In an aggregation security group, who receives the action step if an approval step is routed to the group?

In an aggregation security group, when an approval step is routed, it goes to the members who fall within the intersection of the included security groups. This means that only those members who are part of both the primary group and any other referenced groups have the authority to act on the approval step. This approach is designed to ensure that only qualified individuals, who meet multiple criteria set by the organization’s permissions and roles, have the ability to approve certain actions.

By using the intersection of included security groups, Workday provides a more tailored and controlled access model, which enhances security and compliance. It minimizes the risk of inappropriate approvals by restricting action to those who are specifically designated across multiple relevant roles or groups. This way, the approval process is both efficient and secure, ensuring that the right people are involved in decision-making.