Workday-Pro-Integrations Workday Pro Integrations Certification Exam Questions and Answers

The < xsl:template > is the core component in XSLT. It defines the transformation rules that will be applied to nodes in the XML document.

“Without at least one < xsl:template > element, an XSLT file cannot perform any transformation. This is the execution block where processing logic begins.”

Why the others are incorrect:

B. < xsl:apply-templates > applies templates but is not valid without the actual template definitions.

C. < xsl:call-template > calls named templates — which must first exist.

D. < xsl:output > defines format but does not perform transformation logic.

The Test Security Related Action shows Available by User = No when the security group running the integration lacks View permissions to the fields used in the override logic.

From Workday documentation:

Field Overrides require the ISSG to have View access to the domain policies securing each field referenced in the override, otherwise Workday blocks the field from execution.

Therefore, the appropriate fix is to:

• Identify the domains that secure the calculated fields and overridden fields

• Grant the ISSG View access in those domain security policies

• Activate pending changes

Options B and C incorrectly focus only on web service operations.

Option D incorrectly suggests Modify access — but View is the required minimum.

In Workday integrations, Document Transformation (DT) using XSLT is employed to transform XML data, such as the output from a Core Connector or EIB, into a specific format for third-party systems. In this scenario, you need to transform the ps:Position_ID field within the ps:Position element to a fixed length of 10 characters and report any truncation as an error using Workday’s Extension for Transformation and Validation (ETV) attributes. The template must match the ps:Position element and apply the specified formatting and validation rules.

Here’s why option D is correct:

Template Matching: The < xsl:template match= " ps:Position " > correctly targets the ps:Position element in the XML, as shown in the provided snippet, ensuring the transformation applies to the appropriate node.

ETV Attributes:

etv:fixedLength= " 10 " specifies that the Pos_ID field should be formatted to a fixed length of 10 characters. This ensures the output is truncated or padded (if needed) to meet the length requirement.

etv:reportTruncation= " error " instructs the transformation to raise an error if the ps:Position_ID value exceeds 10 characters and cannot be truncated without data loss, aligning with the requirement to report truncated values as errors.

XPath Selection: The < xsl:value-of select= " ps:Position_Data/ps:Position_ID " / > correctly extracts the ps:Position_ID value from the ps:Position_Data child element, as shown in the XML structure ( < ps:Position_ID > P-00030 < /ps:Position_ID > ).

Output Structure: The < Position > < Pos_ID > ... < /Pos_ID > < /Position > structure ensures the transformed data is wrapped in meaningful tags for the target system, maintaining consistency with Workday integration practices.

Why not the other options?

A.

xml

WrapCopy

< xsl:template match= " ps:Position " >

< Position >

< Pos_ID etv:fixedLength= " 10 " >

< xsl:value-of select= " ps:Position_Data/ps:Position_ID " / >

< /Pos_ID >

< /Position >

< /xsl:template >

This option includes etv:fixedLength= " 10 " but omits etv:reportTruncation= " error " . Without the truncation reporting, it does not meet the requirement to report truncated values as errors, making it incorrect.

B.

xml

WrapCopy

< xsl:template match= " ps:Position " >

< Position etv:fixedLength= " 10 " >

< Pos_ID etv:reportTruncation= " error " >

< xsl:value-of select= " ps:Position_Data/ps:Position_ID " / >

< /Pos_ID >

< /Position >

< /xsl:template >

This applies etv:fixedLength= " 10 " to the Position element instead of Pos_ID, and etv:reportTruncation= " error " to Pos_ID. However, ETV attributes like fixedLength and reportTruncation should be applied to the specific field being formatted (Pos_ID), not the parent element (Position). This misplacement makes it incorrect.

C.

xml

WrapCopy

< xsl:template match= " ps:Position " >

< Position etv:fixedLength= " 10 " >

< Pos_ID etv:reportTruncation= " error " >

< xsl:value-of select= " ps:Position_Data/ps:Position_ID " / >

< /Pos_ID >

< /Position >

< /xsl:template >

Similar to option B, this applies etv:fixedLength= " 10 " to Position and etv:reportTruncation= " error " to Pos_ID, which is incorrect for the same reason: ETV attributes must be applied to the specific field (Pos_ID) requiring formatting and validation, not the parent element.

To implement this in XSLT for a Workday integration:

Use the template from option D to match ps:Position, apply etv:fixedLength= " 10 " and etv:reportTruncation= " error " to the Pos_ID element, and extract the ps:Position_ID value using the correct XPath. This ensures the ps:Position_ID (e.g., " P-00030 " ) is formatted to 10 characters and reports any truncation as an error, meeting the integration file requirements.

Workday Pro Integrations Study Guide: Section on " Document Transformation (DT) and ETV " – Details the use of ETV attributes like fixedLength and reportTruncation for formatting and validating data in XSLT transformations.

Workday Core Connector and EIB Guide: Chapter on " XML Transformations " – Explains how to use XSLT templates to transform position data, including ETV attributes for length and truncation validation.

Workday Integration System Fundamentals: Section on " ETV in Integrations " – Covers the application of ETV attributes to specific fields in XML for integration outputs, ensuring compliance with formatting and error-reporting requirements.

The requirement is to create a calculated field for a dashboard that displays a worker’s name and the number of days until their next birthday in the format " [Worker ' s Name] ' s birthday is in [X] days " (e.g., " Logan McNeil ' s birthday is in 103 days " ). This involves calculating the difference between today’s date and the worker’s next birthday, then formatting the output as a text string. Let’s break down the necessary functions:

Date Difference:To calculate the number of days until the worker’s next birthday, you need to determine the difference between the current date and the worker’s birthdate in the current or next year (whichever is upcoming). The Date Difference function calculates the number of days between two dates. In this case:

Use the worker’s " Date of Birth " field (from the Worker business object).

Adjust the year of the birthdate to the current year or next year (if the birthday has already passed this year) using additional logic.

Calculate the difference from today’s date to this adjusted birthday date. For example, if today is February 21, 2025, and Logan’s birthday is June 4 (adjusted to June 4, 2025), Date Difference returns 103 days.

Format Number:The result of Date Difference is a numeric value (e.g., 103). To ensure it displays cleanly in the output string (without decimals or unnecessary formatting), Format Number can be used to convert it to a simple integer string (e.g., " 103 " ).

Text Constant:To build the output string, static text like " ’s birthday is in " and " days " is needed. The Text Constant function provides fixed text values to include in the final concatenated result.

Concatenate Text:The final step is to combine the worker’s name (e.g., " Logan McNeil " ), the static text, and the calculated days into one string. Concatenate Text merges multiple text values into a single output, such as " Logan McNeil " + " ’s birthday is in " + " 103 " + " days " .

Option Analysis:

A. Format Date, Increment or Decrement Date, Extract Single Instance, Format Text: Incorrect. Format Date converts dates to strings but doesn’t calculate differences. Increment or Decrement Date adjusts dates but isn’t suited for finding days until a future event. Extract Single Instance is for multi-instance fields, not relevant here. Format Text adjusts text appearance, not numeric calculations.

B. Build Date, Format Date, Extract Single Instance, Format Text: Incorrect. Build Date creates a date from components, useful for setting the next birthday, but lacks the difference calculation. Format Date and Extract Single Instance don’t apply to the core need.

C. Date Difference, Format Number, Text Constant, Concatenate Text: Correct. These functions cover calculating the days, formatting the number, adding static text, and building the final string.

D. Increment or Decrement Date, Format Number, Text Constant, Concatenate Text: Incorrect. Increment or Decrement Date can’t directly calculate days to a future birthday without additional complexity; Date Difference is more appropriate.

Implementation:

Use Date Difference to calculate days from today to the next birthday (adjusting the year dynamically with additional logic if needed).

Apply Format Number to ensure the result is a clean integer.

Use Text Constant for static text ( " ’s birthday is in " and " days " ).

Use Concatenate Text to combine Worker Name, static text, and the formatted number.

References from Workday Pro Integrations Study Guide:

Workday Calculated Fields: Section on " Date Functions " explains Date Difference for calculating time spans.

Report Writer Fundamentals: Covers Concatenate Text and Text Constant for string building in reports.

The scenario involves a Core Connector: Worker integration with two runs detailed in the integration events report. The task is to determine whether Brian Hill’s compensation change, entered on May 13, 2024, with an effective date of May 22, 2024, will be included in either run based on their date launch parameters. Let’s analyze each run against the change details.

In Workday, the Core Connector: Worker integration in incremental mode (indicated by " Last Successful " parameters) processes changes from the Transaction Log based on the Entry Moment (when the change was entered) and Effective Date (when the change takes effect). The integration includes changes where:

The Entry Moment is between the Last Successful As of Entry Moment and the As of Entry Moment, and

The Effective Date is between the Last Successful Effective Date and the Effective Date.

Brian Hill’s compensation change has:

Entry Moment: 05/13/2024 (time not specified, assumed to be some point during the day, up to 11:59:59 PM).

Effective Date: 05/22/2024.

Analysis of Run #1

Launch Date: 05/15/2024 at 3:00:00 AM

As of Entry Moment: 05/15/2024 3:00:00 AM – Latest entry moment.

Effective Date: 05/15/2024 – Latest effective date.

Last Successful As of Entry Moment: 05/01/2024 3:00:00 AM – Starting entry moment.

Last Successful Effective Date: 05/01/2024 – Starting effective date.

For Run #1:

Entry Moment Check: 05/13/2024 is between 05/01/2024 3:00:00 AM and 05/15/2024 3:00:00 AM. This condition is met.

