Workday security architecture consists of two levels: the first level, which controls access to data in data sets, and the second level, which applies to published data sets or data source security.

The base data set is the base data set, while the derived data set is the data set that will be published, it can apply implicit or explicit security to the data source security, which applies only to the data source created when a specific data set is published.

Custom Domain Security for Data Sources

Data source security is defined through domains, such as custom domains, which are used for different purposes, for example, a data source would be secured by a custom domain number 103, the security team would grant relevant permissions to this domain.

Workday Data Security Architecture

The first level of workday security architecture is a security group, which is a group of users who need the same access, all workday data and objects are secured in different domains, which are collections of securable items.

In Workday, all workday data is a securable item, including reports, tasks, data sources, and employee fields.

Workday provides many standard domains, which are collections of securable items, for example, if an employee needs access to a task called “create supervisory organization,” they would be added to a security group called ABC.

Securing Prism Data Source: Domain and Contextual Security

The creation of a prism data source, which is a secured item that needs to be securing within a custom domain, this data source is not a workday-delivered data source but a custom object that needs to be grouped together using a security group called data analyst. All data analysts need access to this prism data source to create reports.

The data source security applies to the entire data source, which can be controlled through the domain or through contextual security, for example, if an employee needs access to a report, they must be included in a security group.

Allows users to restrict access by specifying specific organizations, such as workday company or supervisory organization, or location.

There are two types of securities that can be defined: giving access to the entire domain or data source, or restricting access by specifying certain organizations.

Understanding Prism Data Sources in Workday

Workday’s prism data sources are always published because no one will manually publish them every day as the data changes.

When a data set is unpublished, it shows all dependent reports, which can be useful for managing multiple reports, however, if there are dependent reports, the system will not stop you from unpublishing the data set.

When a data set is published, Workday creates a prism data source and loads it with transformed data from the data set, these prism data sources are different from workday data sources, but they are similar and different.

Prism data sources are custom data sources that are based on a workday business object and can be indexed, they have their own primary data source, which is the same name as the DDS data source.

Prism data sources can be removed by pub unpublishing the data set, which means that all reports that use it will be broken.

Prism data sources support advanced report types such as matrix, transpose, simple, composite, and transposed, they do not support trending reports or discovery boards.

Customizing Reports with Prism Data Sources

To create custom reports using data sources, users can search for a prism data source and select it to build their visualizations, the Discovery Board has three panels: the data source panel, which is highlighted in the builders panel, and the filter panel.

Users can select their data source from the data source panel and add additional filters to build their visualizations.

Customizable Reporting

The default report type is an advanced report or table, with metrics such as worker name, gender, higher date, and worker ID, users can also add filters to specific visualizations or the entire sheet.

Customizing Visualizations with Filters

To create a filter for a specific visualization, users can drag and drop fields like gender, gender, higher date, and worker ID, they can also create filters specific to the visualization or for the whole sheet.

Creating Custom Reports for Company Data Analysis

To create a base data set, three custom reports are created: ZF01, ZF02, and ZF03. Each report has three different data sources: company structure, company hierarchy, and superior workday organization.

The first report imports company data by checking the name, workday ID, and subtype of the company, which is called a sector.

Workday’s Management Stage for Field Changes in Data Sources

Workday’s management stage allows users to view field changes in their data source, ensuring that subsequent systems are not affected, this is particularly important when dealing with third-party systems or data sources.

Workday handles schema changes based on the source file header, which includes XML aliases like worker name, employee ID, and worker types.

Workday uses the header rows to determine which fields have changed in the source file, allowing users to add or delete fields from any location in the source file.

However, if the source file does not have a header row, Workday only handles changes occurring at the end of the source file, therefore, it is recommended to include header rows in data sets when creating workday custom reports data sets.

Workday’s Management Stage Recommendation for Data Source

Additionally, Workday recommends adding a management stage as the first stage in your data source, as changes in the data source or fields won’t impact the BDS, this ensures that changes occur before publishing a data set, allowing for quick verification of all changes.