Classifying Data in Dynamics NAV
Dynamics NAV includes development features for tagging business data with specific classifications. Specifically, this includes data that is stored in table fields of the database and telemetry data that is emitted from the application.
About Data Classification
Classifying data serves different purposes. It can make data easier and more efficient to locate and retrieve, and also help to add another layer of protection and security for handling private and sensitive data. It can supplement your process for making the application compliant with legislative and regulatory requirements for collecting, storing, and using personal information.
Note
You should consider the data classification features offered in Dynamics NAV as the first layer of classification - done by developers (Dynamics NAV and partners) on customizations, add-ons, and extensions. The second layer is the users and how they handle data they provide and that is made available to them.
What are the different data classifications?
The following table describes the different classifications that you can apply to data:
| Data classification | Description | Example |
|---|---|---|
| CustomerContent | Content directly provided/created by admins and users. |
|
| EndUserIdentifiableInformation | (EUII) Data that identifies or could be used to identify the user of a Microsoft service. EUII does not contain Customer content. |
|
| AccountData | Customer billing information and payment instrument information, including administrator contact information, such as tenant administrator’s name, address, or phone number. |
|
| EndUsePseudonymousIdentifiers | (EUPI) An identifier created by Microsoft tied to the user of a Microsoft service. When EUPI is combined with other information, such as a mapping table, it identifies the end user. EUPI does not contain information uploaded or created by the customer (Customer content or EUII) |
|
| OrganizationIdentifiableInformation | (OII) Data that can be used to identify a tenant, generally config or usage data. This data is not linkable to a user and does not contain Customer content. |
|
| SystemMetadata | Data generated while running the service or program that is not linkable to a user or tenant. |
|
Classifying data in tables and fields
Table objects and field controls include the DataClassification property that you can use to tag data with one of the classifications previously described.
Dynamics NAV operates with some standard rules for classification:
- When you add a new field to a table, the field is assigned an initial value of ToBeClassified.
- FlowField and FlowFilter fields are automatically set to the SystemMetadata data classification. This cannot be changed.
- Existing tables and fields (except for FlowFields and FlowFilters) in an application that has been upgraded from a Dynamics NAV version without the DataClassification property, will automatically be assigned the CustomerContent classification.
Important
Microsoft is providing this DataClassification property as a matter of convenience only. It's your responsibility to classify the data appropriately and comply with any laws and regulations that are applicable to you. Microsoft disclaims all responsibility towards any claims related to your classification of the data.
For more information about this property, see DataClassification Property in C/AL.
Data classification on upgrade
When you upgrade an application from a Dynamics NAV version that does not contain the DataClassification property, existing tables and fields (except for FlowFields and FlowFilters) will automatically be assigned the CustomerContent classification. You can then access the DataClassification property on these tables and fields, and change the classification as needed. FlowFields and FlowFilters will be assigned the SystemMetadata classification automatically.
Bulk-classifying data
The Field Data Classification report, which is described in the Viewing current field classifications section in this topic, provides an overview of the data classifications for fields. The report also lets you assign data classifications for more than one field. For example, this is useful if you are assigning classifications for the first time, or have changed several fields and want to update their classifications. You can bulk-edit classifications only for fields in CSIDE. The script does not update fields in extensions.
To bulk-edit classifications, export the report to Excel, update the classifications, and then save your changes. Then, in Windows PowerShell, run the following commands to run the Import-Module script and set the classifications on the fields.
To run the script from the default folder on the DVD, run:
Import-Module WindowsPowerShellScripts\DataClassification\DataClassification.psm1
To update the DataClassification property, run the following command. Replace <FilePath> with the full path to the client files. For example, C:\Program Files\Microsoft Dynamics NAV\110\RoleTailored Client.
Set-FieldDataClassificationFromExcelFile -ExcelFilePath "C:\NAV\W1 Fields (Main).xlsx" -SheetName 'Field Data Classification' -RTCFolder "<FilePath>" -DBName Navision_NAV2 -OutputFolder C:\Nav2\Classifications
Viewing current field classifications
To view the data classification on all fields, you can do one of the following:
- From Microsoft Dynamics NAV Development Environment, in the Tools menu, select Show Field Data Classification.
- From the client, search for and open the Field Data Classification page.
- Create a page that has the virtual table Field (ID 2000000041) as its source, and open the page in the client.
To view the data classification on all tables, create a page that has the virtual table Table Metadata (ID 2000000136) as its source, and open the page in the client.
See Also
How to: Create a Page to View a Virtual Table
Transparent Data Encryption (TDE)