Latest Posts

Enabling Dataverse Auditing using PowerShell

Posted on by Rishan Solutions

Loading

Dataverse auditing helps track changes to records, attributes, and user actions. You can enable auditing at multiple levels:

Environment Level (Enables global auditing)
Table Level (Audits all records in a specific table)
Column Level (Tracks changes to specific fields)

This guide will show you step-by-step how to enable Dataverse Auditing using PowerShell.

Step 1: Prerequisites

1. Required Permissions

  • You must be a System Administrator in Dataverse.
  • Your Power Platform environment must support auditing.

2. Install and Import PowerShell Modules

Ensure the Power Platform PowerShell module is installed.

# Install the required PowerShell module
Install-Module -Name Microsoft.PowerPlatform.Cds.Client -Scope CurrentUser -Force

# Import the module
Import-Module Microsoft.PowerPlatform.Cds.Client

Step 2: Connecting to Dataverse Using PowerShell

Option 1: Interactive Login

# Connect to Dataverse interactively
$connection = Connect-CdsService -ConnectionString "AuthType=OAuth;Url=https://yourorg.crm.dynamics.com;Prompt=Login"

You will be prompted to enter your username and password.

Option 2: Using a Service Principal (Azure AD App)

If you want to automate this process, use an Azure AD App Registration.

# Define credentials
$clientId = "your-app-client-id"
$clientSecret = "your-app-client-secret"
$tenantId = "your-tenant-id"
$orgUrl = "https://yourorg.crm.dynamics.com"

# Convert secret to secure string
$secureSecret = ConvertTo-SecureString $clientSecret -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential ($clientId, $secureSecret)

# Connect to Dataverse
$connection = Connect-CdsService -Url $orgUrl -ClientId $clientId -ClientSecret $secureSecret -TenantId $tenantId

Step 3: Enabling Auditing at the Environment Level

Auditing must be enabled globally before it works at the table or column level.

# Enable auditing at the environment level
Set-CdsOrganization -Connection $connection -Fields @{
    "isauditenabled" = $true
}

Write-Host "Dataverse environment auditing has been enabled!"

This enables auditing for the entire environment.

Step 4: Enabling Auditing for a Specific Table

Now, enable auditing for a specific table (e.g., account).

# Define the table name
$tableName = "account"

# Get the table ID
$table = Get-CdsRecord -Connection $connection -EntityLogicalName entity -Filter "logicalname eq '$tableName'"
$tableId = $table.entityid

# Enable auditing for the table
Set-CdsRecord -Connection $connection -EntityLogicalName entity -Id $tableId -Fields @{
    "isauditenabled" = $true
}

Write-Host "Auditing enabled for table: $tableName"

Now, changes to all records in this table will be audited.

Step 5: Enabling Auditing for Specific Columns

To track changes at the column level, enable auditing for specific fields.

# Define table and column names
$tableName = "account"
$columnName = "creditlimit"

# Get column ID
$column = Get-CdsRecord -Connection $connection -EntityLogicalName attribute -Filter "logicalname eq '$columnName' AND entitylogicalname eq '$tableName'"
$columnId = $column.attributeid

# Enable auditing for the column
Set-CdsRecord -Connection $connection -EntityLogicalName attribute -Id $columnId -Fields @{
    "isauditenabled" = $true
}

Write-Host "Auditing enabled for column: $columnName in table: $tableName"

Only changes to the specified column will be audited.

Step 6: Verifying Auditing Status

Check if auditing is enabled for your environment, tables, and columns.

Check Environment Auditing

# Get environment settings
$envSettings = Get-CdsOrganization -Connection $connection
$envSettings.isauditenabled

If True, auditing is enabled at the environment level.

Check Table Auditing

# Define table name
$tableName = "account"

# Get auditing status
$table = Get-CdsRecord -Connection $connection -EntityLogicalName entity -Filter "logicalname eq '$tableName'"
Write-Host "Auditing status for table $tableName: " $table.isauditenabled

Check Column Auditing

# Define table and column name
$tableName = "account"
$columnName = "creditlimit"

# Get column auditing status
$column = Get-CdsRecord -Connection $connection -EntityLogicalName attribute -Filter "logicalname eq '$columnName' AND entitylogicalname eq '$tableName'"
Write-Host "Auditing status for column $columnName in table $tableName: " $column.isauditenabled

Step 7: Disabling Auditing

If you need to disable auditing, follow these steps.

Disable Auditing for the Environment

Set-CdsOrganization -Connection $connection -Fields @{
    "isauditenabled" = $false
}

Write-Host "Dataverse environment auditing has been disabled!"

Disable Auditing for a Specific Table

# Define table name
$tableName = "account"

# Get table ID
$table = Get-CdsRecord -Connection $connection -EntityLogicalName entity -Filter "logicalname eq '$tableName'"
$tableId = $table.entityid

# Disable auditing
Set-CdsRecord -Connection $connection -EntityLogicalName entity -Id $tableId -Fields @{
    "isauditenabled" = $false
}

Write-Host "Auditing disabled for table: $tableName"

Disable Auditing for a Specific Column

# Define table and column names
$tableName = "account"
$columnName = "creditlimit"

# Get column ID
$column = Get-CdsRecord -Connection $connection -EntityLogicalName attribute -Filter "logicalname eq '$columnName' AND entitylogicalname eq '$tableName'"
$columnId = $column.attributeid

# Disable auditing
Set-CdsRecord -Connection $connection -EntityLogicalName attribute -Id $columnId -Fields @{
    "isauditenabled" = $false
}

Write-Host "Auditing disabled for column: $columnName in table: $tableName"

Leave a Reply

Your email address will not be published. Required fields are marked *