You’re offline. This is a read only version of the page.
655
Hi,
One of our customers wants to avoid or at least detect when a certain entity's data is 'exported' to an external data storage.
So there are straight up 2 ways to do this, either via Excel Export or via OData/Soap/WebAPI.
In all cases it will trigger the RetrieveMultiple message where you can see which entities are involved.
I'm the first to say that you shouldn't mess with the RetrieveMultiple (performance reasons), but the customer does insist.
Detecting a Excel Export is quite easy given the fact that the plugin context's parent context is specified which tells you it's an excel export.
This allows us to make a plugin (with some other setup entity) that adds some more granularity on the export to excel functionality, defining which entities can't be exported by some people and add some logging on who exported what when.
However differentiation a regular retrievemultiple coming from the CRM Website with a call via OData/Soap/WebAPI is another matter.
I tried to find a difference between them by debugging in an On Prem version, but could't see any difference.
Just to be sure, I launched the same query via advanced find, soap endpoint and finally via the WebAPI.
Does any of you had to deal with such a requirement and knows how to see the difference?
Regards,
Sven Peeters
*This post is locked for comments
I compared quite a lot of properties between the 2 plugin context but couldn't find anything I'm afraid.
Trace logs is out of the question, it's an Online version
That's no good news, we can't check on service accounts because we want to prevent the users to extract data from CRM.
Hi
You have an interesting scenario, I would try the following and see if you get something Session ID or Activity ID for requests that come from UI
You could try and enable tracing with verbose level to log everything. Perform the same operation from UI and from API/SDK call
Copy the trace logs and compare using something like Beyond Compare
I tried this, however unfortunately using SDK there is no supported way of detecting if request is coming from UI or API request. Luckily in our case all integration scenarios requests were coming from service accounts. We placed those a/c in config and checked if its coming from these service accounts then log "API" else UI. I know its not a full proof solution however worked for us.
Hi Pranav,
I know how to log but I want to have a distinction between retrievemultiple via UI and via SDK (WebAPI,OData,Soap).
Because data retrieval via the ui should not be logged, however all other data retrieval should be logged (or even blocked).
Regards,
Sven Peeters
Created a custom control for similar requirement for my on premise customer: (for online there are options available in O365)
Summary: A fully configurable solution built on top of Dynamics CRM Framework which will intercept Retrieve and Retrieve All messages and logs the read audit details in a custom log entity. Solution will not only audit records accessed via user interface but also records accessed using SDK.
+Monitors CRM Form (single record), WebAPI, Entity Views, Advance Find, Subgrids, SDK calls: Records accessed by integration services
+Configured only on selectable entities
-Performance
Conclusion:
1. Performance will definitely be impacted however MS after our project review said that if business case is such were in there is no other option then its fine to implement. Specially after GDPR came into picture.
2. Where to log and what to log is a big decision which going forward may cause issues. It can be in CRM db or it can be outside CRM as well. Ideally it should be in crm.
3. Consider only logging audit for normal uses not the service accounts or admins. Otherwise audit will be having lots of garbage.
4. Prepare your component and optimize code for huge data load upfront otherwise later performance issues will popup.
5. As part of reiterative multiple request I am just logging one record (actual query) in audit and not the full set of records accessed by API call.
Hope this helps.
Stay up to date on forum activity by subscribing. You can also customize your in-app and email Notification settings across all subscriptions.
#1
André Arnaud de Cal...
291,253
Super User 2024 Season 2
#2
Martin Dráb
230,188
Most Valuable Professional
#3
nmaenpaa
101,156
Share
Report
All responses (
Answers (