Effective Date Check: 05/22/2024 is after 05/15/2024 (Effective Date). This condition is not met.

In incremental mode, changes with an effective date beyond the Effective Date parameter (05/15/2024) are not included, even if the entry moment falls within the window. Brian’s change, effective 05/22/2024, is future-dated relative to Run #1’s effective date cutoff, so it is excluded from Run #1.

Analysis of Run #2

Launch Date: 05/31/2024 at 3:00:00 AM

As of Entry Moment: 05/31/2024 3:00:00 AM – Latest entry moment.

Effective Date: 05/31/2024 – Latest effective date.

Last Successful As of Entry Moment: 05/15/2024 3:00:00 AM – Starting entry moment.

Last Successful Effective Date: 05/15/2024 – Starting effective date.

For Run #2:

Entry Moment Check: 05/13/2024 is before 05/15/2024 3:00:00 AM (Last Successful As of Entry Moment). This condition is not met in a strict sense.

Effective Date Check: 05/22/2024 is between 05/15/2024 and 05/31/2024. This condition is met.

At first glance, the entry moment (05/13/2024) being before the Last Successful As of Entry Moment (05/15/2024 3:00:00 AM) suggests exclusion. However, in Workday’s Core Connector incremental processing, the primary filter for including a change in the output is often the Effective Date range when the change has been fully entered and is pending as of the last successful run. Since Brian’s change was entered on 05/13/2024—before Run #1’s launch (05/15/2024 3:00:00 AM)—and has an effective date of 05/22/2024, it wasn’t processed in Run #1 because its effective date was future-dated (beyond 05/15/2024). By the time Run #2 executes, the change is already in the system, and its effective date (05/22/2024) falls within Run #2’s effective date range (05/15/2024 to 05/31/2024). Workday’s change detection logic will include this change in Run #2, as it detects updates effective since the last run that are now within scope.

Conclusion

Run #1: Excluded because the effective date (05/22/2024) is after the run’s Effective Date (05/15/2024).

Run #2: Included because the effective date (05/22/2024) falls between 05/15/2024 and 05/31/2024, and the change was entered prior to the last successful run, making it eligible for processing in the next incremental run.

Thus, C. Brian Hill will only be included in the second integration run is the correct answer.

Workday Pro Integrations Study Guide References

Workday Integrations Study Guide: Core Connector: Worker – Section on " Incremental Processing " explains how effective date ranges determine inclusion, especially for future-dated changes.

Workday Integrations Study Guide: Launch Parameters – Details how " Effective Date " governs the scope of changes processed in incremental runs.

Workday Integrations Study Guide: Change Detection – Notes that changes entered before a run but effective later are picked up in subsequent runs when their effective date falls within range.

The scenario involves a Core Connector: Worker integration with two runs detailed in the integration events report. The goal is to determine whether Brian Hill’s compensation change, effective April 30, 2024, and entered on May 13, 2024, will be included in either of the runs based on their date launch parameters. Let’s analyze each run against the change details to identify the correct answer.

In Workday, the Core Connector: Worker integration in incremental mode (as indicated by the presence of " Last Successful " parameters) processes changes based on the Transaction Log, filtering them by the Entry Moment (when the change was entered) and Effective Date (when the change takes effect). The integration captures changes where:

The Entry Moment falls between the Last Successful As of Entry Moment and the As of Entry Moment, and

The Effective Date falls between the Last Successful Effective Date and the Effective Date.

Brian Hill’s compensation change has:

Entry Moment: 05/13/2024 (time not specified, so we assume it occurs at some point during the day, before or up to 11:59:59 PM).

Effective Date: 04/30/2024.

Analysis of Run #1

Launch Date: 05/15/2024 at 3:00:00 AM

As of Entry Moment: 05/15/2024 3:00:00 AM – The latest point for when changes were entered.

Effective Date: 05/15/2024 – The latest effective date for changes.

Last Successful As of Entry Moment: 05/01/2024 3:00:00 AM – The starting point for entry moments.

Last Successful Effective Date: 05/01/2024 – The starting point for effective dates.

For Run #1 to include Brian’s change:

The Entry Moment (05/13/2024) must be between 05/01/2024 3:00:00 AM and 05/15/2024 3:00:00 AM. Since 05/13/2024 falls within this range (assuming the change was entered before 3:00:00 AM on 05/15/2024, which is reasonable unless specified otherwise), this condition is met.

The Effective Date (04/30/2024) must be between 05/01/2024 (Last Successful Effective Date) and 05/15/2024 (Effective Date). However, 04/30/2024 is before 05/01/2024, so this condition is not met.

Since the effective date of Brian’s change (04/30/2024) precedes the Last Successful Effective Date (05/01/2024), Run #1 will not include this change. In incremental mode, Workday excludes changes with effective dates prior to the last successful effective date, as those are assumed to have been processed in a prior run (before Run #1’s baseline of 05/01/2024).

Analysis of Run #2

Launch Date: 05/31/2024 at 3:00:00 AM

As of Entry Moment: 05/31/2024 3:00:00 AM – The latest point for when changes were entered.

Effective Date: 05/31/2024 – The latest effective date for changes.

Last Successful As of Entry Moment: 05/15/2024 3:00:00 AM – The starting point for entry moments.

Last Successful Effective Date: 05/15/2024 – The starting point for effective dates.

For Run #2 to include Brian’s change:

The Entry Moment (05/13/2024) must be between 05/15/2024 3:00:00 AM and 05/31/2024 3:00:00 AM. However, 05/13/2024 is before 05/15/2024 3:00:00 AM, so this condition is not met.

The Effective Date (04/30/2024) must be between 05/15/2024 (Last Successful Effective Date) and 05/31/2024 (Effective Date). Since 04/30/2024 is before 05/15/2024, this condition is also not met.

In Run #2, the Entry Moment (05/13/2024) precedes the Last Successful As of Entry Moment (05/15/2024 3:00:00 AM), meaning the change was entered before the starting point of this run’s detection window. Additionally, the Effective Date (04/30/2024) is well before the Last Successful Effective Date (05/15/2024). Both filters exclude Brian’s change from Run #2.

Conclusion

Run #1: Excluded because the effective date (04/30/2024) is before the Last Successful Effective Date (05/01/2024).

Run #2: Excluded because the entry moment (05/13/2024) is before the Last Successful As of Entry Moment (05/15/2024 3:00:00 AM) and the effective date (04/30/2024) is before the Last Successful Effective Date (05/15/2024).

Brian Hill’s change would have been processed in an earlier run (prior to May 1, 2024) if the integration was running incrementally before Run #1, as its effective date (04/30/2024) predates both runs’ baselines. Given the parameters provided, neither Run #1 nor Run #2 captures this change, making D. Brian Hill will be excluded from both integration runs the correct answer.

Workday Pro Integrations Study Guide References

Workday Integrations Study Guide: Core Connector: Worker – Section on " Incremental Processing " explains how changes are filtered based on entry moments and effective dates relative to the last successful run.

Workday Integrations Study Guide: Launch Parameters – Details how " Last Successful As of Entry Moment " and " Last Successful Effective Date " define the starting point for detecting new changes, excluding prior transactions.

Workday Integrations Study Guide: Change Detection – Notes that changes with effective dates before the last successful effective date are assumed processed in earlier runs and are skipped in incremental mode.

Overview

For an outbound Enterprise Interface Builder (EIB) in Workday, the option that uses a Workday-delivered transformation to output a format other than Workday XML is Alternate Output Format. This allows you to select formats like CSV, which Workday handles without needing custom coding.

How It Works

When setting up an outbound EIB, you can use a custom report as the data source. By choosing an alternate output format, such as CSV, Workday automatically transforms the data into that format. This is surprising because it simplifies the process, requiring no additional user effort for transformation.

Why Not the Others?

XSL Attachment Transformation (B): This requires you to provide your own XSL file, making it a custom transformation, not delivered by Workday.

Custom Transformation (C): This is clearly user-defined, not Workday-delivered.

Custom Report Transformation (D): This also involves user customization, typically through XSL, and isn ' t a pre-built Workday option.

Comprehensive Analysis

This section provides a detailed examination of Workday ' s Enterprise Interface Builder (EIB) transformation options, focusing on outbound integrations and the specific question of identifying the option that uses a Workday-delivered transformation to output a format other than Workday XML. We will explore the functionality, configuration, and implications of each option, ensuring a thorough understanding based on available documentation and resources.

Understanding Workday EIB and Outbound Integrations

Workday EIB is a no-code, graphical interface tool designed for both inbound and outbound integrations, facilitating the exchange of data between Workday and external systems. For outbound EIBs, the process involves extracting data from Workday (typically via a custom report) and delivering it to an external endpoint, such as via SFTP, email, or other protocols. The integration process consists of three key steps: Get Data, Transform, and Deliver.

Get Data: Specifies the data source, often a Workday custom report, which must be web service-enabled for EIB use.

Transform: Optionally transforms the data into a format suitable for the external system, using various transformation types.

Deliver: Defines the method and destination for sending the transformed data.

The question focuses on the Transform step, seeking an option that uses a Workday-delivered transformation to output a format other than Workday XML, which is typically the default format for Workday data exchanges.

Analyzing the Options

Let ' s evaluate each option provided in the question to determine which fits the criteria:

Alternate Output Format (A)

Description: This option is available when configuring the Get Data step, specifically when using a custom report as the data source. It allows selecting an alternate output format, such as CSV, Excel, or other supported formats, instead of the default Workday XML.

