ENABLE SECURITY

SQL Reference Guide > SQL Reference Guide > SQL Statements > ENABLE SECURITY_AUDIT

Was this helpful?

ENABLE SECURITY_AUDIT

Valid in: SQL, ESQL, OpenAPI, ODBC, JDBC, .NET

The ENABLE SECURITY_AUDIT statement enables the security administrator to turn on security logging for the specified type of security event.

This statement cannot be issued from within a multi-statement transaction.

The ENABLE SECURITY_AUDIT statement has the following format:

[EXEC SQL] ENABLE SECURITY_AUDIT audit_type | ALL;

audit_type

Specifies the type of information to log, as follows:

ALARM

Logs all security events generated by create security_alarm statements issued on tables.

CLIENT_INFO

Logs the client information string for connecting and disconnecting from the DBMS Server. Example string: user='ingres',host='myhostname',tty='2',pid=25108.

DATABASE

Logs all types of access by all users to all database objects, including use of the ckpdb, rollforwarddb, and auditdb utilities.

DBEVENT

Logs all CREATE DBEVENT, RAISE DBEVENT, REGISTER DBEVENT, REMOVE DBEVENT, and DROP DBEVENT statements.

LOCATION

Logs all access to location objects (CREATE LOCATION, ALTER LOCATION, and DROP LOCATION statements) by all users.

PROCEDURE

Logs all access to database procedures (CREATE PROCEDURE and DROP PROCEDURE statements and procedure execution) by all users.

QUERY_TEXT

Logs all types of access by all users to all the detail information for querytext events.

RESOURCE

Logs all types of access by all users to violations of resource limits.

ROLE

Logs role events (SET ROLE -r statement)

ROW

Logs all types of access by all users to all row-level events.

RULE

Logs rule events (CREATE RULE, DROP RULE, and firing of rules)

SECURITY

Logs all types of access by all users to all security-related objects.

SEQUENCE

Logs all types of access by all users to all sequence objects.

TABLE

Logs all types of access by all users to all tables.

USER

Logs all changes to user and group information, including runtime verification of user and group names.

VIEW

Logs all types of access by all users to all views.

ALL

Logs all types of security events.

For users that are assigned the AUDIT_ALL privilege (using the CREATE USER or GRANT statement), all security events are logged, regardless of the types of security logging enabled using the ENABLE SECURITY_AUDIT statement.

Embedded Usage

You cannot use host language variables in an embedded ENABLE SECURITY_AUDIT statement.

Permissions

You must have MAINTAIN_AUDIT privilege and be connected to the iidbdb database.

Locking

The ENABLE SECURITY_AUDIT statement locks pages in the iisecuritystate system catalog.

Related Statements

DROP SECURITY_ALARM

DISABLE SECURITY_AUDIT

CREATE SECURITY_ALARM

Last modified date: 11/28/2023