It is safe to say I have been doing Workday security for quite some time. Over my years I have come across a few reports that no matter what project, client, size, or shape, I use, ALWAYS. The “Business Process Booklet” report is one of those such reports, and I suggest everyone reading this make sure if you don’t have this report in your production tenant already, download and use the definition supplied below to create your own version.
(This report seems to be in more than 50% of all Workday tenants even though it is not Workday delivered, at least not that I know of yet, however I'm guessing it will be one day)
At a high level this report is rather simple. It shows you ALL of your tenants BP definitions, and related information. Imagine the view you get when looking at the BP in Workday, and picture all of your BP’s stacked on top of each other.
This is handy for the obvious reason you can now see all your BP’s on one place, rather than viewing each one in separate tabs/windows, or one at a time. It also shows you the related custom notifications, which the BP definition view alone does not do on the same page. (Of course, it’s on a separate tab). While all of this is nice, and very convenient, it is not why I love this report.
Why do I use this?
to answer that let’s get back to security. Why use a BP report for security? What is a common uses case for this?
One use case I think everyone is familiar with is the concept of HR not seeing other HR employees sensitive data. I’ll write about how, why and what options we have for that configuration another day, but for now let’s pretend we have already created our intersection security, and we have already moved all the domains and BP policies from our existing role or user based group, to the new intersection group. Now we need to think about a few downstream impacts. Where else is this security group used? What other updates do we need to make to ensure we don't break existing configuration?
We will potentially need to update calculated fields, condition rules, report sharing, and yes, BP definitions/notifications.
One thing about Workday that really grinds my gears is the fact when you look at a security group in the system, you see all the domains the group has access to, and on the following tab, what BP policies it has access to. But just because a group says it CAN “Approve” a BP on that second tab, does NOT mean it actually receives a task for anything. This is where the BP booklet report comes into play!
Run your BP booklet report, filter on the security groups column, and boom, you can see all the BP’s your security group ACTUALLY takes action on either with a To Do, Approval, Review, Report Step, anything. You then know what BP’s you need to update. Do the same for the notifications. In our HR on HR scenario, you will remove your role/user based group, and then add your intersection group to insure the step/notification triggers to the correct worker.
This report is good for many things, and I am sure all of you will find things about it you like and use it for that I have never thought of! I have only outlined the use case I tend to use this report for; at the end of the day I am a security person, and I need to do this use case on almost a weekly basis.
Enjoy the report, and please share any cool use cases you come up with!!