In Workday HCM, access to reports—whether standard or custom—is controlled by domain security permissions. Domain security governs what data a user can see or interact with, and different permission levels determine whether the user can only view data or also create, update, or retrieve it through integrations.
The Location Directory is a Workday-delivered standard report that displays location-related data, such as business sites, addresses, and associated attributes. Because this report is read-only and does not involve creating or updating data, the HR Auditor security group only needs View permission on the relevant Location domain to run the report successfully.
The View permission allows users to see data and run reports that reference that domain. It is the minimum permission required for reporting access and aligns with the typical responsibilities of an HR Auditor, whose role is to review and validate data rather than modify it.
The other permissions are not appropriate in this context. Modify and Put permissions would allow changes to location data, which exceeds auditor responsibilities and violates the principle of least privilege. Get permission is typically used for web services and integrations and does not apply to interactive report execution in the Workday user interface.
From a Workday Pro HCM security best-practice standpoint, assigning only View access ensures auditors can perform their oversight duties without risking unintended data changes. This approach supports compliance, audit integrity, and strong internal controls.
Therefore, the correct and Workday-verified domain permission required for an HR Auditor to run the Location Directory report is View.