Personalized Community is here!
Quickly customize your community to find the content you seek.
Choose your path Increase your proficiency with the Dynamics 365 applications that you already use and learn more about the apps that interest you. Up your game with a learning path tailored to today's Dynamics 365 masterminds and designed to prepare you for industry-recognized Microsoft certifications.
Visit Microsoft Learn
2021 Release Wave 1Discover the latest updates and new features to Dynamics 365 planned April 2021 through September 2021.
Release overview guides and videos Release Plan | Preview 2021 Release Wave 1 Timeline
The FastTrack program is designed to help you accelerate your Dynamics 365 deployment with confidence.
FastTrack Program | Finance and Operations TechTalks | Customer Engagement TechTalks | Upcoming TechTalks | All TechTalks
One of our customers wants to avoid or at least detect when a certain entity's data is 'exported' to an external data storage.
So there are straight up 2 ways to do this, either via Excel Export or via OData/Soap/WebAPI.
In all cases it will trigger the RetrieveMultiple message where you can see which entities are involved.
I'm the first to say that you shouldn't mess with the RetrieveMultiple (performance reasons), but the customer does insist.
Detecting a Excel Export is quite easy given the fact that the plugin context's parent context is specified which tells you it's an excel export.
This allows us to make a plugin (with some other setup entity) that adds some more granularity on the export to excel functionality, defining which entities can't be exported by some people and add some logging on who exported what when.
However differentiation a regular retrievemultiple coming from the CRM Website with a call via OData/Soap/WebAPI is another matter.
I tried to find a difference between them by debugging in an On Prem version, but could't see any difference.
Just to be sure, I launched the same query via advanced find, soap endpoint and finally via the WebAPI.
Does any of you had to deal with such a requirement and knows how to see the difference?
Created a custom control for similar requirement for my on premise customer: (for online there are options available in O365)
Summary: A fully configurable solution built on top of Dynamics CRM Framework which will intercept Retrieve and Retrieve All messages and logs the read audit details in a custom log entity. Solution will not only audit records accessed via user interface but also records accessed using SDK.
+Monitors CRM Form (single record), WebAPI, Entity Views, Advance Find, Subgrids, SDK calls: Records accessed by integration services
+Configured only on selectable entities
1. Performance will definitely be impacted however MS after our project review said that if business case is such were in there is no other option then its fine to implement. Specially after GDPR came into picture.
2. Where to log and what to log is a big decision which going forward may cause issues. It can be in CRM db or it can be outside CRM as well. Ideally it should be in crm.
3. Consider only logging audit for normal uses not the service accounts or admins. Otherwise audit will be having lots of garbage.
4. Prepare your component and optimize code for huge data load upfront otherwise later performance issues will popup.
5. As part of reiterative multiple request I am just logging one record (actual query) in audit and not the full set of records accessed by API call.
Hope this helps.
I know how to log but I want to have a distinction between retrievemultiple via UI and via SDK (WebAPI,OData,Soap).
Because data retrieval via the ui should not be logged, however all other data retrieval should be logged (or even blocked).
I tried this, however unfortunately using SDK there is no supported way of detecting if request is coming from UI or API request. Luckily in our case all integration scenarios requests were coming from service accounts. We placed those a/c in config and checked if its coming from these service accounts then log "API" else UI. I know its not a full proof solution however worked for us.
You have an interesting scenario, I would try the following and see if you get something Session ID or Activity ID for requests that come from UI
You could try and enable tracing with verbose level to log everything. Perform the same operation from UI and from API/SDK call
Copy the trace logs and compare using something like Beyond Compare
That's no good news, we can't check on service accounts because we want to prevent the users to extract data from CRM.
I compared quite a lot of properties between the 2 plugin context but couldn't find anything I'm afraid.
Trace logs is out of the question, it's an Online version
Business Applications communities