Skip to content

Commit

Permalink
Adding Purview telemetry to the System apps (#1859)
Browse files Browse the repository at this point in the history 
#### Summary With BAP changes, BC is required to emit Purview telemetry
for the certain events. This PR covers some of them.

#### Work Item(s) 
Fixes
[AB#538235](https://dynamicssmb2.visualstudio.com/1fcb79e7-ab07-432a-a3c6-6cf5a88ba4a5/_workitems/edit/538235)

---------

Co-authored-by: mazhelez <[email protected]>
  • Loading branch information
@PredragMaricic @mazhelez @attilatoury
2 people authored and attilatoury committed Sep 19, 2024
1 parent 63ab633 commit 8640257
Show file tree
Hide file tree
Showing 15 changed files with 91 additions and 2 deletions.
4 changes: 4 additions & 0 deletions src/System Application/App/AI/src/Copilot/CopilotCapabilitiesGA.Page.al
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,7 @@ page 7774 "Copilot Capabilities GA"
Rec.Modify(true);

CopilotCapabilityImpl.SendActivateTelemetry(Rec.Capability, Rec."App Id");
Session.LogAuditMessage(StrSubstNo(CopilotFeatureActivatedLbl, Rec.Capability, Rec."App Id", UserSecurityId()), SecurityOperationResult::Success, AuditCategory::ApplicationManagement, 4, 0);
end;
}
action(Deactivate)
Expand All @@ -114,6 +115,7 @@ page 7774 "Copilot Capabilities GA"
Rec.Modify(true);

CopilotCapabilityImpl.SendDeactivateTelemetry(Rec.Capability, Rec."App Id", CopilotDeactivate.GetReason());
Session.LogAuditMessage(StrSubstNo(CopilotFeatureDeactivatedLbl, Rec.Capability, Rec."App Id", UserSecurityId()), SecurityOperationResult::Success, AuditCategory::ApplicationManagement, 4, 0);
end;
end;
}
Expand Down Expand Up @@ -162,6 +164,8 @@ page 7774 "Copilot Capabilities GA"
CapabilityEnabled: Boolean;
DataMovementEnabled: Boolean;
SupplementalTermsLinkTxt: Label 'https://go.microsoft.com/fwlink/?linkid=2236010', Locked = true;
CopilotFeatureDeactivatedLbl: Label 'The copilot/AI capability %1, App Id %2 has been deactivated by the UserSecurityId %3.', Locked = true;
CopilotFeatureActivatedLbl: Label 'The copilot/AI capability %1, App Id %2 has been activated by the UserSecurityId %3.', Locked = true;

internal procedure SetDataMovement(Value: Boolean)
begin
Expand Down
20 changes: 20 additions & 0 deletions src/System Application/App/Azure AD Plan/src/Plan Configuration/PlanConfiguration.Table.al
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,4 +54,24 @@ table 9017 "Plan Configuration"
Unique = true;
}
}
trigger OnDelete()
begin
Session.LogAuditMessage(StrSubstNo(PlanConfigurationDeletedLbl, Rec.Id, UserSecurityId()), SecurityOperationResult::Success, AuditCategory::EntitlementManagement, 2, 0);
end;

trigger OnInsert()
begin
Session.LogAuditMessage(StrSubstNo(PlanConfigurationCreatedLbl, Rec.Id, UserSecurityId()), SecurityOperationResult::Success, AuditCategory::EntitlementManagement, 2, 0);
end;

trigger OnModify()
begin
Session.LogAuditMessage(StrSubstNo(PlanConfigurationModifiedLbl, Rec.Id, UserSecurityId()), SecurityOperationResult::Success, AuditCategory::EntitlementManagement, 2, 0);
end;

var
PlanConfigurationDeletedLbl: Label 'The license configuration ID %1, has been deleted by the UserSecurityId %2.', Locked = true;
PlanConfigurationModifiedLbl: Label 'The license configuration ID %1, has been modified by the UserSecurityId %2.', Locked = true;
PlanConfigurationCreatedLbl: Label 'The license configuration ID %1, has been created by the UserSecurityId %2.', Locked = true;

