In Part 1 we covered the mental model — the full Workday security framework from Functional Areas down to Users.

Here in Part 2, we're going one level deeper.

We're talking about Security Policies, which is the actual mechanism that locks down everything in your tenant 🔒

Sorry! You’re not in a security group on the policy!

There are two kinds of security policies: Domain Security Policies and Business Process (BP) Security Policies.

Let’s break it down 💃

Domains: Workday's pre-sorted bins

Before we talk about Domain Security Policies, you need to know what a Domain actually is…

A Domain is Workday's way of grouping related securable content — fields, reports, tasks, and web services — that belong together.

Think of it like a pre-sorted filing cabinet. You don't design Domains. Workday does.

And while most securable items live in just one Domain, there are exceptions. Some items appear across multiple Domains, so occasionally you have to choose which Domain to grant access on. We'll get into that nuance in a future deep dive.

Here’s what to know for now…

logo

This is where the good stuff lives.

Free builds awareness. Premium fills all the gaps.

Unlock the full deep dive 🤿

Plus everything in Premium:

  • Release Ratings & Reviews ⭐
  • Archive access 🔐
  • A say in what gets built 🗳️

Keep Reading