Delete audit data
You may need to delete audit data because:
- You need to comply with a request from a customer to delete their history.
- You want to use less log capacity space.
Dataverse provides the following messages to delete audit history data:
Message | Description |
---|---|
DeleteRecordChangeHistory |
Deletes all the audit change history records for a particular record. |
BulkDelete |
Asynchronously deletes records identified by a query. This message can be used to delete large numbers of audit records without blocking other activities. |
DeleteAuditData |
For customers using customer managed encryption keys this message deletes all audit data records up until a specified end date. |
Note
You cannot directly delete records in the Auditing (Audit) table
Delete the change history for a record
Use the DeleteRecordChangeHistoryRequest
message to delete all the audit change history records for a particular record. This lets you delete the audit change history for a record instead of deleting all the audit records for a date range.
To delete the audit change history for a record, you must have the System Administrator security role or a security role with the prvDeleteRecordChangeHistory
privilege. More information: Example: Check whether a user has a privilege
DeleteRecordChangeHistoryRequest Message
Specify the record using the Target
parameter. The DeletedEntriesCount
property of the response tells you how many audit records were deleted.
The following example uses the DeleteRecordChangeHistoryRequest Action to delete the audited data changes for an account record.
Request
POST [Organization URI]/api/data/v9.2/DeleteRecordChangeHistory HTTP/1.1
Accept: application/json
OData-MaxVersion: 4.0
OData-Version: 4.0
If-None-Match: null
{
"Target": {
"@odata.type": "Microsoft.Dynamics.CRM.account",
"accountid": "611e7713-68d7-4622-b552-85060af450bc"
}
}
Response
HTTP/1.1 200 OK
OData-Version: 4.0
{
"@odata.context": "[Organization URI]/api/data/v9.2/$metadata#Microsoft.Dynamics.CRM.DeleteRecordChangeHistoryResponse",
"DeletedEntriesCount": 4
}
More information:
Use BulkDelete to delete audit data
You can delete audit records your organization no longer needs to retain to comply with internal and external auditing requirements using the BulkDelete
message. Deleting audit data using bulk delete will run in the background and allows you to define recurrence patterns, start time, and other parameters that help you to manage your bulk deletion jobs.
BulkDelete Message
The following example deletes audit records with an action value of 64 (User Access via Web) from the audit log. You can modify your bulk delete job according to your needs.
Request
POST [Organization URI]/api/data/v9.1/BulkDelete HTTP/1.1
Accept: application/json
OData-MaxVersion: 4.0
OData-Version: 4.0
{
"QuerySet": [
{
"EntityName": "audit",
"Criteria": {
"FilterOperator": "And",
"Conditions": [
{
"AttributeName": "action",
"Operator": "Equal",
"Values": [
{
"Type": "System.String",
"Value": "64"
}
]
}
],
"Filters": []
}
}
],
"JobName": "Bulk Delete of audit records with action = 64",
"SendEmailNotification": false,
"ToRecipients": [],
"CCRecipients": [],
"RecurrencePattern": "",
"StartDateTime": "2022-02-02T10:00:00.000Z"
}
Response
HTTP/1.1 200 OK
Content-Type: application/json; odata.metadata=minimal
OData-Version: 4.0
{
"@odata.context": "[Organization URI]/api/data/v9.0/$metadata#Microsoft.Dynamics.CRM.BulkDeleteResponse",
"JobId": "[Job Id]"
}
More information:
Delete the change history for a date range
If you use customer managed encryption keys you can delete audit
records for a date range using the DeleteAuditData
message. Audit data records are deleted sequentially from the oldest to the newest.
Note
Even if you are using customer managed encryption keys you should consider using Bulk Delete rather than DeleteAuditData
message. See Use BulkDelete to delete audit data
The DeleteAuditData
message will delete all audit data in those partitions where the end date is before the date specified in the EndDate
property. Any empty partitions are also deleted. However, neither the current (active) partition nor the audit
records in that active partition can be deleted by using this request or any other request.
New partitions are automatically created by the Dataverse platform on a quarterly basis each year. This functionality is non-configurable and cannot be changed. You can obtain the list of partitions using the RetrieveAuditPartitionList
message. If the end date of any partition is later than the current date, you cannot delete that partition or any audit
records in it.
See also
Auditing overview
Configure auditing
Retrieve the history of audited data changes
Administrators Guide: Recover database space by deleting audit logs
Feedback
Submit and view feedback for