}
8 changes: 8 additions & 0 deletions ...System Application/App/Azure AD Plan/src/Plan Configuration/PlanConfigurationCard.Page.al
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,13 @@ page 9069 "Plan Configuration Card"
Importance = Promoted;
Caption = 'Customize permissions';
ToolTip = 'Specifies whether the default permissions are customized.';

trigger OnValidate()
begin
if Rec.Customized then
Session.LogAuditMessage(StrSubstNo(PlanConfigurationCustomizedLbl, Rec.Id, UserSecurityId()), SecurityOperationResult::Success, AuditCategory::ApplicationManagement, 2, 0);

end;
}
}
}
Expand Down Expand Up @@ -122,6 +129,7 @@ page 9069 "Plan Configuration Card"

var
IsSaaS: Boolean;
PlanConfigurationCustomizedLbl: Label 'The Plan configuration %1, has been customized by the UserSecurityId %2.', Locked = true;

trigger OnAfterGetCurrRecord()
var
Expand Down
2 changes: 2 additions & 0 deletions ...em Application/App/Azure AD User Management/src/User sync/AzureADUserUpdateWizard.Page.al
View file
Original file line number Diff line number Diff line change
Expand Up @@ -289,13 +289,15 @@ page 9515 "Azure AD User Update Wizard"
AzureADUserSyncImpl: Codeunit "Azure AD User Sync Impl.";
GuidedExperience: Codeunit "Guided Experience";
SuccessCount: Integer;
UpdateUsersfromMicrosoft365RunLbl: Label 'Update users from Microsoft 365 wizard has been run by the UserSecurityId %1.', Locked = true;
begin
Rec.Reset();
SuccessCount := AzureADUserSyncImpl.ApplyUpdatesFromAzureGraph(Rec);
NumberOfUpdatesApplied := StrSubstNo(NumberOfUpdatesAppliedTxt, SuccessCount, Rec.Count());
Rec.DeleteAll();

GuidedExperience.CompleteAssistedSetup(ObjectType::Page, Page::"Azure AD User Update Wizard");
Session.LogAuditMessage(StrSubstNo(UpdateUsersfromMicrosoft365RunLbl, UserSecurityId()), SecurityOperationResult::Success, AuditCategory::ApplicationManagement, 2, 0);

MakeAllGroupsInvisible();
FinishedVisible := true;
Expand Down
5 changes: 5 additions & 0 deletions src/System Application/App/Data Classification/src/DataClassificationMgtImpl.Codeunit.al
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ codeunit 1753 "Data Classification Mgt. Impl."
var
DataSensitivityOptionStringTxt: Label 'Unclassified,Sensitive,Personal,Company Confidential,Normal', Comment = 'It needs to be translated as the field Data Sensitivity on Page 1751 Data Classification WorkSheet and field Data Sensitivity of Table 1180 Data Privacy Entities';
LegalDisclaimerTxt: Label 'Microsoft is providing this Data Classification feature as a matter of convenience only. It''s your responsibility to classify the data appropriately and comply with any laws and regulations that are applicable to you. Microsoft disclaims all responsibility towards any claims related to your classification of the data.';
DataSensitivitySetLbl: Label 'The Data sensitivity value %1 has been set for Company Name %2, Table No %3, Field No %4 by UserSecurityId %5.', Locked = true;

procedure PopulateDataSensitivityTable()
var
Expand Down Expand Up @@ -47,6 +48,8 @@ codeunit 1753 "Data Classification Mgt. Impl."
DataSensitivity."Field No" := FieldNo;
DataSensitivity."Data Sensitivity" := DataSensitivityOption;
DataSensitivity.Insert();
Session.LogAuditMessage(StrSubstNo(DataSensitivitySetLbl, DataSensitivity."Data Sensitivity", DataSensitivity."Company Name",
DataSensitivity."Table No", DataSensitivity."Field No", UserSecurityId()), SecurityOperationResult::Success, AuditCategory::ApplicationManagement, 3, 0);
end;
end;

Expand All @@ -63,6 +66,8 @@ codeunit 1753 "Data Classification Mgt. Impl."
DataSensitivity."Last Modified By" := UserSecurityId();
DataSensitivity."Last Modified" := Now;
DataSensitivity.Modify();
Session.LogAuditMessage(StrSubstNo(DataSensitivitySetLbl, DataSensitivity."Data Sensitivity", DataSensitivity."Company Name",
DataSensitivity."Table No", DataSensitivity."Field No", UserSecurityId()), SecurityOperationResult::Success, AuditCategory::ApplicationManagement, 3, 0);
until DataSensitivity.Next() = 0;
end;

