Skip to main content

Monitoring User Permission Changes in Dynamics 365 Business Central

Jun Wang Profile Picture Jun Wang 3,580 Super User

Monitoring User Permission Changes in Dynamics 365 Business Central

In the evolving landscape of Dynamics 365 Business Central (BC), maintaining the security and integrity of user permissions is paramount. A question that frequently arises among administrators and IT professionals is how to set up alerts or notifications when the permission or permission set of a user changes. This capability is crucial for ensuring that users have the appropriate access levels and that any modifications to these permissions are closely monitored.
The need for such a feature stems from the requirement to be vigilant about the security settings within Dynamics 365 BC. For instance, if a user's permissions change, it's important for administrators to be notified. This ensures that all changes are intentional, authorized, and compliant with the organization's security policies.
To address this requirement, one can leverage the telemetry feature in Dynamics 365 BC. Telemetry gathers data about various operations on permission sets, including when a permission set is added, removed, or changed for a user or user group. This feature captures detailed events, such as:

- Addition or removal of a user-defined permission set.
- Changes in the linkage between user-defined and system permission sets.
- Assignments or removals of permission sets to/from a user or user group.
- Modifications to a permission set by an app/extension.

Although Dynamics 365 BC does not directly support setting up email notifications or in-application alerts for permission changes through the user interface, it is possible to monitor these events through external tools. By analyzing Azure Application Insights data, where BC sends telemetry data, administrators can look for specific events related to permission changes.
Implementing a notification system for these changes involves setting up an external process to monitor the telemetry data for relevant events, such as "Permission set assigned to user" or "Permission set removed from user." Based on this data, alerts can be configured within Azure Application Insights or another supported tool.
It's important to note that setting up and configuring telemetry, along with monitoring for permission change alerts, requires administrative access to both Dynamics 365 BC and Azure. This process may involve custom development or scripting to effectively parse the telemetry data and generate the desired notifications.

While Dynamics 365 Business Central offers robust capabilities for managing user permissions, the platform's telemetry feature provides a powerful tool for monitoring changes to these permissions. By leveraging external tools to analyze telemetry data, administrators can implement effective monitoring and alerting mechanisms. This ensures that any modifications to user permissions are tracked, authorized, and aligned with the organization's security requirements.

For more guidance, you could refer to the links below:
https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/administration/telemetry-permission-changes-trace
 
https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/administration/telemetry-overview
 
 

Comments