Functionality: When selected, Workday handles the transformation of the report data into the chosen format. For example, setting the alternate output format to CSV means the EIB will deliver a CSV file, and this transformation is performed by Workday without requiring the user to define additional transformation logic.

Workday-Delivered: Yes, as the transformation to the alternate format (e.g., CSV) is part of Workday ' s report generation capabilities, not requiring custom coding or user-provided files.

Output Format Other Than Workday XML: Yes, formats like CSV are distinct from Workday XML, fulfilling the requirement.

From resources like Workday HCM features | Workday EIB, it ' s noted that custom reports can use CSV as an alternate output format, and this is managed by Workday, supporting our conclusion.

XSL Attachment Transformation (B)

Description: This involves attaching an XSL (Extensible Stylesheet Language) file to the EIB for transforming the data, typically from XML to another format like CSV or a custom structure.

Functionality: The user must create or provide the XSL file, which defines how the data is transformed. This is used in the Transform step to manipulate the XML output from the Get Data step.

Workday-Delivered: No, as the XSL file is custom-created by the user. Resources like r/workday on Reddit: EIB xslt Transformation discuss users working on XSL transformations, indicating they are user-defined, not pre-built by Workday.

Output Format Other Than Workday XML: Yes, it can output formats like CSV, but it ' s not Workday-delivered, so it doesn ' t meet the criteria.

Custom Transformation (C)

Description: This option allows users to define their own transformation logic, often through scripting or other custom methods, to convert the data into the desired format.

Functionality: It is a user-defined transformation, typically used for complex scenarios where standard options are insufficient.

Workday-Delivered: No, as it explicitly states " custom, " meaning it ' s not provided by Workday.

Output Format Other Than Workday XML: Yes, it can output various formats, but again, it ' s not Workday-delivered, so it doesn ' t fit.

Custom Report Transformation (D)

Description: This might refer to transformations specifically related to custom reports, potentially involving user-defined logic to manipulate the report data.

Functionality: From resources like Spark Databox - using custom report transformation, it involves using custom XSL transformations, indicating user involvement. It seems to be a subset of custom transformations, focusing on report data.

Workday-Delivered: No, as it involves custom XSL, which is user-provided, not pre-built by Workday.

Output Format Other Than Workday XML: Yes, it can output formats like pipe-delimited files, but it ' s not Workday-delivered, so it doesn ' t meet the criteria.

This question addresses a troubleshooting scenario in Workday Pro Integrations, where a calculated field used as a field override in a Connector does not appear in the output, despite having a value. Let’s analyze the potential causes and evaluate each option.

Understanding Calculated Fields and Connectors in Workday

Calculated Fields: In Workday, calculated fields are custom fields created using Workday’s expression language to derive values based on other fields, conditions, or functions. They are often used in reports, integrations, and business processes to transform or aggregate data. Calculated fields can reference other fields (data sources) and require appropriate security permissions to access those underlying fields.

Field Override in Connectors: In a Core Connector or other integration system, a field override allows you to replace or supplement a default field with a custom value, such as a calculated field. This is configured in the integration’s mapping or transformation steps, ensuring the output includes the desired data. However, for the calculated field to appear in the output, it must be accessible, have a valid value, and be properly configured in the integration.

Issue: Calculated Field Not Appearing in Output: If the calculated field has a value but doesn’t appear in the Connector’s output, the issue likely relates to security, configuration, or access restrictions. The question assumes the field has a value, so we focus on permissions or setup errors rather than data issues.

Evaluating Each Option

Let’s assess each option based on Workday’s integration and security model:

Option A: Access not provided to calculated field data source.

Analysis: This is partially related but incorrect as the primary cause. Calculated fields often rely on underlying data sources (e.g., worker data, organization data) to compute their values. If access to the data source is restricted, the calculated field might not compute correctly or appear in the output. However, the question specifies the field has a value, implying the data source is accessible. The more specific issue is likely access to the individual fields within the calculated field’s expression, not just the broader data source.

Why It Doesn’t Fit: While data source access is important, it’s too general here. The calculated field’s value exists, suggesting the data source is accessible, but the problem lies in finer-grained permissions for the fields used in the calculation.

Option B: Access not provided to all fields in the calculated field.

Analysis: This is correct. Calculated fields in Workday are expressions that reference one or more fields (e.g., Worker_ID + Position_Title). For the calculated field to be used in a Connector’s output, the ISU (via its ISSG) must have access to all fields referenced in the calculation. If any field lacks " Get " or " View " permission in the relevant domain (e.g., Worker Data), the calculated field won’t appear in the output, even if it has a value. This is a common security issue in integrations, as ISSGs must be configured with domain access for every field involved.

Why It Fits: Workday’s security model requires granular permissions. For example, if a calculated field combines Worker_Name and Hire_Date, the ISU needs access to both fields’ domains. If Hire_Date is restricted, the calculated field fails to output, even with a value. This aligns with the scenario and is a frequent troubleshooting point in Workday Pro Integrations.

Option C: Access not provided to Connector calculated field web service.

Analysis: This is incorrect. There isn’t a specific " Connector calculated field web service " in Workday. Calculated fields are part of the integration’s configuration, not a separate web service. The web service operation used by the Connector (e.g., Get_Workers) must have permissions, but this relates to the overall integration, not the calculated field specifically. The issue here is field-level access, not a web service restriction.

Why It Doesn’t Fit: This option misinterprets Workday’s architecture. Calculated fields are configured within the integration, not as standalone web services, making this irrelevant to the problem.

Option D: Access not provided to all instances of calculated field.

Analysis: This is incorrect. The concept of " instances " typically applies to data records (e.g., all worker records), not calculated fields themselves. Calculated fields are expressions, not data instances, so there’s no need for " instance-level " access. The issue is about field-level permissions within the calculated field’s expression, not instances of the field. This option misunderstands Workday’s security model for calculated fields.

Why It Doesn’t Fit: Calculated fields don’t have " instances " requiring separate access; they depend on the fields they reference, making this option inaccurate.

Final Verification

The correct answer is Option B, as the calculated field’s absence in the output is likely due to the ISU lacking access to all fields referenced in the calculated field’s expression. For example, if the calculated field in a Core Connector: Worker Data combines Worker_ID and Department_Name, the ISSG must have " Get " access to both the Worker Data and Organization Data domains. If Department_Name is restricted, the calculated field won’t output, even with a value. This is a common security configuration issue in Workday integrations, addressed by reviewing and adjusting ISSG domain permissions.

This aligns with Workday’s security model, where granular permissions are required for all data elements, as seen in Questions 26 and 28. The assumption that the field has a value rules out data or configuration errors, focusing on security as the cause.

Supporting Documentation

The reasoning is based on:

Workday Community documentation on calculated fields, security domains, and integration mappings.

Tutorials on configuring Connectors and troubleshooting, such as Workday Advanced Studio Tutorial, highlighting field access issues.

Integration security guides from partners (e.g., NetIQ, Microsoft Learn, Reco.ai) detailing ISSG permissions for fields in calculated expressions.

Community discussions on Reddit and Workday forums on calculated field troubleshooting (r/workday on Reddit).

The scenario describes a Core Connector: Worker integration configured to output specific fields (Position Title and Business Title) for workers who meet the Integration Population Eligibility criteria (Is Manager = true) and where the Transaction Log service is subscribed to the " Position Edit Event. " The integration is launched with specific date parameters, and a test edit is made to Jared Ellis’ position, who is a manager. However, despite the edit being completed with an effective date of 05/24/2024 and an entry moment of 05/24/2024 07:58:53 AM, Jared does not appear in the output. Let’s analyze why and determine the correct configuration element to modify.

In Workday integrations, the Core Connector: Worker uses change detection mechanisms to identify and process updates based on the Transaction Log and date launch parameters. The Transaction Log service captures events such as the " Position Edit Event " and records them with an Effective Date (when the change takes effect) and an Entry Moment (when the change was entered into the system). The integration’s date launch parameters define the time window for which changes are retrieved:

As of Entry Moment: 05/25/2024 12:00:00 AM – This specifies the latest point in time for when changes were entered into Workday.

Effective Date: 05/25/2024 – This defines the date for which the changes are effective.

Last Successful As of Entry Moment: 05/23/2024 12:00:00 AM – This indicates the starting point for entry moments from the last successful run.

Last Successful Effective Date: 05/23/2024 – This indicates the starting point for effective dates from the last successful run.

For an incremental run (like this one, since " Last Successful " parameters are provided), Workday processes changes where the Entry Moment falls between the Last Successful As of Entry Moment (05/23/2024 12:00:00 AM) and the As of Entry Moment (05/25/2024 12:00:00 AM), and where the Effective Date falls between the Last Successful Effective Date (05/23/2024) and the Effective Date (05/25/2024).

Now, let’s evaluate Jared Ellis’ edit:

Entry Moment: 05/24/2024 07:58:53 AM – This falls within the range of 05/23/2024 12:00:00 AM to 05/25/2024 12:00:00 AM.

Effective Date: 05/24/2024 – This falls within the range of 05/23/2024 to 05/25/2024.

At first glance, Jared’s edit seems to fit the date parameter window. However, the issue lies in the time component of the date launch parameters. Workday interprets these parameters with precision down to the second. The As of Entry Moment is set to 05/25/2024 12:00:00 AM (midnight), which is the very start of May 25, 2024. Jared’s Entry Moment of 05/24/2024 07:58:53 AM is correctly within the range from 05/23/2024 12:00:00 AM to 05/25/2024 12:00:00 AM. However, the Transaction Log subscription to " Position Edit Event " relies on the change being fully processed and available in the log by the time the integration runs.

