Classifying Data in Dynamics NAV

At Microsoft Dynamics NAV, we are committed to data protection, information security, and privacy. Part of this commitment is helping our partners to ensure that the applications they develop are compliant with the latest legislative requirements for collecting, storing, and using user personal information. The latest cumulative updates for Dynamics NAV 2015 (CU 41), Dynamics NAV 2016 (CU 29), Dynamics NAV 2017 (CU 16), and Dynamics NAV 2018 (CU 03) introduce the DataClassification property on tables and fields.
This property lets you tag table and field data with one of the classifications described in the next section.

You should consider the DataClassification property as the first layer of classification – done by developers (Dynamics NAV partner) on customizations, add-ons, and extensions. The second layer is the users and how they handle data they provide and that is made available to them.

Classifications of the DataClassification property

The DataClassification property can be set on table objects and field controls.

Classification Description Examples
CustomerContent Content directly provided/created by admins and users. This is the default when no value has been specified.
  • Customer generated BLOB or structured storage data
  • Customer-owned/provided secrets (passwords, certificates, encryption keys, storage keys)
EndUserIdentificationInformation (EUII) Data that identifies or could be used to identify the user of a Microsoft service. EUII does not contain Customer content.
  • User name or display name (DOMAIN\UserName)
  • User principle name (name@company.com)
  • User-specific IP address
AccountData Customer billing information and payment instrument information, including administrator contact information, such as tenant administrator’s name, address, or phone number.
  • Tenant administrator contact information (for example, tenant administrator’s name, address, e-mail address, phone number)
  • Customer’s provisioning information
EndUsePseudonymousIdentifiers (EUPI) An identifier created by Microsoft tied to the user of a Microsoft service. When EUPI is combined with other information, such as a mapping table, it identifies the end user. EUPI does not contain information uploaded or created by the customer (Customer content or EUII).
  • User GUIDs, PUIDs, or SIDs
  • Session IDs
OrganizationIdentifiableInformation (OII) Data that can be used to identify a tenant, generally config or usage data. This data is not linkable to a user and does not contain Customer content.
  • Tenant ID (non-GUID)
  • Domain name in e-mail address (xxx@contoso.com) or other tenant-specific domain information
SystemMetadata Data generated while running the service or program that is not linkable to a user or tenant.
  • Database table names, database column names, entity names
ToBeClassified Content that has not yet been given a classification. This is the initial value when table or field is created.
  • New tables or columns added by developers while developing extensions or customizations

Data classification on upgrade

When you upgrade an application to the new platform, existing tables and fields (except for FlowFields and FlowFilters) will automatically be assigned the CustomerContent classification. You can then access the DataClassification property on tables and fields, and change the classification as needed. FlowFields and FlowFilters are assigned the SystemMetadata classification.

Viewing data classification

You can view the data classification of tables and fields in the Table Metadata Virtual table (ID 2000000136) and Field virtual table (ID 2000000041), respectively.

More information

To read more about these development features, see the following articles in the Developer and IT-Pro Help for Microsoft Dynamics NAV:

Classifying Data
DataClassification Property
Table Metadata Virtual Table
Field Virtual Table

For information about General Data Protection Regulation compliancy and Dynamics NAV, see Get GDPR compliant with Dynamics NAV.

 

Updated on March 13, 2018, with an updated version of the Windows PowerShell module attached:

DataClassification