Extending audit functionality to include read access to Cases

(0) Share

Report

Posted on by Community Member Microsoft Employee

We have a Dynamics CRM 2013 on-premise system which is used to store very sensitive client information.

Although everything is audited in terms of changes, creation, and deletions, via the built-in CRM audit functionality, in the interest of having full assurance, we would like to make sure that any access by users even just to view the Case details (i.e. without changing anything) would be audited as well.

What is the simplest/best way of achieving this audit, either through CRM built in functionality, or failing that, perhaps directly using features of the SQL server? We are running SQL Server 2008 Standard Edition.

Thanks.

*This post is locked for comments

All responses (10)

Answers (0)

Community Member Microsoft Employee on at

Like (0)

Report

RE: Extending audit functionality to include read access to Cases

Correct. But requirement is coming from client to allow access while auditing views. Damn clients.. lol.. will remain a CRM limitation for now.
Dynamics365 Rocker 7,755 on at

Like (0)

Report

RE: Extending audit functionality to include read access to Cases

But If you control access from security role or access team then Advanced find is not a problem.
Community Member Microsoft Employee on at

Like (0)

Report

RE: Extending audit functionality to include read access to Cases

@Rocker, the advanced find is the problem. Sounds like this has been a long requested feature. Just hope it's coming to on-prem soon.
Community Member Microsoft Employee on at

Like (0)

Report

RE: Extending audit functionality to include read access to Cases

Unfortunately we're on-prem. Is plan for this to remain online-only? Or will it be out in next on-prem update (hoping this fall!)?
Drew Poggemann 4 on at

Like (1)

Report

RE: Extending audit functionality to include read access to Cases

Hi Mugs,

If you are online Microsoft has now enabled the ability to track "view" of records.

community.dynamics.com/.../enable-read-auditing-in-dynamics-crm-365

Hope this helps.
Suggested answer

Dynamics365 Rocker 7,755 on at

Like (1)

Report

RE: Extending audit functionality to include read access to Cases

If a user open a case form that can be audited by writing script on "onload" event.

You have to create a custom entity and save user name who viewed case details in this entity. This can be achieve from script.

But users still have options to view case data from advanced find.

You can also control view access from security role, in this scenario users will have read access on case or they will not have read access.

You can also use "Access Team" feature, In this feature user can view case if they are member of access team
Community Member Microsoft Employee on at

Like (0)

Report

RE: Extending audit functionality to include read access to Cases

Old thread, but have a quick question. If we audited using SQL, any idea how we would be able to indicate which CRM user was initiating the SELECT call?

Wouldn't all calls be attributed to the application's identiy (ie. App Pool User)?

Cheers.
Suggested answer

Drew Poggemann 4 on at

Like (0)

Report

RE: Extending audit functionality to include read access to Cases

Hi Excalibur2811,

This would be very tough from Dynamics CRM because there are multiple ways they can get at this information including:

1. Advanced Find

2. Custom Report

3. Excel through OData or DB connections

and probably others...

To really track if someone is viewing details on the record you would probably want to trace anything that is querying from the SQL database table with this information.

docs.microsoft.com/.../sql-server-audit-database-engine

solutioncenter.apexsql.com/auditing-select-statements-on-sql-server

Hopefully this helps!

Thanks,
Suggested answer

Ryan Maclean 3,070 on at

Like (0)

Report

RE: Extending audit functionality to include read access to Cases

If you don't want to register a plugin, you could add a read-only field to your form called "last User accessed" that has a lookup to the User entity, then use a simple bit of Javascript onload to update the field. See crmbusiness.wordpress.com/.../crm-2015crm2013-javascipt-to-get-the-current-users-name for tips on how to achieve this
Suggested answer

M.Azwar Alam on at

Like (0)

Report

RE: Extending audit functionality to include read access to Cases

Hi,

Dynamics CRM built-in audit feature provides the audit history on record creation and updating. You cannot have audit detail if user has open the case record for view only purpose. To achieve this functionality you need customize the CRM using plugin. Check following link

https://community.dynamics.com/crm/f/117/t/105348#.UbWzivlwqSo

Mark answer as verified, if it works for you

Community site session details

Extending audit functionality to include read access to Cases

Helpful resources

Quick Links

Announcing Our 2025 Season 1 Super Users!

Vahid Ghafarpour – Community Spotlight

Tip: Become a User Group leader!

Leaderboard

Featured topics

Product updates

Community site session details

Extending audit functionality to include read access to Cases

Helpful resources

Quick Links

Announcing Our 2025 Season 1 Super Users!

Vahid Ghafarpour – Community Spotlight

Tip: Become a User Group leader!

Subscribe to this forum!

Select categories

Leaderboard

Featured topics

Product updates