The correct answer isA – Role-Based (Constrained) can approve compensation of workers they are assigned to support. User-Based can approve compensation of all workers.
In Workday,Role-Based (Constrained)security groups restrict access based on an assigned organization or supervisory hierarchy. Members of a constrained role (such asCompensation Partner) can perform actions—like approving compensation changes—only for workers within their assigned supervisory organizations.
Conversely,User-Basedsecurity groups arenot tied to an organizationunless specifically constrained, and typically haveunconstrained, tenant-wide access. When both security groups have access to the same domain or business process (e.g., “Approve Compensation Change”), theUser-Basedgroup can approve changes for all workers, while theRole-Based (Constrained)group’s access is limited by their assigned scope.
[Reference:Workday Pro HCM –Security Fundamentals, “Constrained vs. Unconstrained Access in Role-Based and User-Based Security Groups.”, ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit