Valid in: SQL, ESQL
The Enable Security_Audit statement enables the security administrator to turn on security logging for the specified type of security event.
This statement cannot be issued from within a multi-statement transaction.
The Enable Security_Audit statement has the following format:
[EXEC SQL] RESTRICTIONS:ENABLE SECURITY_AUDIT audit_type | ALL;
Specifies the type of information to log, as follows:
Logs all security events generated by create security_alarm statements issued on tables.
Logs all types of access by all users to all database objects, including use of the ckpdb, rollforwarddb, and auditdb utilities.
Logs all create dbevent, raise dbevent, register dbevent, remove dbevent, and drop dbevent statements.
Logs all access to location objects (create location, alter location and drop location statements) by all users.
Logs all access to database procedures (create procedure and drop procedure statements and procedure execution) by all users.
Logs role events (set role statement with -r flag)
Logs rule events (create rule, drop rule, and firing of rules)
Logs all types of access by all users to all security-related objects.
Logs all types of access by all users to all tables.
Logs all changes to user and group information, including runtime verification of user and group names.
Logs all types of access by all users to all views.
Logs all types of access by all users to all events that dominate specific security audit labels.
Logs all types of access by all users to all row-level events.
Logs all types of access by all users to all the detail information for querytext events.
Logs all types of access by all users to violations of resource limits.
Logs all types of security events.
For users that are assigned the AUDIT_ALL privilege (using the CREATE USER or GRANT statement), all security events are logged, regardless of the types of security logging enabled using the ENABLE SECURITY_AUDIT statement.
You cannot use host language variables in an embedded Enable Security_Audit statement.
You must have the maintain_audit privilege and be working in a session that is connected to the iidbdb.
The Enable Security_Audit statement locks pages in the iisecuritystate system catalog.
The following example turns on all forms of auditing:
enable security_audit all;