Syntax
The ENABLE SECURITY_AUDIT statement has the following format:
[EXEC SQL] ENABLE SECURITY_AUDIT audit_type | ALL;
audit_type
Specifies the type of information to log, as follows:
ALARM
Logs all security events generated by create security_alarm statements issued on tables.
DATABASE
Logs all types of access by all users to all database objects, including use of the ckpdb, rollforwarddb, and auditdb utilities.
DBEVENT
Logs all CREATE DBEVENT, RAISE DBEVENT, REGISTER DBEVENT, REMOVE DBEVENT, and DROP DBEVENT statements.
LOCATION
Logs all access to location objects (CREATE LOCATION, ALTER LOCATION, and DROP LOCATION statements) by all users.
PROCEDURE
Logs all access to database procedures (CREATE PROCEDURE and DROP PROCEDURE statements and procedure execution) by all users.
ROLE
Logs role events (SET ROLE -r statement)
RULE
Logs rule events (CREATE RULE, DROP RULE, and firing of rules)
SECURITY
Logs all types of access by all users to all security-related objects.
TABLE
Logs all types of access by all users to all tables.
USER
Logs all changes to user and group information, including runtime verification of user and group names.
VIEW
Logs all types of access by all users to all views.
ROW
Logs all types of access by all users to all row-level events.
QUERY_TEXT
Logs all types of access by all users to all the detail information for querytext events.
RESOURCE
Logs all types of access by all users to violations of resource limits.
ALL
Logs all types of security events.
For users that are assigned the AUDIT_ALL privilege (using the CREATE USER or GRANT statement), all security events are logged, regardless of the types of security logging enabled using the ENABLE SECURITY_AUDIT statement.