Skip to main content


Workday Adaptive Planning KB

Security Structure Overview

Introduces you to the components that control access to your instance and to the data.

Your instance uses one of two security structures: level-based access or access rules. Either way, you have several ways to secure and protect data. Each of these methods build upon others and can at times override each other.

Security Structure

Security Structure

Either level-based or access rule security.  



Provides users with an ID and password.  



Controls the areas, sections, and services in Adaptive Insights users can see or access. 


Access Controls

Limits the data users can view or edit with:

  • Access rules
  • Level settings
  • Version settings
  • Account settings
  • Sheet properties

Security Structure

Level-Based Security

Level-based security relies on level ownership, a user profile settings and a level setting. With level-based security, you can only see the data of levels you own.

See Set Up Level-Based Security.

Access Rules Security

Access rule security adds a flexible layer of rules that replaces level-based security. 

See Set Up Access Rule Security.

See Transition to Access Rules for information about what changes when you switch to access rules. 


Credentials are the combination of a user ID and password. To create credentials for a team member, create a user profile. As part of that process, assign them a role and owned levels. 

See Create User IDs and Passwords and Assign Level Owners.


With permissions, you create various roles. Each role has a set of permissions that control a wide range of capabilities. You then assign the roles to each user to control where they can go in your model.

See Available Permissions and Create, Edit, or Delete Roles.

Access Controls

Access Rules

Access rules define specific intersections of data that users or groups can edit or view. Intersections are defined by secured dimensions. Secured dimensions include levels, accounts, and up to three custom dimensions.

See Access Rules Overview and Create Access Rules.



Use version access controls to hide or lock the entire version for broadly-defined user types. Or, lock portions of versions. 

See Version Access Controls.

Account Settings

Use the two settings to control access for accounts:

  • Control how you reference account values in formulas with the Data Privacy setting. You can either reference the value at the current level only, the top level, or any level. This account setting reveals the data of other levels that you may not otherwise have access to. See Account Settings and Fields.
  • Flag an account as a Salary Detail. Only users with the Salary Detail permission can see the account's splits and details. See Salary Detail Permission and Settings.


  • After you add accounts to standard sheets, you can mark them as read-only and no one can edit the data on that sheet. See Edit Standard Sheets.
  • You can also hide the whole sheet from sub-levels.
  • For cube sheets, you can add cube restrictions that block access to specific intersection.
  • Flag a modeled sheet as Salary Detail. Only users with the Salary Detail permission can open the sheet.

See Building Sheets to get started.

  • Was this article helpful?