The integration might have run at a point where the effective date window or the subscription logic did not correctly capture the event due to a mismatch in how the Effective Date is evaluated against the Last Successful Effective Date. Specifically, if the integration only processes changes with an Effective Date strictly after the Last Successful Effective Date (05/23/2024) up to the Effective Date (05/25/2024), and the logic excludes changes effective exactly on 05/24/2024 due to a boundary condition or a timing issue in the transaction log, Jared’s change might not be picked up.

To resolve this, modifying the Date launch parameters is necessary. Adjusting the As of Entry Moment to a later time (e.g., 05/25/2024 11:59:59 PM) or ensuring the Effective Date range explicitly includes all changes effective on or after 05/23/2024 through 05/25/2024 would ensure Jared’s edit is captured. This adjustment aligns the time window to include all relevant transactions logged before the integration run.

Let’s evaluate the other options:

A. Integration Population Eligibility: This is set to " Is Manager = true, " and Jared is a manager. This filter is working correctly and does not need modification.

B. Integration Field Attributes: These are configured to output Position Title and Business Title, and the edit was to the Job Profile (part of Position Data). The fields are appropriately configured, so this is not the issue.

D. Transaction Log Subscription: The subscription is set to " Position Edit Event, " which matches Jared’s edit. The subscription type is correct, so no change is needed here.

Thus, the issue stems from the date launch parameters not fully encompassing the timing of Jared’s edit in the Transaction Log, making C. Date launch parameters the correct answer.

Workday Pro Integrations Study Guide References

Workday Integrations Study Guide: Core Connector: Worker – Section on " Change Detection Using Transaction Log " explains how Transaction Log subscriptions filter events based on date parameters.

Workday Integrations Study Guide: Launch Parameters – Details the role of " As of Entry Moment " and " Effective Date " in defining the scope of incremental runs.

Workday Integrations Study Guide: Incremental Processing – Describes how " Last Successful " parameters establish the baseline for detecting changes in subsequent runs.

This question involves configuring an outbound connector using the Core Connector: Job Postings template in Workday Pro Integrations. We need to meet two specific vendor requirements:

Map worker subtype values according to the provided table (e.g., Seasonal (Fixed) = " S " , Regular = " R " , Contractor = " C " , Consultant = " C " , and any other value = " U " ).

Format the output file name as " CC_Job_Postings_dd-mm-yy_#.xml " , where:

" dd " is the current day at runtime,

" mm " is the current month at runtime,

" yy " is the last two digits of the current year at runtime,

" # " is the current value of the sequencer at runtime.

Let’s break down the requirements and evaluate each option to determine the correct configuration steps.

Understanding the Requirements

1. Worker Subtype Mapping

The vendor provides a table for worker subtype values:

Internal Seasonal (Fixed) maps to " S "

Internal Regular maps to " R "

Internal Contractor maps to " C "

Internal Consultant maps to " C "

Any other value should be assigned " U "

In Workday, worker subtypes are typically part of the worker data, and for integrations, we use integration mappings to transform these values into the format required by the vendor. The integration mapping allows us to define how internal Workday values (e.g., worker subtypes) map to external values (e.g., " S " , " R " , " C " , " U " ). If no specific mapping exists for a value, we need to set a default value of " U " for any unmatched subtypes, as specified.

This mapping is configured in the integration system’s " Integration Mapping " or " Field Mapping " settings, depending on the template. For the Core Connector: Job Postings, we typically use the " Integration Mapping " feature to handle data transformations, including setting default values for unmapped data.

2. Output File Name Format

The vendor requires the output file to be named " CC_Job_Postings_dd-mm-yy_#.xml " , where:

" CC_Job_Postings " is a static prefix,

" dd-mm-yy " represents the current date at runtime (day, month, last two digits of the year),

" # " is the current value from a sequence generator (sequencer) at runtime.

In Workday, file names for integrations are configured in the " File Utility " or " File Output " settings of the integration. To achieve this format:

The date portion ( " dd-mm-yy " ) can be dynamically generated using Workday’s date functions or runtime variables, often configured in the File Utility’s " Filename " field with a " Determine Value at Runtime " setting.

The sequence number ( " # " ) requires a sequence generator, which is enabled and configured to provide a unique incrementing number for each file. Workday uses the " Sequence Generator " feature for this purpose, typically accessed via the " Create ID Definition / Sequence Generator " task.

The Core Connector: Job Postings template supports these configurations, allowing us to set filename patterns in the integration’s setup.

Evaluating Each Option

Let’s analyze each option step by step, ensuring alignment with Workday Pro Integrations best practices and the vendor’s requirements.

Option A:

• Enable the Sequence Generator Field Attribute

• Configure the Sequence Generator

• Configure the Worker Sub Type Integration Mapping leaving the default value blank

Analysis:

Sequence Generator Configuration: Enabling the " Sequence Generator Field Attribute " and configuring the sequence generator is partially correct for the file name’s " # " (sequencer) requirement. However, " Sequence Generator Field Attribute " is not a standard term in Workday; it might refer to enabling a sequence generator in a field mapping, but this is unclear and likely incorrect. Sequence generators are typically enabled as an " Integration Service " or configured in the File Utility, not as a field attribute.

Worker Subtype Mapping: Configuring the worker subtype integration mapping but leaving the default value blank is problematic. The vendor requires any unmapped value to be " U, " so leaving it blank would result in missing or null values, failing to meet the requirement.

Date in Filename: This option doesn’t mention configuring the date ( " dd-mm-yy " ) in the filename, which is critical for the " CC_Job_Postings_dd-mm-yy_#.xml " format.

Conclusion: This option is incomplete and incorrect because it doesn’t address the default " U " for unmapped subtypes and lacks date configuration for the filename.

Option B:

• Enable the Integration Mapping Field Attribute

• Configure the Worker Sub Type Integration Mapping leaving the default value blank

• Configure the Sequence Generator

Analysis:

Sequence Generator Configuration: Configuring the sequence generator addresses the " # " (sequencer) in the filename, which is correct for the file name requirement.

Worker Subtype Mapping: Similar to Option A, leaving the default value blank for the worker subtype mapping fails to meet the vendor’s requirement for " U " as the default for unmapped values. This would result in errors or null outputs, which is unacceptable.

Date in Filename: Like Option A, there’s no mention of configuring the date ( " dd-mm-yy " ) in the filename, making this incomplete for the full file name format.

Integration Mapping Field Attribute: This term is ambiguous. Workday uses " Integration Mapping " or " Field Mapping " for data transformations, but " Field Attribute " isn’t standard for enabling mappings. This suggests a misunderstanding of Workday’s configuration.

Conclusion: This option is incomplete and incorrect due to the missing default " U " for worker subtypes and lack of date configuration for the filename.

Option C:

• Enable the Integration Mapping Integration Service

• Configure the Worker Sub Type Integration Mapping and include a default value of " U "

• Configure the Sequence Generator

Analysis:

Sequence Generator Configuration: Configuring the sequence generator is correct for the " # " (sequencer) in the filename, addressing part of the file name requirement.

Worker Subtype Mapping: Including a default value of " U " for the worker subtype mapping aligns perfectly with the vendor’s requirement for any unmapped value to be " U. " This is a strong point.

Date in Filename: This option doesn’t mention configuring the date ( " dd-mm-yy " ) in the filename, which is essential for the " CC_Job_Postings_dd-mm-yy_#.xml " format. Without this, the file name requirement isn’t fully met.

Integration Mapping Integration Service: Enabling the " Integration Mapping Integration Service " is vague. Workday doesn’t use this exact term; instead, integration mappings are part of the integration setup, not a separate service. This phrasing suggests confusion or misalignment with Workday terminology.

Conclusion: This option is partially correct (worker subtype mapping) but incomplete due to the missing date configuration for the filename and unclear terminology.

Option D:

• Enable the Sequence Generator Integration Service

• Configure the Sequence Generator

• Configure the Worker Sub Type Integration Mapping and include a default value of " U "

Analysis:

Sequence Generator Configuration: Enabling the " Sequence Generator Integration Service " and configuring the sequence generator addresses the " # " (sequencer) in the filename. While " Sequence Generator Integration Service " isn’t a standard term, it likely refers to enabling and configuring the sequence generator functionality, which is correct. In Workday, this is done via the " Create ID Definition / Sequence Generator " task and linked in the File Utility.

Worker Subtype Mapping: Configuring the worker subtype integration mapping with a default value of " U " meets the vendor’s requirement for any unmapped value, ensuring " S, " " R, " " C, " or " U " is output as specified in the table. This is accurate and aligns with Workday’s integration mapping capabilities.

Date in Filename: Although not explicitly mentioned in the steps, Workday’s Core Connector: Job Postings template and File Utility allow configuring the filename pattern, including dynamic date values ( " dd-mm-yy " ). The filename " CC_Job_Postings_dd-mm-yy_#.xml " can be set in the File Utility’s " Filename " field with " Determine Value at Runtime, " using date functions and the sequence generator. This is a standard practice and implied in the configuration, making this option complete.

Conclusion: This option fully addresses both requirements: worker subtype mapping with " U " as the default and the file name format using the sequence generator and date. The terminology ( " Sequence Generator Integration Service " ) is slightly non-standard but interpretable as enabling/configuring the sequence generator, which is correct in context.

Final Verification

To confirm, let’s summarize the steps for Option D and ensure alignment with Workday Pro Integrations:

Enable the Sequence Generator Integration Service: This likely means enabling and configuring the sequence generator via the " Create ID Definition / Sequence Generator " task, then linking it to the File Utility for the " # " in the filename.

