| title | description | ms.date | ms.reviewer | ms.topic | ms.author | author | ms.subservice | search.audienceType | contributors | ms.custom | |||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Delete audit data |
Learn how to programmatically delete audit data stored in Microsoft Dataverse. |
06/03/2023 |
jdaly |
how-to |
paulliew |
paulliew |
dataverse-developer |
|
|
bap-template |
You may need to delete audit data to comply with a customer's request to delete their history or to free up log capacity space. You can't directly delete records in the Auditing (Audit) table. Instead, Dataverse provides the following messages to delete audit history data:
| Message | Description |
|---|---|
DeleteRecordChangeHistory |
Deletes all the audit change history records for a particular record. |
BulkDelete |
Asynchronously deletes records identified by a query. Use this message to delete large numbers of audit records without blocking other activities. |
DeleteAuditData |
For customers using customer-managed encryption keys, deletes all audit data records up to a specified end date. |
[!INCLUDE gdpr-dsr-delete-note]
Use the DeleteRecordChangeHistoryRequest message to delete all the audit change history records for a particular record rather than all the audit records for a date range.
To delete the audit change history for a record, make sure you have the System Administrator security role or a security role with the prvDeleteRecordChangeHistory privilege.
Use the Target parameter to specify the record. The DeletedEntriesCount property of the response tells you how many audit records were deleted.
The following example uses the DeleteRecordChangeHistory Action to delete the audited data changes for an account record.
Request:
POST [Organization URI]/api/data/v9.2/DeleteRecordChangeHistory HTTP/1.1
Accept: application/json
OData-MaxVersion: 4.0
OData-Version: 4.0
If-None-Match: null
{
"Target": {
"@odata.type": "Microsoft.Dynamics.CRM.account",
"accountid": "611e7713-68d7-4622-b552-85060af450bc"
}
}Response:
HTTP/1.1 200 OK
OData-Version: 4.0
{
"@odata.context": "[Organization URI]/api/data/v9.2/$metadata#Microsoft.Dynamics.CRM.DeleteRecordChangeHistoryResponse",
"DeletedEntriesCount": 4
}Learn more about:
- Using Web API actions.
- DeleteRecordChangeHistory Action
- DeleteRecordChangeHistoryResponse ComplexType
/// <summary>
/// Deletes record change history for a specific record and shows
/// how many records were deleted.
/// </summary>
/// <param name="svc">The IOrganizationService instance to use.</param>
/// <param name="target">The specified record.</param>
static void ShowDeleteRecordChangeHistory(
IOrganizationService svc,
EntityReference target)
{
var req = new DeleteRecordChangeHistoryRequest {
Target = target
};
var resp = (DeleteRecordChangeHistoryResponse)
svc.Execute(req);
Console.WriteLine($"Audit records deleted:{resp.DeletedEntriesCount}");
}Learn more about:
- DeleteRecordChangeHistoryRequest Class
- DeleteRecordChangeHistoryResponse Class
- IOrganizationService.Execute Method
Use the BulkDelete message to delete audit records your organization no longer needs to retain to comply with internal and external auditing requirements. The bulk delete operation runs in the background and allows you to define recurrence patterns, start time, and other parameters.
The following example deletes audit records with an action value of 64 (User Access via Web).
Request:
POST [Organization URI]/api/data/v9.1/BulkDelete
Accept: application/json
OData-MaxVersion: 4.0
OData-Version: 4.0
{
"QuerySet": [
{
"EntityName": "audit",
"Criteria": {
"FilterOperator": "And",
"Conditions": [
{
"AttributeName": "action",
"Operator": "Equal",
"Values": [
{
"Type": "System.String",
"Value": "64"
}
]
}
],
"Filters": []
}
}
],
"JobName": "Bulk Delete of audit records with action = 64",
"SendEmailNotification": false,
"ToRecipients": [],
"CCRecipients": [],
"RecurrencePattern": "",
"StartDateTime": "2022-02-02T10:00:00.000Z"
}Response:
HTTP/1.1 200 OK
Content-Type: application/json; odata.metadata=minimal
OData-Version: 4.0
{
"@odata.context": "[Organization URI]/api/data/v9.0/$metadata#Microsoft.Dynamics.CRM.BulkDeleteResponse",
"JobId": "[Job Id]"
}Learn more about:
- BulkDelete Action
- BulkDeleteResponse ComplexType
- QueryExpression ComplexType
/// <summary>
/// Creates a BulkDelete job to delete audit record history for a
/// specific action and shows the job created.
/// </summary>
/// <param name="svc">IOrganizationService to use</param>
/// <param name="actionValue">The audit action value</param>
static void BulkDeleteAuditHistoryByAction(IOrganizationService svc, int actionValue)
{
Guid jobId;
var querySet = new QueryExpression(entityName: "audit");
querySet.Criteria.AddCondition(
attributeName: "action",
conditionOperator: ConditionOperator.Equal,
values: actionValue);
var req = new BulkDeleteRequest
{
QuerySet = new QueryExpression[] { querySet },
JobName = $"Bulk Delete of audit records with action = {actionValue}",
SendEmailNotification = false,
ToRecipients = new Guid[] { },
CCRecipients = new Guid[] { },
RecurrencePattern = string.Empty,
StartDateTime = DateTime.UtcNow
};
try
{
var resp = (BulkDeleteResponse)svc.Execute(req);
jobId = resp.JobId;
Entity bulkDeleteJob =
svc.Retrieve(
entityName: "asyncoperation",
id: jobId,
columnSet: new ColumnSet("name", "statecode", "statuscode"));
Console.WriteLine($"Job Name: {bulkDeleteJob["name"]}");
Console.WriteLine($"Job Id: {bulkDeleteJob.Id}");
Console.WriteLine($"State: {bulkDeleteJob.FormattedValues["statecode"]}");
Console.WriteLine($"Status: {bulkDeleteJob.FormattedValues["statuscode"]}");
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}Learn more about:
- BulkDeleteRequest Class
- BulkDeleteResponse Class
- IOrganizationService.Execute Method
- IOrganizationService.Retrieve Method
If you use customer-managed encryption keys, you can use the DeleteAuditData message to delete audit records for a date range. Audit data records are deleted sequentially from oldest to newest.
Note
Even if you're using customer-managed encryption keys, you should consider using Bulk Delete rather than the DeleteAuditData message.
The DeleteAuditData message deletes all audit data in partitions where the end date is before the date specified in the EndDate property. Any empty partitions are also deleted. The current (active) partition and the audit records in it can't be deleted using this request or any other.
Dataverse automatically creates partitions every quarter. You can't change or stop this behavior. You can use the RetrieveAuditPartitionList message to obtain the list of partitions. If the end date of any partition is later than the current date, you can't delete that partition or any audit records in it.
Auditing overview
Configure auditing
Retrieve the history of audited data changes
Administrator's Guide: Recover database space by deleting audit logs
[!INCLUDE footer-banner]