Expand Down
4 changes: 3 additions & 1 deletion src/System Application/App/Feature Key/src/FeatureManagementImpl.Codeunit.al
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,7 @@ codeunit 2610 "Feature Management Impl."
var
FeatureManagementFacade: Codeunit "Feature Management Facade";
InitializeHandled: Boolean;
FeatureKeyStatusChangedLbl: Label 'The status of the feature key %1 has been set to %2 by UserSecurityId %3.', Locked = true;
begin
if FeatureDataUpdateStatus.Get(FeatureKey.ID, CompanyName()) then
exit;
Expand All @@ -107,7 +108,8 @@ codeunit 2610 "Feature Management Impl."
// If the table extension is not in sync during upgrade then Get() always returns False,
// so the following insert will fail if the record does exist.
if AllowInsert then
if FeatureDataUpdateStatus.Insert() then;
if FeatureDataUpdateStatus.Insert() then
Session.LogAuditMessage(StrSubstNo(FeatureKeyStatusChangedLbl, FeatureDataUpdateStatus."Feature Key", FeatureDataUpdateStatus."Feature Status", UserSecurityId()), SecurityOperationResult::Success, AuditCategory::ApplicationManagement, 4, 0);
end;

/// <summary>
Expand Down
16 changes: 16 additions & 0 deletions src/System Application/App/Permission Sets/src/PermissionImpl.Codeunit.al
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,8 @@ codeunit 9864 "Permission Impl."
IncludeDescriptionOption: Option "Specifies no permission","Specifies direct permission","Specifies indirect permission";
ExcludeOption: Option " ",Exclude,"Reduce to indirect";
ExcludeDescriptionOption: Option "No change to permission","Excludes any permission","Excludes any direct permission";
PermissionUpdatedLbl: Label 'The tenant %1 permission for the App Id %2, Role %3, ObjectType %4, ObjectId %5 has been updated with the value: "%6", by the UserSecurityId %7.', Locked = true;
MultiplePermissionsUpdatedLbl: Label 'The tenant permissions for the App Id %1, Role %2, ObjectType %3, ObjectId %4 have been updated with the following values - Read "%5", Insert "%6", Modify "%7" and Delete "%8" by the UserSecurityId %9.', Locked = true;

