Analyzing Permission Changes Trace Telemetry

APPLIES TO: Business Central 2020 release wave 2, version 17.2, and later

Note

Azure Active Directory is now Microsoft Entra ID. Learn more

Permission changes telemetry gathers data about the following operations on permission sets:

  • A user-defined permission set was added or removed
  • A link between a user-defined permission set and system permission set was added or removed
  • A permission set was assigned to or removed from a user or user group
  • A permission set was changed by an app/extension

For information about managing permission sets, see Assign Permissions to Users and Groups.

User-defined permission set added

Occurs when a user-defined permission set is created.

General dimensions

Dimension Description or value
message User-defined permission set added: {alPermissionSetId}
severityLevel 1
user_Id The user telemetry ID for the user. From the user card, you can use user_Id to identify the user who triggered this telemetry event. For more information, see Assign a telemetry ID to users.

Custom dimensions

Dimension Description or value
eventId AL0000E2A
alNumberOfUserDefinedPermissionSets Specifies the total number of user-defined permission sets.
alPermissionSetId Specifies the ID assigned to the permission set.

Common custom dimensions

The following table explains additional custom dimensions that are common to all permission traces.

Dimension Description or value
aadTenantId Specifies the Microsoft Entra tenant ID used for Microsoft Entra authentication. For on-premises, if you aren't using Microsoft Entra authentication, this value is common.
alCategory AL PermissionSet
alDataClassification SystemMetadata
alObjectId 1351, which is the ID of the system application codeunit that subscribes to the telemetry events.
alObjectName Telemetry Subscribers, which is the name of the system application codeunit that subscribes to the telemetry events.
alObjectType CodeUnit
component Dynamics 365 Business Central Server.
componentVersion Specifies the version number of the component that emits telemetry (see the component dimension.)
environmentType Specifies the environment type for the tenant, such as Production, Sandbox, Trial. See Environment Types.
telemetrySchemaVersion Specifies the version of the Business Central telemetry schema.

User-defined permission set removed

Occurs when a user-defined permission set is deleted.

General dimensions

Dimension Description or value
message User-defined permission set removed: {alPermissionSetId}
severityLevel 1
user_Id The user telemetry ID for the user. From the user card, you can use user_Id to identify the user who triggered this telemetry event. For more information, see Assign a telemetry ID to users.

Custom dimensions

Dimension Description or value
eventId AL0000E2B
alNumberOfUserDefinedPermissionSets Specifies the total number of user-defined permission sets.
alPermissionSetId Specifies the ID of the permission set that was deleted.
See common custom dimensions

Permission set link added

Occurs when a user-defined permission set is created from a copy of a system permission set, and the Notify on Changed Permission Set option is selected. The Notify on Changed Permission Set option creates a link between the system permission set and the user-defined permission set.

General dimensions

Dimension Description or value
message Permission set link added: {alSourcePermissionSetId} -> {alLinkedPermissionSetId}
severityLevel 1
user_Id The user telemetry ID for the user. From the user card, you can use user_Id to identify the user who triggered this telemetry event. For more information, see Assign a telemetry ID to users.

Custom dimensions

Dimension Description or value
eventId AL0000E28
alSourcePermissionSetId Specifies the ID of the system permission set that was copied to create the user-defined permission set.
alLinkedPermissionSetId Specifies the ID of the user-defined permission that was created from a copy of the system permission set.
alNumberOfUserDefinedPermissionSetLinks Specifies the total number of user-defined permission sets that are linked to system permission sets.
See common custom dimensions

Permission set link removed

Occurs when a user-defined permission set, which is linked to a system permission set, is deleted.

General dimensions

Dimension Description or value
message Permission set link removed {alSourcePermissionSetId} -> {alLinkedPermissionSetId}
severityLevel 1
user_Id The user telemetry ID for the user. From the user card, you can use user_Id to identify the user who triggered this telemetry event. For more information, see Assign a telemetry ID to users.

Custom dimensions

Dimension Description or value
eventId AL0000E29
alSourcePermissionSetId Specifies the ID of the system permission set that the deleted user-defined permission set was linked to.
alLinkedPermissionSetId Specifies the ID of the deleted user-defined permission set.
alNumberOfUserDefinedPermissionSetLinks Specifies the total number of user-defined permission sets that are linked to system permission sets.
See common custom dimensions

Permission set assigned to user

Occurs when a permission set is assigned to a user.

General dimensions

Dimension Description or value
message Permission set assigned to user: {alPermissionSetId}
severityLevel 1
user_Id The user telemetry ID for the user. From the user card, you can use user_Id to identify the user who triggered this telemetry event. For more information, see Assign a telemetry ID to users.

Custom dimensions

Dimension Description or value
eventId AL0000E2C
alPermissionSetId Specifies the ID of the permission set that was assigned to a user.
See common custom dimensions

Permission set removed from user

Occurs when a permission set is removed from a user.

General dimensions

Dimension Description or value
message Permission set removed from user: {alPermissionSetId}
severityLevel 1
user_Id The user telemetry ID for the user. From the user card, you can use user_Id to identify the user who triggered this telemetry event. For more information, see Assign a telemetry ID to users.

Custom dimensions

Dimension Description or value
eventId AL0000E2D
alPermissionSetId Specifies the ID of the permission set that was removed from the user.
See common custom dimensions

Permission set assigned to user group

Occurs when a permission set is assigned to a user group.

General dimensions

Dimension Description or value
message Permission set assigned to user group: {alPermissionSetId}
severityLevel 1
user_Id The user telemetry ID for the user. From the user card, you can use user_Id to identify the user who triggered this telemetry event. For more information, see Assign a telemetry ID to users.

Custom dimensions

Dimension Description or value
eventId AL0000E2E
alPermissionSetId Specifies the ID of the permission set that was assigned to the user group.
alUserGroupId Specifies the ID of the user group that the permission set was assigned to.
See common custom dimensions

Permission set removed from user group

Occurs when a permission set is removed from a user.

General dimensions

Dimension Description or value
message Permission set removed from user group: {alPermissionSetId}
severityLevel 1
user_Id The user telemetry ID for the user. From the user card, you can use user_Id to identify the user who triggered this telemetry event. For more information, see Assign a telemetry ID to users.

Custom dimensions

Dimension Description or value
eventId AL0000E2F
alPermissionSetId Specifies the ID of the permission set that was removed from the user group.
alUserGroupId Specifies the ID of the user group that the permission set was removed from.
See common custom dimensions

Permission set changed by an extension.

Occurs when a permission set was changed by an app/extension at install/update time.

General dimensions

Dimension Description or value
message Permission set changed by an extension
severityLevel 1

Custom dimensions

Dimension Description or value
eventId LC0058
extensionName Specifies the name of the app/extension that changed the permission set.
extensionId Specifies the id of the app/extension that changed the permission set.
extensionVersion Specifies the version of the app/extension that changed the permission set.
extensionpublisher Specifies the publisher of the app/extension that changed the permission set.
permissionSetExtensionObjectId Specifies the object ID for the permission set extension that changed the permission set.
permissionSetExtensionObjectName Specifies the name of the object for the permission set extension that changed the permission set.
permissionSetId Specifies the ID of the permission set that was changed.
permissionSetName Specifies the name of the permission set that was changed.
See common custom dimensions

See also

Monitoring and Analyzing Telemetry
Enable Sending Telemetry to Application Insights