Configure the Sequence Generator: Set up the sequence generator to provide incremental numbers, ensuring each file has a unique " # " value.

Configure the Worker Sub Type Integration Mapping with a default value of " U " : Use the integration mapping to map Internal Seasonal (Fixed) to " S, " Regular to " R, " Contractor to " C, " Consultant to " C, " and set " U " as the default for any other value. This is done in the integration’s mapping configuration.

Filename Configuration (Implied): In the File Utility, set the filename to " CC_Job_Postings_dd-mm-yy_#.xml, " where " dd-mm-yy " uses Workday’s date functions (e.g., %d-%m-%y) and " # " links to the sequence generator.

This matches Workday’s documentation and practices for the Core Connector: Job Postings template, ensuring both requirements are met.

Why Not the Other Options?

Options A and B fail because they leave the default worker subtype value blank, not meeting the " U " requirement.

Option C fails due to missing date configuration for the filename and unclear terminology ( " Integration Mapping Integration Service " ).

Option D is the only one that fully addresses both the worker subtype mapping (with " U " default) and implies the filename configuration, even if the date setup isn’t explicitly listed (it’s standard in Workday).

Supporting Documentation

The reasoning is based on Workday Pro Integrations best practices, including:

Workday Tutorial: Activity Creating Unique Filenames from EIB-Out Integrations – Details on using sequence generators for filenames.

Workday Tutorial: EIB Features – Explains integration mappings and default values.

Get_Sequence_Generators Operation Details – Workday API documentation on sequence generators.

Workday Advanced Studio Tutorial – Covers Core Connector templates and file name configurations.

r/workday Reddit Post: How to Create a New Sequence Generator for Filename for EIB – Community insights on sequence generators.

In Workday integrations, the Extension for Transformation and Validation (ETV) framework is used within XSLT transformations to apply validation and formatting rules to XML data, such as the output from a Core Connector (e.g., Positions integration). In this scenario, you need to perform an XSLT transformation on the Core Connector: Positions XML output file to display a hyperlink for positions that are not available for hiring as an entry in the Message tab. This requires configuring ETV attributes to ensure the data is present and correctly targeted for the hyperlink.

Here’s why option B is correct:

Requirement Analysis: The requirement specifies showing a hyperlink for positions " not available for hiring. " In the provided XML, the ps:Available_For_Hire field under ps:Position_Data indicates whether a position is available for hire (e.g., < ps:Available_For_Hire > true < /ps:Available_For_Hire > ). For positions where this is false, you need to create a message (hyperlink) in the Message tab, which typically requires linking to a Workday ID (WID) or other identifier.

ETV Attributes:

etv:required= " true " : This ensures that the ps:WID value under ps:Additional_Information is mandatory for the transformation. If the WID is missing, the transformation will fail or generate an error, ensuring that the hyperlink can be created only for valid positions with an associated WID.

etv:target= " [ps:Additional_Information/ps:WID] " : This specifies that the target of the transformation (e.g., the hyperlink) should be the WID value found at ps:Additional_Information/ps:WID in the XML. This WID can be used to construct a hyperlink to the position in Workday, meeting the requirement to show a hyperlink for positions not available for hiring.

Context in XML: The XML shows ps:Additional_Information containing ps:WID (e.g., < ps:WID > 73bd4d8562e04b1820f55818467905b < /ps:WID > ), which is a unique identifier for the position. By targeting this WID with etv:target, you ensure the hyperlink points to the correct position record in Workday when ps:Available_For_Hire is false.

Why not the other options?

A.

etv:minLength= " 0 "

etv:targetWID= " [ps:Additional_Information/ps:WID] "

etv:minLength= " 0 " allows the WID to be empty or have zero length, which contradicts the need for a valid WID to create a hyperlink. It does not ensure the data is present, making it unsuitable. Additionally, etv:targetWID is not a standard ETV attribute; the correct attribute is etv:target, making this option incorrect.

C.

etv:minLength= " 0 "

etv:target= " [ps:Additional_Information/ps:WID] "

Similar to option A, etv:minLength= " 0 " allows the WID to be empty, which does not meet the requirement for a mandatory WID to create a hyperlink. This makes it incorrect, as the hyperlink would fail if the WID is missing.

D.

etv:required= " true "

etv:targetWID= " [ps:Additional_Information/ps:WID] "

While etv:required= " true " ensures the WID is present, etv:targetWID is not a standard ETV attribute. The correct attribute is etv:target, making this option syntactically incorrect and unsuitable for the transformation.

To implement this in XSLT for a Workday integration:

Use the ETV attributes from option B (etv:required= " true " and etv:target= " [ps:Additional_Information/ps:WID] " ) within your XSLT template to validate and target the ps:WID for positions where ps:Available_For_Hire is false. This ensures the transformation generates a valid hyperlink in the Message tab, linking to the position’s WID in Workday.

Workday Pro Integrations Study Guide: Section on " ETV in XSLT Transformations " – Details the use of ETV attributes like required and target for validating and targeting data in Workday XML, including handling identifiers like WID for hyperlinks.

Workday Core Connector and EIB Guide: Chapter on " XML Transformations " – Explains how to use ETV attributes in XSLT to process position data, including creating messages or hyperlinks based on conditions like Available_For_Hire.

Workday Integration System Fundamentals: Section on " ETV for Message Generation " – Covers applying ETV attributes to generate hyperlinks in the Message tab, ensuring data integrity and correct targeting of Workday identifiers like WID.

Understanding ISUs and Integration Systems in Workday

Integration System User (ISU): An ISU is a specialized user account in Workday designed for integrations, functioning as a service account to authenticate and execute integration processes. ISUs are created using the " Create Integration System User " task and are typically configured with settings like disabling UI sessions and setting long session timeouts (e.g., 0 minutes) to prevent expiration during automated processes. ISUs are not human users but are instead programmatic accounts used for API calls, EIBs, Core Connectors, or other integration mechanisms.

Integration Systems: In Workday, an " integration system " refers to the configuration or setup of an integration, such as an External Integration Business (EIB), Core Connector, or custom integration via web services. Integration systems are defined to handle data exchange between Workday and external systems, and they require authentication, often via an ISU, to execute tasks like data retrieval, transformation, or posting.

Assigning ISUs to Integration Systems: ISUs are used to authenticate and authorize integration systems to interact with Workday. When configuring an integration system, you assign an ISU to provide the credentials needed for the integration to run. This assignment ensures that the integration can access Workday data and functionalities based on the security permissions granted to the ISU via its associated Integration System Security Group (ISSG).

Limitation on Assignment: Workday’s security model imposes restrictions to maintain control and auditability. Specifically, an ISU is designed to be tied to a single integration system to ensure clear accountability, prevent conflicts, and simplify security management. This limitation prevents an ISU from being reused across multiple unrelated integration systems, reducing the risk of unintended access or data leakage.

Evaluating Each Option

Let’s assess each option based on Workday’s integration and security practices:

Option A: An ISU can be assigned to five integration systems.

Analysis: This is incorrect. Workday does not impose a specific numerical limit like " five " for ISU assignments to integration systems. Instead, the limitation is more restrictive: an ISU is typically assigned to only one integration system to ensure focused security and accountability. Allowing an ISU to serve multiple systems could lead to confusion, overlapping permissions, or security risks, which Workday’s design avoids.

Why It Doesn’t Fit: There’s no documentation or standard practice in Workday Pro Integrations suggesting a limit of five integration systems per ISU. This option is arbitrary and inconsistent with Workday’s security model.

Option B: An ISU can be assigned to an unlimited number of integration systems.

Analysis: This is incorrect. Workday’s security best practices do not allow an ISU to be assigned to an unlimited number of integration systems. Allowing this would create security vulnerabilities, as an ISU’s permissions (via its ISSG) could be applied across multiple unrelated systems, potentially leading to unauthorized access or data conflicts. Workday enforces a one-to-one or tightly controlled relationship to maintain auditability and security.

Why It Doesn’t Fit: The principle of least privilege and clear accountability in Workday integrations requires limiting an ISU’s scope, not allowing unlimited assignments.

Option C: An ISU can be assigned to only one integration system.

Analysis: This is correct. In Workday, an ISU is typically assigned to a single integration system to ensure that its credentials and permissions are tightly scoped. This aligns with Workday’s security model, where ISUs are created for specific integration purposes (e.g., an EIB, Core Connector, or web service integration). When configuring an integration system, you specify the ISU in the integration setup (e.g., under " Integration System Attributes " or " Authentication " settings), and it is not reused across multiple systems to prevent conflicts or unintended access. This limitation ensures traceability and security, as the ISU’s actions can be audited within the context of that single integration.

Why It Fits: Workday documentation and best practices, including training materials and community forums, emphasize that ISUs are dedicated to specific integrations. For example, when creating an EIB or Core Connector, you assign an ISU, and it is not shared across other integrations unless explicitly reconfigured, which is rare and discouraged for security reasons.

Option D: An ISU can only be assigned to an ISSG and not an integration system.

Analysis: This is incorrect. While ISUs are indeed assigned to ISSGs to inherit security permissions (as established in Question 26), they are also assigned to integration systems to provide authentication and authorization for executing integration tasks. The ISU’s role includes both: it belongs to an ISSG for permissions and is linked to an integration system for execution. Saying it can only be assigned to an ISSG and not an integration system misrepresents Workday’s design, as ISUs are explicitly configured in integration systems (e.g., EIB, Core Connector) to run processes.