procedure SelectPermissions(CurrAppId: Guid; CurrRoleID: Code[20]): Boolean
var
Expand Down Expand Up @@ -97,30 +99,40 @@ codeunit 9864 "Permission Impl."
if TenantPermission."Read Permission" <> PermissionOption then begin
TenantPermission."Read Permission" := PermissionOption;
ModifyPermissionLine := true;
Session.LogAuditMessage(StrSubstNo(PermissionUpdatedLbl, RIMDX, TenantPermission."App ID", TenantPermission."Role ID", TenantPermission."Object Type", TenantPermission."Object ID",
TenantPermission."Read Permission", UserSecurityId()), SecurityOperationResult::Success, AuditCategory::RoleManagement, 2, 0);
end;
'I':
if TenantPermission."Object Type" = TenantPermission."Object Type"::"Table Data" then
if TenantPermission."Insert Permission" <> PermissionOption then begin
TenantPermission."Insert Permission" := PermissionOption;
ModifyPermissionLine := true;
Session.LogAuditMessage(StrSubstNo(PermissionUpdatedLbl, RIMDX, TenantPermission."App ID", TenantPermission."Role ID", TenantPermission."Object Type", TenantPermission."Object ID",
TenantPermission."Insert Permission", UserSecurityId()), SecurityOperationResult::Success, AuditCategory::RoleManagement, 2, 0);
end;
'M':
if TenantPermission."Object Type" = TenantPermission."Object Type"::"Table Data" then
if TenantPermission."Modify Permission" <> PermissionOption then begin
TenantPermission."Modify Permission" := PermissionOption;
ModifyPermissionLine := true;
Session.LogAuditMessage(StrSubstNo(PermissionUpdatedLbl, RIMDX, TenantPermission."App ID", TenantPermission."Role ID", TenantPermission."Object Type", TenantPermission."Object ID",
TenantPermission."Modify Permission", UserSecurityId()), SecurityOperationResult::Success, AuditCategory::RoleManagement, 2, 0);
end;
'D':
if TenantPermission."Object Type" = TenantPermission."Object Type"::"Table Data" then
if TenantPermission."Delete Permission" <> PermissionOption then begin
TenantPermission."Delete Permission" := PermissionOption;
ModifyPermissionLine := true;
Session.LogAuditMessage(StrSubstNo(PermissionUpdatedLbl, RIMDX, TenantPermission."App ID", TenantPermission."Role ID", TenantPermission."Object Type", TenantPermission."Object ID",
TenantPermission."Delete Permission", UserSecurityId()), SecurityOperationResult::Success, AuditCategory::RoleManagement, 2, 0);
end;
'X':
if TenantPermission."Object Type" <> TenantPermission."Object Type"::"Table Data" then
if TenantPermission."Execute Permission" <> PermissionOption then begin
TenantPermission."Execute Permission" := PermissionOption;
ModifyPermissionLine := true;
Session.LogAuditMessage(StrSubstNo(PermissionUpdatedLbl, RIMDX, TenantPermission."App ID", TenantPermission."Role ID", TenantPermission."Object Type", TenantPermission."Object ID",
TenantPermission."Execute Permission", UserSecurityId()), SecurityOperationResult::Success, AuditCategory::RoleManagement, 2, 0);
end;
'*':
if TenantPermission."Object Type" = TenantPermission."Object Type"::"Table Data" then begin
Expand All @@ -134,11 +146,15 @@ codeunit 9864 "Permission Impl."
TenantPermission."Modify Permission" := PermissionOption;
TenantPermission."Delete Permission" := PermissionOption;
ModifyPermissionLine := true;
Session.LogAuditMessage(StrSubstNo(MultiplePermissionsUpdatedLbl, TenantPermission."App ID", TenantPermission."Role ID", TenantPermission."Object Type", TenantPermission."Object ID",
TenantPermission."Read Permission", TenantPermission."Insert Permission", TenantPermission."Modify Permission", TenantPermission."Delete Permission", UserSecurityId()), SecurityOperationResult::Success, AuditCategory::RoleManagement, 2, 0);
end;
end else
if TenantPermission."Execute Permission" <> PermissionOption then begin
TenantPermission."Execute Permission" := PermissionOption;
ModifyPermissionLine := true;
Session.LogAuditMessage(StrSubstNo(PermissionUpdatedLbl, RIMDX, TenantPermission."App ID", TenantPermission."Role ID", TenantPermission."Object Type", TenantPermission."Object ID",
TenantPermission."Execute Permission", UserSecurityId()), SecurityOperationResult::Success, AuditCategory::RoleManagement, 2, 0);
end;
end;
if ModifyPermissionLine then
Expand Down
2 changes: 2 additions & 0 deletions src/System Application/App/Permission Sets/src/PermissionSet.Page.al
View file
Original file line number Diff line number Diff line change
Expand Up @@ -177,6 +177,7 @@ page 9855 "Permission Set"
exit;

