แก้ไข

แชร์ผ่าน


Configure auditing

Microsoft Dataverse auditing uses settings in the Organization table and definitions of individual tables and columns to determine what kind of audit history data to capture. Anyone can view the configuration, but you must have the System Administrator or System Customizer role to change the settings. Changes made to the audit configuration are included in the audit history.

Configure organization settings

Four properties in the Organization table control how auditing is enabled for an environment. The organization table contains a single row. The organizationid column is the primary key. Query the row directly to get the key value, or execute the WhoAmI message and take the value of the WhoAmIResponse.OrganizationId property.

The following table describes the organization table columns that control auditing behavior.

Schema Name
Logical Name
Display Name
Type Description
IsAuditEnabled
isauditenabled
Is Auditing Enabled
Boolean Whether auditing is enabled for the environment
AuditRetentionPeriodV2
auditretentionperiodv2
Audit Retention Period Settings
Integer The number of days to retain audit log records
The default value is 30. Valid values are between 1 and 365,000 days (~1,000 years). If the value is set to -1, the records are retained forever.
Administrator's guide: Start/stop auditing and set retention policy
IsUserAccessAuditEnabled
isuseraccessauditenabled
Is User Access Auditing Enabled
Boolean Whether user access logging is enabled
Auditing for the environment must be enabled for user access logging to be enabled.
UserAccessAuditingInterval
useraccessauditinginterval
User Authentication Auditing Interval
Integer How often user access is logged, in hours
The default value is 4.

Retrieve organization settings

Use the following queries to retrieve your organization settings.

Request:

GET [Organization URI]/api/data/v9.2/organizations?$select=
isauditenabled,
auditretentionperiodv2,
isuseraccessauditenabled,
useraccessauditinginterval HTTP/1.1

Accept: application/json  
OData-MaxVersion: 4.0  
OData-Version: 4.0
If-None-Match: null

Response:

HTTP/1.1 200 OK

{
    "@odata.context": "[Organization URI]/api/data/v9.2/$metadata#organizations(isauditenabled,auditretentionperiodv2,isuseraccessauditenabled,useraccessauditinginterval)",
    "value": [
        {
            "@odata.etag": "W/\"67404512\"",
            "isauditenabled": true,
            "auditretentionperiodv2": 30,
            "isuseraccessauditenabled": true,
            "useraccessauditinginterval": 4,
            "organizationid": "<organizationid value>"
        }
    ]
}

Learn more about:

Change organization settings

Change the column values in the organization table to change how auditing works for the environment. You must have the System Administrator or System Customizer role to change these settings.

You can use Web API or Dataverse SDK for .NET to change your organization settings:

Configure tables and columns

When auditing is enabled for the organization, any tables that are enabled for auditing write audit data for all columns that are enabled for auditing. The primary control is at the organization and then the table level.

Tables and columns each have a managed property named IsAuditEnabled that controls whether they're enabled for auditing.

Item Web API SDK for .NET
Table EntityMetadata.IsAuditEnabled EntityMetadata.IsAuditEnabled Property
Column AttributeMetadata.IsAuditEnabled AttributeMetadata.IsAuditEnabled Property

The IsAuditEnabled property is a managed property that's defined by the following types:

Web API SDK for .NET
BooleanManagedProperty ComplexType BooleanManagedProperty Class

A BooleanManagedProperty has two important properties:

Property Description
Value Determines whether the setting is enabled.
CanBeChanged Determines whether the Value setting can be changed after the table or column is included in a managed solution.

The publisher of a managed solution that adds a table may prevent people who install the solution from enabling auditing. Some Dataverse system tables can't be enabled or disabled for auditing because the CanBeChanged property is set to false. Learn more about managed properties.

Note

The IsAuditEnabled property is exposed in the designer as a simple boolean property with the label Audit changes to its data for tables or Enable auditing for columns. The CanBeChanged property can only be read or set programmatically.

Detect which tables are enabled for auditing

Query the table definitions and look at the IsAuditEnabled property to determine which tables support auditing and which ones can be changed.

This query returns the Logicalname for all public tables that are enabled for auditing.

Request:

GET [Organization URI]/api/data/v9.2/EntityDefinitions?$select=
LogicalName,
IsAuditEnabled
&$filter=IsAuditEnabled/Value eq true 
and IsPrivate eq false

Accept: application/json  
OData-MaxVersion: 4.0  
OData-Version: 4.0
If-None-Match: null

Response:

{
    "@odata.context": "[Organization URI]/api/data/v9.2/$metadata#EntityDefinitions(LogicalName,IsAuditEnabled)",
    "value": [
        {
            "LogicalName": "account",
            "MetadataId": "70816501-edb9-4740-a16c-6a5efbc05d84",
            "IsAuditEnabled": {
                "Value": true,
                "CanBeChanged": true,
                "ManagedPropertyLogicalName": "canmodifyauditsettings"
            }
        },
    < list truncated for brevity >
    ]
}

Learn more about:

Detect which columns are enabled for auditing

Query the column definitions and look at the IsAuditEnabled property to determine which columns support auditing and which ones can be changed.

Request:

GET [Organization URI]/api/data/v9.0/EntityDefinitions(LogicalName='account')/Attributes?$select=
LogicalName,
IsAuditEnabled
&$filter=IsAuditEnabled/Value eq true

Accept: application/json  
OData-MaxVersion: 4.0  
OData-Version: 4.0
If-None-Match: null

Response:

{
    "@odata.context": "[Organization URI]/api/data/v9.2/$metadata#EntityDefinitions('account')/Attributes(LogicalName,IsAuditEnabled)",
    "value": [
        {
            "@odata.type": "#Microsoft.Dynamics.CRM.StringAttributeMetadata",
            "LogicalName": "emailaddress3",
            "MetadataId": "97fb4aae-ea5d-427f-9b2b-9a6b9754286e",
            "IsAuditEnabled": {
                "Value": true,
                "CanBeChanged": true,
                "ManagedPropertyLogicalName": "canmodifyauditsettings"
            }
        },
    < list truncated for brevity >
    ]
}

Learn more about: Query table definitions using the Web API

Enable or disable tables and columns for auditing

To change which tables and columns support auditing, update their IsAuditEnabled.Value property.

Tables

API Property More information
Web API EntityMetadata.IsAuditEnabled.Value Update table definitions
SDK for .NET EntityMetadata.IsAuditEnabled.Value Retrieve and update a table

Columns

API Property More information
Web API AttributeMetadata.IsAuditEnabled.Value Update a column
SDK for .NET AttributeMetadata.IsAuditEnabled.Value Update a column

Important

Changes don't take effect until you publish the table customizations.

Publish column changes

Use the PublishXml message to publish customizations for the table.

Request:

POST [Organization URI]/api/data/v9.2/PublishXml HTTP/1.1

Accept: application/json  
OData-MaxVersion: 4.0  
OData-Version: 4.0
If-None-Match: null

{
    "ParameterXml": "<importexportxml><entities><entity>account</entity></entities></importexportxml>"
}

Response:

HTTP/1.1 204 OK 

Learn more about:

Learn more about:

See also

Administrator's guide: Manage Dataverse auditing
Administrator's guide: System Settings Auditing tab
Auditing overview
Retrieve the history of audited data changes
Delete audit data