Workday Pro HCM Core Exam - Topic 1 Question 10 Discussion

In Workday HCM, business process security controls which security groups can participate in specific steps within a business process definition. Each step type---such as approval, review, or To Do---requires explicit permission for a security group to be eligible for selection. If a security group does not appear as an option when configuring a review step, it means the group has not been granted permission to act on that type of step.

To resolve this issue, you must update Who Can Do Action Steps in the Business Process. This section of the business process security policy defines which security groups are authorized to perform step-level actions, including review, approve, or to-do actions. Once the appropriate security group is added here and the changes are activated, the group becomes available for selection on the review step.

The other options do not address this requirement. Policy Restrictions control conditional logic and constraints, not step eligibility. Who Can Start the Business Process governs initiation permissions only and does not affect step assignment. Who Can Do Actions on Entire Business Process grants high-level actions such as cancel or rescind but does not authorize participation in individual steps like reviews.

From a Workday Pro HCM best-practice perspective, configuring Who Can Do Action Steps in the Business Process ensures precise control over step participation while maintaining separation of duties. After updating this section, administrators must remember to run Activate Pending Security Policy Changes for the update to take effect.

Therefore, the correct and Workday-verified answer is Who Can Do Action Steps in the Business Process.