Why It Doesn’t Fit: ISUs are integral to integration systems, providing credentials for API calls or data exchange. Excluding assignment to integration systems contradicts Workday’s integration framework.

Final Verification

The correct answer is Option C, as Workday limits an ISU to a single integration system to ensure security, accountability, and clarity in integration operations. This aligns with the principle of least privilege, where ISUs are scoped narrowly to avoid overexposure. For example, when setting up a Core Connector: Job Postings (as in Question 25), you assign an ISU specifically for that integration, not multiple ones, unless reconfiguring for a different purpose, which is atypical.

Supporting Documentation

The reasoning is based on Workday Pro Integrations security practices, including:

Workday Community documentation on creating and managing ISUs and integration systems.

Tutorials on configuring EIBs, Core Connectors, and web services, which show assigning ISUs to specific integrations (e.g., Workday Advanced Studio Tutorial).

Integration security overviews from implementation partners (e.g., NetIQ, Microsoft Learn, Reco.ai) emphasizing one ISU per integration for security.

Community discussions on Reddit and Workday forums reinforcing that ISUs are tied to single integrations for auditability (r/workday on Reddit).

This question focuses on the purpose of granting an Integration System User (ISU) modify access to the Integration Event domain via an Integration System Security Group (ISSG) in Workday Pro Integrations. Let’s analyze the role of the ISU, the Integration Event domain, and evaluate each option to determine the correct answer.

Understanding ISUs, ISSGs, and the Integration Event Domain

Integration System User (ISU): As described in previous questions, an ISU is a service account for integrations, used to authenticate and execute integration processes in Workday. ISUs are assigned to ISSGs to inherit security permissions and are linked to specific integration systems (e.g., EIBs, Core Connectors) for execution.

Integration System Security Group (ISSG): An ISSG is a security group that defines the permissions for ISUs, controlling what data and functionalities they can access or modify. ISSGs can be unconstrained (access all instances) or constrained (access specific instances based on context). Permissions are granted via domain security policies, such as " Get, " " Put, " " View, " or " Modify, " applied to Workday domains.

Integration Event Domain: In Workday, the Integration Event domain (or Integration Events security domain) governs access to integration-related activities, such as managing integration events, schedules, attributes, mappings, and logs. This domain is critical for integrations, as it controls the ability to create, modify, or view integration configurations and runtime events.

" Modify " access to the Integration Event domain allows the ISU to make changes to integration configurations, such as attributes (e.g., file names, endpoints), mappings (e.g., data transformations), and event settings (e.g., schedules or triggers).

This domain does not typically grant UI access or ownership of schedules but focuses on configuration and runtime control.

Purpose of Granting Modify Access: Granting an ISU modify access to the Integration Event domain via an ISSG enables the ISU to perform configuration tasks for integrations, ensuring the integration system can adapt or update its settings programmatically. This is essential for automated integrations that need to adjust mappings, attributes, or event triggers without manual intervention. However, ISUs are not designed for UI interaction or administrative ownership, as they are service accounts.

Evaluating Each Option

Let’s assess each option based on Workday’s security and integration model:

Option A: To have the ISU own the integration schedule.

Analysis: This is incorrect. ISUs do not " own " integration schedules or any other integration components. Ownership is not a concept applicable to ISUs, which are service accounts for execution, not administrative entities. Integration schedules are configured within the integration system (e.g., EIB or Core Connector) and managed by administrators or users with appropriate security roles, not by ISUs. Modify access to the Integration Event domain allows changes to schedules, but it doesn’t imply ownership.

Why It Doesn’t Fit: ISUs lack administrative control or ownership; they execute based on permissions, not manage schedules as owners. This misinterprets the ISU’s role.

Option B: To let the ISU configure integration attributes and maps.

Analysis: This is correct. Granting modify access to the Integration Event domain allows the ISU to alter integration configurations, including attributes (e.g., file names, endpoints, timeouts) and mappings (e.g., data transformations like worker subtype mappings from Question 25). The Integration Event domain governs these configuration elements, and " Modify " permission enables the ISU to update them programmatically during integration execution. This is a standard use case for ISUs in automated integrations, ensuring flexibility without manual intervention.

Why It Fits: Workday’s documentation and training materials indicate that the Integration Event domain controls integration configuration tasks. For example, in an EIB or Core Connector, an ISU with modify access can adjust mappings or attributes, as seen in tutorials on integration setup (Workday Advanced Studio Tutorial). This aligns with the ISU’s role as a service account for dynamic configuration.

Option C: To log into the user interface as the ISU and launch the integration.

Analysis: This is incorrect. ISUs are not intended for UI interaction. When creating an ISU, a best practice is to disable UI sessions (e.g., set " Allow UI Sessions " to " No " ) and configure a session timeout of 0 minutes to prevent expiration during automation. ISUs operate programmatically via APIs or integration systems, not through the Workday UI. Modify access to the Integration Event domain enables configuration changes, not UI login or manual launching.

Why It Doesn’t Fit: Logging into the UI contradicts ISU design, as they are service accounts, not user accounts. This option misrepresents their purpose.

Option D: To build the integration system as the ISU.

Analysis: This is incorrect. ISUs do not " build " integration systems; they execute or configure existing integrations based on permissions. Building an integration system (e.g., creating EIBs, Core Connectors, or web services) is an administrative task performed by users with appropriate security roles (e.g., Integration Build domain access), not ISUs. Modify access to the Integration Event domain allows configuration changes, not the creation or design of integration systems.

Why It Doesn’t Fit: ISUs lack the authority or capability to build integrations; they are for runtime execution and configuration, not development or design.

Final Verification

The correct answer is Option B, as granting an ISU modify access to the Integration Event domain via an ISSG enables it to configure integration attributes (e.g., file names, endpoints) and maps (e.g., data transformations), which are critical for dynamic integration operations. This aligns with Workday’s security model, where ISUs handle automated tasks within defined permissions, not UI interaction, ownership, or system building.

For example, in the Core Connector: Job Postings from Question 25, an ISU with modify access to Integration Event could update the filename pattern or worker subtype mappings, ensuring the integration adapts to vendor requirements without manual intervention. This is consistent with Workday’s design for integration automation.

Supporting Documentation

The reasoning is based on Workday Pro Integrations security practices, including:

Workday Community documentation on ISUs, ISSGs, and domain security (e.g., Integration Event domain permissions).

Tutorials on configuring EIBs and Core Connectors, showing ISUs modifying attributes and mappings (Workday Advanced Studio Tutorial).

Integration security overviews from implementation partners (e.g., NetIQ, Microsoft Learn, Reco.ai) detailing domain access for ISUs.

Community discussions on Reddit and Workday forums reinforcing ISU roles for configuration, not UI or ownership (r/workday on Reddit).

Let’s break this down:

Effective Date of salary change: May 10, 2024

Entry Moment (data entry timestamp): May 13, 2024, 2:00 PM

Integration Run As of Entry Moment: May 11, 2024, 2:00 PM

Salary data was entered AFTER this moment (May 13 vs May 11)

So based on Workday’s Change Detection logic:

A worker is included in the integration output only if the transaction was entered into Workday after the last successful entry moment, and the effective date is on or after the “Last Successful Effective Date”.

In this case:

Entry was made after the last As-of Entry Moment (May 13 > May 11)

Effective date (May 10) is after the last successful effective date (May 9)

Both conditions are met, so Brian Hill will be included, and the new salary of $90,000.00 will be reflected in the output.

Why other options are incorrect:

A. The effective date is valid.

B. $60,000 would be outdated.

C. Entry moment is after the As-of date, so not excluded.

To surface a Calculated Field in a Core Connector: Worker (CCW) outbound, you use an Integration Field Override to substitute the connector’s default source with your calculated value. An integration map (Option A) is intended to translate or normalize code values (for example, mapping internal Worker Type codes to the vendor’s codes), not to replace the source of a field. Integration attributes (Option D) and integration field attributes (Option C) manage connector behavior and attributes, but they do not replace a field’s data source with a calculated field. Therefore, the correct method to “pull” a calculated field into the CCW output is an Integration Field Override (Option B).

Why the other elements in the scenario matter (and how they’re handled) — with exact extracts from your materials:

Mapping Worker Type to external codes → Integration Maps (supports, but not the asked action):Your deployment guides call out maintaining and using Integration System Maps for code translations. This is exactly where you’d map “Worker Type” to the external system’s codes, but it is not how you inject a calculated field into the payload.

“Maintenance of Integration System Maps”

“WORKDAY SETUP – NON STATIC MAPS” and “WORKDAY SETUP – STATIC MAPS” (table of contents for configuration of maps)

Filename requires timestamp/sequence number → Sequence Generator (supports the scenario):Your Time Tracking/PECI deployment guide explicitly includes a Sequence Generator configuration that’s used with certified connectors to build compliant, unique file names (often with timestamps and/or sequence numbers) before delivery.

“3.6 Sequence Generator” (configuration item for certified integrations used in file naming)

Transformation before delivery → Standard integration flow (transform then deliver):The same deployment materials describe document/file delivery mechanics (for example, SFTP), which occur after the integration produces/transforms the document. This supports the scenario requirement that transformation happens prior to transmission.

“4. FILE DELIVERY SERVICE … 4.4 SFTP Configuration” (document delivery occurs after the integration generates/transforms the output)

Security posture for integrations (context):For outbound/system users and secure delivery, the Workday Authentication & Security guide documents integration-appropriate authentication (e.g., X.509) and general integration security steps — relevant background for productionizing CCW but not directly affecting how to bring a calculated field into the payload.

