Skip to main content


Workday Adaptive Planning Knowledge Center

Concept: Version Access Control

Introduces you to version access controls and walks you through a series of permission, access, and version setting changes to illustrate precedence.

Access Control is a section of the version settings. It's one way to lock or hide versions from various user types.  In the section is a list of user types with a drop-down where you choose the access. The permissions assigned to the user roles identify the user types listed in the Access Control section. The section looks different for the different versions.

For plan versions, the access control has additional settings: 

Plan Version Access Controls.png

Understand User Types

To define roles, go to Administration Roles and Permissions. For each role, select permissions. You then assign roles to users. If users fit in to more than one user type, their access defaults to their most permissive access.

User Type Description
Administrators Anyone with the Model Management > Versions permission.  People with this permission can always access the version list and all the version settings. 
Users Anyone with a login ID and password. Their permissions may prevent access to areas of your instance.
Group Anyone you've added to a user group in Administration > User Groups.
Actuals Access (available for actuals versions) Anyone with the Privileged Actuals Access permission. You see this user type for actuals, actuals sub-versions, journal entries, and virtual versions.
Editable Sheet Access (available for plan versions) Anyone with the Access Sheets > Editable Sheet Access permission. You see this user type instead of Actuals Access for plan version settings. 

Options for Each User Type

The options available change for each version type:

  • If the actuals version is a parent, the options are Visible and Hidden. If you hide an actuals parent, you hide all its descendants. The access controls in the descendants don't update to show that they are hidden. 
  • For all other versions, your options are Full Access, Import and Notes Only, Locked Except Notes, Locked, Hidden.

For each user type, choose the access from the drop-down to the right.  The table shows what each option allows the user type to do in the version. See Reference: Version Locking Options for more details.

Actions allowed for the user type Full Access Import and Notes Only Locked Except Notes Locked/Visible Hidden

View data in sheets

Add notes

Import data

Use in reports/charts

Edit in sheets





Access Control and Permissions Precedence

The examples walk you through how permissions and access control work together. At each step, you change the permission or access for a user, building on the complexity of the two so you can see what changes. You will also learn how access works with people who belong to more than one user type. See Roles and Permissions and Lock or Hide Versions.

Example Setup

  • Permissions: NJones has a user ID and password, which means NJones is in the Users category. NJones has a role with only the View Reports and Access Sheets permission.  
  • Access Control: Select Locked Except Notes for Users, Full Access for Editable Sheet Access, and Hidden for the Board Member group. 


  • Result: Access honors the permissions. NJones can see the version in reports and sheets. NJones cannot add notes to the version because the permissions do not support this action.

Change Permissions

  • Give NJones the Editable Sheet Access permission.
  • Result: Access defaults to the most permissive user type. NJones gets full access and can edit the version's data and add notes.

Add to Group

  • Add NJones to the user group, Board Members.
  • Result: Access controls defaults to the most permissive user type. NJones gets full access.

Lock the Version

  • From the Options section of the version settings, select March 2018 from the Lock Leading Months drop-down. 
  • Result: Version locking overrides access. NJones cannot edit those time periods prior to March 2018. 
  • Select the Locked Version checkbox from the Access Control section.
  • Result: Version locking overrides access. NJones cannot edit the version data. 
  • Was this article helpful?