBC. These users are able to view thesis and dissertation, student financials, and can modify advising notes.

Security Role Mapping & Assignments

Ahead of each launch of Workday Student, you will not personally be required to determine your Security Roles. IRP Student has been working diligently behind the scenes directly with Data Stewards and processing area owners from across both campuses to ensure that the appropriate positions at UBC have been mapped to the appropriate Security Roles through a number of security role mapping exercises.

Data Stewards* are appointed individuals, embedded within faculties and units across UBC to ensure data is protected and properly governed at UBC. With the transition to Workday Student, this data governance also extends to Security Roles.

In early 2023, IRP Student concluded design consultations with various faculties and units, which included collecting feedback to help validate and finalize the security framework, and the roles required to ensure business continuity at UBC. In addition, sample security mapping data was collected from Data Stewards and other main points of contact within units. This information resulted in a number of positions being mapped to Workday Student Security Roles, and that data was also used to assign Security Roles and positions for End-to-End Testing to commence. Security Role mapping continues to ensure each faculty or unit’s team members in administrative positions will be provided with the appropriate access to data and tasks in Workday Student for both Launch 1 (October 2023) and Launch 2 (February 2024), to support a smooth transition to the renewed student information system.

* Data Steward: A person has direct operational-level responsibility for the management of one or more types of Institutional Data and have authority to make decisions in alignment with data standards.