“X509 Recommended for web services users and integrations that use an integration system user account.”

Putting it all together for the scenario:

Use Integration Field Override to point the CCW field to your Calculated Field for UPN → (Correct answer: B).

Use Integration Maps to translate Worker Type to the vendor’s codes (supports the mapping requirement).

Configure filename rules via Sequence Generator to include timestamp and sequence in the produced file name (supports the file-naming requirement).

Ensure the document transformation runs as part of the integration generation step and then deliver via SFTP (file delivery service).

References (Workday Pro: Integrations-aligned materials):

GPC_PECI_TimeTracking_DeploymentGuide_CloudPay.pdf — Sections “3.6 Sequence Generator” and “4. File Delivery Service” (delivery occurs after file generation/transform).

GPC_PECI_DeploymentGuide_CloudPay_2.9.pdf — Map configuration sections (“WORKDAY SETUP – NON STATIC MAPS”, “WORKDAY SETUP – STATIC MAPS”).

GPC_PECI_UserGuide_CloudPay_2.1.1.pdf — “Maintenance of Integration System Maps.”

Admin-Guide-Authentication-and-Security.pdf — Integration security notes, including X.509 recommendation for integrations.

In Workday, for an Integration System User (ISU) to be selectable as a Custom Report Owner, the security group the ISU belongs to must have Modify access to custom reports.

From Workday’s security configuration principle:

An ISU does not appear as a valid report owner unless its security group has Modify permission in the Report/Task Permissions section of the Custom Report Creation domain security policy.

This is because report ownership requires write‑level access over custom report objects.

Therefore, you must update the Report/Task Permissions table to include the ISSG with Modify access.

Options B, C, and D are incorrect because View or Get/Put do not provide report ownership capabilities.

In Workday integrations, XSLT (Extensible Stylesheet Language Transformations) is commonly used to transform XML data, such as the output from an Enterprise Interface Builder (EIB) or a web service-enabled report, into a format suitable for third-party systems. In this scenario, you are tasked with writing XSLT to process the wd:Dependents_Group elements within a report output to iterate only over those where the dependent relationship is " Child. " The correct XPath syntax for the select attribute of an < xsl:apply-templates > element is critical to ensure accurate data transformation.

Here’s why option B is correct:

XPath Syntax Explanation: In XPath, square brackets [ ] are used to specify predicates or conditions to filter elements. The condition wd:Relationship= ' Child ' checks if the wd:Relationship element (or attribute, depending on the XML structure) has the value " Child. " When applied to wd:Dependents_Group, the expression wd:Dependents_Group[wd:Relationship= ' Child ' ] selects only those wd:Dependents_Group elements that contain a wd:Relationship child element with the value " Child. "

Context in XSLT: Within an < xsl:apply-templates > element, the select attribute uses XPath to specify which nodes to process. This syntax ensures that the template only applies to wd:Dependents_Group elements where the dependent is a child, aligning with the requirement to conditionally process only those specific dependents.

XML Structure Alignment: Based on the provided XML snippet, wd:Dependents_Group likely contains child elements or attributes, including wd:Relationship. The correct XPath assumes wd:Relationship is an element (not an attribute), as is common in Workday XML structures. Therefore, wd:Dependents_Group[wd:Relationship= ' Child ' ] is the appropriate syntax to filter and iterate over the desired elements.

Why not the other options?

A. wd:Dependents_Group[@wd:Relationship= ' Child ' ]: This syntax uses @ to indicate that wd:Relationship is an attribute of wd:Dependents_Group, not an element. If wd:Relationship is not defined as an attribute in the XML (as is typical in Workday’s XML structure, where it’s often an element), this would result in no matches, making it incorrect.

C. wd:Dependents_Group/wd:Relationship= ' Child ' : This is not a valid XPath expression for a predicate. It attempts to navigate to wd:Relationship as a child but does not use square brackets [ ] to create a filtering condition. This would be interpreted as selecting wd:Relationship elements under wd:Dependents_Group, but it wouldn’t filter based on the value " Child " correctly within an < xsl:apply-templates > context.

D. wd:Dependents_Group/@wd:Relationship= ' Child ' : Similar to option A, this assumes wd:Relationship is an attribute, which may not match the XML structure. Additionally, it lacks the predicate structure [ ], making it invalid for filtering in this context.

To implement this in XSLT:

You would write an < xsl:apply-templates > element within your template matching wd:Report_Entry, with the select attribute set to wd:Dependents_Group[wd:Relationship= ' Child ' ]. This ensures that only wd:Dependents_Group elements with a wd:Relationship value of " Child " are processed by the corresponding templates, effectively filtering out other dependent relationships (e.g., Spouse, Parent) in the transformation.

This approach ensures the XSLT transformation aligns with Workday’s XML structure and integration requirements for processing worker data and dependents in an EIB or web service-enabled report.

Workday Pro Integrations Study Guide: Section on " XSLT Transformations for Workday Integrations " – Details the use of XPath in XSLT for filtering XML elements, including predicates for conditional processing.

Workday EIB and Web Services Guide: Chapter on " XML and XSLT for Report Data " – Explains the structure of Workday XML (e.g., wd:Dependents_Group, wd:Relationship) and how to use XPath to navigate and filter data.

Workday Reporting and Analytics Guide: Section on " Web Service-Enabled Reports " – Covers integrating report outputs with XSLT for transformations, including examples of filtering elements based on values.

In this scenario, a calculated field (Phone Allowance Type) is available and validated in the tenant, but it does not appear in the Core Connector: Worker output. The integration is configured with DIS enabled, and the expected behavior is for all specified worker data — including name, address, and calculated fields — to be included in the output file.

The correct action is to enable the field from the Configure Integration Field Attributes step.

From Workday Pro: Integrations materials:

“In order for a calculated field to be included in a Core Connector output, it must be explicitly located and selected from within the Configure Integration Field Attributes task. This step determines what fields are extracted in the integration output — including any standard or calculated fields available in the object model.”

Even though the field exists and is functional, it must be manually located within the relevant section (e.g., Worker Data > Compensation or Worker Details), and marked to include in the output.

Incorrect Options Explained:

A. Configure Integration Field Overrides: This is used to change or override output formatting but does not control field visibility.

B. Configure Integration Maps: Used for mapping values or converting code sets, not for selecting fields for output.

C. Create a Custom Field Override service: This is not necessary for simply adding a calculated field; the existing field can be enabled via attributes configuration.

In the context of a stylesheet, particularly within Workday ' s Document Transformation system where XSLT (Extensible Stylesheet Language Transformations) is commonly used, a namespace serves a critical role in defining the scope and identity of elements and attributes. The correct answer, as aligned with Workday’s integration practices and standard XSLT principles, is that a namespace " provides elements you can use in your code. " Here’s a detailed explanation:

Definition and Purpose of a Namespace:

A namespace in an XML-based stylesheet (like XSLT) is a mechanism to avoid naming conflicts by grouping elements and attributes under a unique identifier, typically a URI (Uniform Resource Identifier). This allows different vocabularies or schemas to coexist within the same document or transformation process without ambiguity.

In XSLT, namespaces are declared in the stylesheet using the xmlns attribute (e.g., xmlns:xsl= " http://www.w3.org/1999/XSL/Transform " for XSLT itself). These declarations define the set of elements and functions available for use in the stylesheet, such as < xsl:template > , < xsl:value-of > , or < xsl:for-each > .

For example, when transforming Workday data (which uses its own XML schema), a namespace might be defined to reference Workday-specific elements, enabling the stylesheet to correctly identify and manipulate those elements.

Application in Workday Context:

In Workday’s Document Transformation integrations, namespaces are essential when processing XML data from Workday (e.g., Core Connector outputs) or external systems. The namespace ensures that the XSLT processor recognizes the correct elements from the source XML and applies the transformation rules appropriately.

Without a namespace, the processor might misinterpret elements with the same name but different meanings (e.g., < name > in one schema vs. another). By providing a namespace, the stylesheet gains access to a specific vocabulary of elements and attributes, enabling precise coding of transformation logic.

Why Other Options Are Incorrect:

B. Indicates the start and end tag names to output: This is incorrect because namespaces do not dictate the structure (start and end tags) of the output. That is determined by the XSLT template rules and output instructions (e.g., < xsl:output > or literal result elements). Namespaces only define the identity of elements, not their placement or formatting in the output.

C. Restricts the data the processor can access: While namespaces help distinguish between different sets of elements, they do not inherently restrict data access. Restrictions are more a function of security settings or XPath expressions within the stylesheet, not the namespace itself.

D. Controls the filename of the transformed result: Namespaces have no bearing on the filename of the output. In Workday, the filename of a transformed result is typically managed by the Integration Attachment Service or delivery settings (e.g., SFTP or email configurations), not the stylesheet’s namespace.

Practical Example:

Suppose you’re transforming a Workday XML file containing employee data into a custom format. The stylesheet might include:

< xsl:stylesheet version= " 1.0 " xmlns:xsl= " http://www.w3.org/1999/XSL/Transform " xmlns:wd= " http://www.workday.com/ns " >

< xsl:template match= " wd:Employee " >

< EmployeeName > < xsl:value-of select= " wd:Name " / > < /EmployeeName >

< /xsl:template >

< /xsl:stylesheet >

Here, the wd namespace provides access to Workday-specific elements like < wd:Employee > and < wd:Name > , which the XSLT processor can then use to extract and transform data.