AddLoggedPermissions(TempTablePermissionBuffer);
Session.LogAuditMessage(StrSubstNo(PermissionSetModifiedLbl, Rec."Role ID", UserSecurityId()), SecurityOperationResult::Success, AuditCategory::RoleManagement, 2, 0);
CurrPage.MetadataPermissions.Page.Update(false);
end;
}
Expand Down Expand Up @@ -277,5 +278,6 @@ page 9855 "Permission Set"
CannotManagePermissionsErr: Label 'Only users with the SUPER or the SECURITY permission set can delete permission sets.';
CannotDeletePermissionSetErr: Label 'You can only delete user-created or copied permission sets.';
PermissionSetCaptionTok: Label '%1 (%2)', Locked = true;
PermissionSetModifiedLbl: Label 'The permission set %1 has been modified by the UserSecurityId %2.', Locked = true;
PermissionLoggingRunning: Boolean;
}
9 changes: 9 additions & 0 deletions src/System Application/App/Permission Sets/src/PermissionSetCopyImpl.Codeunit.al
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,9 @@ codeunit 9863 "Permission Set Copy Impl."
FeatureTelemetry: Codeunit "Feature Telemetry";
PermissionSetExistsErr: Label 'Permission set already exists.';
ComposablePermissionSetsTok: Label 'Composable Permission Sets', Locked = true;
PermissionsUpdatedLbl: Label 'The tenant permissions for the App Id %1, Role %2, ObjectType %3, ObjectId %4 have been updated with the following values - Read "%5", Insert "%6", Modify "%7", Delete "%8" and Execute "%9" by the UserSecurityId %10.', Locked = true;
PermissionsInsertedLbl: Label 'The tenant permissions for the App Id %1, Role %2, ObjectType %3, ObjectId %4 have been inserted with the following values - Read "%5", Insert "%6", Modify "%7", Delete "%8" and Execute "%9" by the UserSecurityId %10.', Locked = true;
ReadAccessAddedToRelatedTablesLbl: Label 'The Read Permission for the App Id %1, Role %2, ObjectType %3, ObjectId %4 have been granted by the UserSecurityId %5.', Locked = true;

procedure CopyPermissionSet(NewRoleId: Code[30]; NewName: Text; SourceRoleId: Code[30]; SourceAppId: Guid; SourceScope: Option System,Tenant; CopyType: Enum "Permission Set Copy Type")
begin
Expand Down Expand Up @@ -257,13 +260,17 @@ codeunit 9863 "Permission Set Copy Impl."
TenantPermission."Delete Permission" := AddDelete;
TenantPermission."Execute Permission" := AddExecute;
TenantPermission.Insert();
Session.LogAuditMessage(StrSubstNo(PermissionsInsertedLbl, AppID, CopyStr(RoleID, 1, MaxStrLen(TenantPermission."Role ID")), ObjectType, ObjectID,
AddRead, AddInsert, AddModify, AddDelete, AddExecute, UserSecurityId()), SecurityOperationResult::Success, AuditCategory::ApplicationManagement, 2, 0);
end else begin
TenantPermission."Read Permission" := LogActivityPermissions.GetMaxPermission(TenantPermission."Read Permission", AddRead);
TenantPermission."Insert Permission" := LogActivityPermissions.GetMaxPermission(TenantPermission."Insert Permission", AddInsert);
TenantPermission."Modify Permission" := LogActivityPermissions.GetMaxPermission(TenantPermission."Modify Permission", AddModify);
TenantPermission."Delete Permission" := LogActivityPermissions.GetMaxPermission(TenantPermission."Delete Permission", AddDelete);
TenantPermission."Execute Permission" := LogActivityPermissions.GetMaxPermission(TenantPermission."Execute Permission", AddExecute);
TenantPermission.Modify();
Session.LogAuditMessage(StrSubstNo(PermissionsUpdatedLbl, AppID, CopyStr(RoleID, 1, MaxStrLen(TenantPermission."Role ID")), ObjectType, ObjectID,
AddRead, AddInsert, AddModify, AddDelete, AddExecute, UserSecurityId()), SecurityOperationResult::Success, AuditCategory::ApplicationManagement, 2, 0);
end;
end;

Expand All @@ -283,6 +290,8 @@ codeunit 9863 "Permission Set Copy Impl."
AddToTenantPermission(
AppID, RoleID, TempTenantPermission."Object Type"::"Table Data", TableRelationsMetadata."Related Table ID", TempTenantPermission."Read Permission"::Yes,
TempTenantPermission."Insert Permission"::" ", TempTenantPermission."Modify Permission"::" ", TempTenantPermission."Delete Permission"::" ", TempTenantPermission."Execute Permission"::" ");
Session.LogAuditMessage(StrSubstNo(ReadAccessAddedToRelatedTablesLbl, AppID, RoleID, TempTenantPermission."Object Type"::"Table Data", TempTenantPermission."Object ID", UserSecurityId()),
SecurityOperationResult::Success, AuditCategory::ApplicationManagement, 2, 0);
until TableRelationsMetadata.Next() = 0;
end;

Expand Down
Loading

0 comments on commit 8640257

Please sign in to comment.