Security groups control access to data in Workday. Security groups are a collection of users or of objects that are related to users. OpenText Identity Governance provides default templates for the Workday account and permission collections. Workday permission collectors support two types of permission collections: User Based Security Group and Role Based Permissions. Role-based permissions are always associated with a specific organization. When using role-based permission collectors, you can also collect permission hierarchy. Collected role-based permission in the catalog includes role name, permission, and organization as the name of the permission, and displays permission relationships.
When configuring the Workday Account Collector, configure service parameters as needed, then specify the Account-User Mapping parameter as WorkdayUserName and map it to Object GUID to join accounts to identities.
When configuring the Workday Permission Collector, configure service parameters, then select the permission type.
To collect user-based security group permissions, specify the Permission-Account or User Mapping parameter value as WorkdayUserName and map it to Account Name to join permissions to the account.
To collect role-based permissions, specify the Permission-Account or User Mapping value as WorkforceID and map it to Workforce ID to map permissions to identities. Additionally, leave the organization type blank to collect all role-based permissions or specify an organization type to collect permissions associated with an organization.
When specifying a specific organization, to collect the hierarchy of role-based permissions using the organization hierarchy, map the Parent Permission ID to wd-superior_organization. Mapping this will collect and establish the child/parent permission relationship for role-based permissions.