Workday Pro Integrations Study Guide References:

Workday Integration System Fundamentals: Explains XML and XSLT basics, including the role of namespaces in identifying elements within stylesheets.

Document Transformation Module: Highlights how namespaces are used in XSLT to process Workday XML data, emphasizing their role in providing a vocabulary for transformation logic (e.g., " Understanding XSLT Namespaces " ).

Core Connectors and Document Transformation Course Manual: Includes examples of XSLT stylesheets where namespaces are declared to handle Workday-specific schemas, reinforcing that they provide usable elements.

Workday Community Documentation: Notes that namespaces are critical for ensuring compatibility between Workday’s XML output and external system requirements in transformation scenarios.

In Workday integrations, XSLT is used to transform XML data, such as the output from a web service-enabled report or EIB, into a desired format for third-party systems. In this scenario, you need to write XSLT to process wd:Education_Group elements within a template matching wd:Report_Entry, using an < xsl:apply-templates > element to iterate only over wd:Education_Group elements where the wd:Degree is " MBA. " The correct XPath syntax for the select attribute is critical to ensure accurate filtering.

Here’s why option A is correct:

XPath Syntax Explanation: In XPath, square brackets [ ] are used to specify predicates or conditions to filter elements. The condition wd:Degree= ' MBA ' checks if the wd:Degree child element has the value " MBA. " When applied to wd:Education_Group, the expression wd:Education_Group[wd:Degree= ' MBA ' ] selects only those wd:Education_Group elements that contain a wd:Degree child element with the value " MBA. "

Context in XSLT: Within an < xsl:apply-templates > element in a template matching wd:Report_Entry, the select attribute uses XPath to specify which nodes to process. This syntax ensures that the template only applies to wd:Education_Group elements where the degree is " MBA, " aligning with the requirement to conditionally process only those specific education groups.

XML Structure Alignment: Based on the provided XML snippet, wd:Education_Group contains wd:Education and wd:Degree child elements (e.g., < wd:Degree > MBA < /wd:Degree > ). The XPath wd:Education_Group[wd:Degree= ' MBA ' ] correctly navigates to wd:Education_Group and filters based on the wd:Degree value, matching the structure and requirement.

Why not the other options?

B. wd:Education_Group/wd:Degree= ' MBA ' : This is not a valid XPath expression for a predicate. It attempts to navigate to wd:Degree as a child but does not use square brackets [ ] to create a filtering condition. This would be interpreted as selecting wd:Degree elements under wd:Education_Group, but it wouldn’t filter based on the value " MBA " correctly within an < xsl:apply-templates > context.

C. wd:Report_Entry/wd:Education_Group/wd:Degree= ' MBA ' 1:Degree= ' MBA ' : This is syntactically incorrect and unclear. It includes a malformed condition (1:Degree= ' MBA ' ) and does not use proper XPath predicate syntax. It fails to filter wd:Education_Group elements based on wd:Degree= ' MBA ' and is not valid for use in select.

D. wd:Report_Entry/wd:Education_Group[wd:Degree= ' MBA ' 1:Degree= ' MBA ' ]: This is also syntactically incorrect due to the inclusion of 1:Degree= ' MBA ' within the predicate. The 1: prefix is not valid XPath syntax and introduces an error. The correct predicate should only be wd:Degree= ' MBA ' to filter the wd:Education_Group elements.

To implement this in XSLT:

Within your template matching wd:Report_Entry, you would write an < xsl:apply-templates > element with the select attribute set to wd:Education_Group[wd:Degree= ' MBA ' ]. This ensures that only wd:Education_Group elements with a wd:Degree value of " MBA " are processed by the corresponding templates, effectively filtering out other degrees (e.g., B.S., B.A.) in the transformation.

This approach ensures the XSLT transformation aligns with Workday’s XML structure and integration requirements for processing education data in a report output.

Workday Pro Integrations Study Guide: Section on " XSLT Transformations for Workday Integrations " – Details the use of XPath in XSLT for filtering XML elements, including predicates for conditional processing based on child element values.

Workday EIB and Web Services Guide: Chapter on " XML and XSLT for Report Data " – Explains the structure of Workday XML (e.g., wd:Education_Group, wd:Degree) and how to use XPath to navigate and filter data.

Workday Reporting and Analytics Guide: Section on " Web Service-Enabled Reports " – Covers integrating report outputs with XSLT for transformations, including examples of filtering elements based on specific values like degree types.

In Workday, after configuring an Integration System User (ISU) and an Integration System Security Group (ISSG) with the appropriate security policies and assigning them to an Enterprise Interface Builder (EIB) integration, there is a critical step required before the EIB can be launched successfully. This step ensures that all security configurations and permissions assigned to the ISSG take effect in the Workday tenant. Let’s analyze the question and evaluate each option systematically to determine the correct task, ensuring the answer aligns with Workday’s documented processes and the Workday Pro Integrations Study Guide.

Context of the Scenario

You’ve completed the following:

Created an ISU and configured it (e.g., with " Do Not Allow UI Sessions " checked for web service-only access).

Set up an ISSG and assigned the ISU to it.

Defined the necessary security policies (e.g., domain security policies with " Get " and/or " Put " access) for the ISSG to support the EIB’s operations.

Assigned the ISU and ISSG to the EIB integration system.

The question now is what must be done before launching the EIB to ensure it functions as intended. In Workday, changes to security policies—such as adding permissions to an ISSG—do not take effect immediately. They remain in a " pending " state until activated, which is a key aspect of Workday’s security administration process.

Evaluation of Options

Option A: Activate Pending Security Policy ChangesIn Workday, whenever you modify security policies (e.g., granting domain permissions like " Integration Build " or " Custom Report Creation " to an ISSG), these changes are staged as " pending. " To apply them to the tenant and make them active, you must run the " Activate Pending Security Policy Changes " task. This task reviews all pending security updates, allows you to add a comment for audit purposes, and, upon confirmation, activates the changes. Without this step, the ISSG will not have the effective permissions required for the EIB to access data or execute its operations, potentially causing the launch to fail due to insufficient authorization. This aligns directly with the scenario, as security policies have been configured and assigned, but not yet activated.

Option B: View Security for Securable ItemThe " View Security for Securable Item " report is a diagnostic tool in Workday that allows you to inspect the security configuration for a specific object (e.g., a web service operation, report, or task). It shows which security groups have access and what permissions (e.g., " Get, " " Put, " " View, " " Modify " ) are granted. While this is useful for verifying that the ISSG has the correct policies assigned, it is a passive report—it does not modify or activate anything. Running this task would not enable the EIB to launch, as it doesn’t affect the pending security changes. Thus, it’s not the required step before launching the EIB.

Option C: Assign the ISSG to only one security policyThis option suggests limiting the ISSG to a single security policy, but this is neither a standard Workday requirement nor a task that exists as a standalone action. ISSGs can and often do have multiple security policies assigned (e.g., permissions for various domains like " Integration Build, " " Custom Report Access, " etc.), depending on the integration’s needs. Moreover, the question states that the ISSG has already been configured with the " correct security policies " and assigned to the EIB, implying this step is complete. Restricting the ISSG to one policy after the fact would require editing permissions again, triggering more pending changes, and still necessitate activation—making this option illogical and incorrect.

Option D: Maintain Integration Security PoliciesThere is no specific task in Workday called " Maintain Integration Security Policies. " This option seems to be a misnomer or a conflation of other tasks, such as " Maintain Domain Permissions for Security Group " (used to assign permissions to an ISSG) or broader security maintenance activities. However, the question indicates that the security policies are already correctly configured and assigned. If this option intended to imply further configuration, it would still result in pending changes requiring activation via Option A. As a standalone action, it does not represent a valid or necessary task to enable the EIB launch.

Why Option A is Correct

The " Activate Pending Security Policy Changes " task is a mandatory step in Workday’s security workflow after modifying security policies, such as those assigned to an ISSG for an EIB. Workday’s security model uses a pending changes queue to ensure that updates are reviewed and deliberately applied, maintaining control and auditability. Without activating these changes:

The ISSG will lack the effective permissions needed for the EIB to access required domains or perform its operations (e.g., retrieving data from a custom report or delivering a file).

The EIB launch could fail with errors like " Insufficient Privileges " or " Access Denied. "

Running this task ensures that the security configuration is live, allowing the ISU (via the ISSG) to authenticate and execute the EIB successfully. This is a standard practice in Workday integration setup, as emphasized in the Workday Pro Integrations curriculum.

Practical Steps to Perform Option A

Log into the Workday tenant with a security administrator role.

Search for and select the " Activate Pending Security Policy Changes " task.

Review the list of pending changes (e.g., new permissions added to the ISSG).

Enter a comment (e.g., " Activating security for EIB launch – ISSG permissions " ).

Check the " Confirm " box and click " OK " to activate the changes.

Once completed, the security policies are live, and the EIB can be launched.

Verification with Workday Documentation

The Workday Pro Integrations Study Guide and related training materials confirm that activating pending security policy changes is a prerequisite after configuring security for integrations. This step ensures that all permissions are in effect, enabling the ISU and ISSG to support the EIB’s functionality. Community resources and implementation guides also consistently highlight this task as the final step before launching integrations that rely on updated security settings.

Workday Pro Integrations Study Guide References

Section: Integration Security Configuration – Explains the process of assigning security policies to ISSGs and the need to activate changes to operationalize them.

Section: Enterprise Interface Builder (EIB) – Notes that security updates for EIBs must be activated before launching to ensure proper access.

Section: Security Administration – Details the " Activate Pending Security Policy Changes " task as the mechanism to apply pending security modifications across the tenant.