Use the BEGIN LOGGING statement to enable access logging of row level security privilege checks. For example:
BEGIN LOGGING [DENIALS] [WITH TEXT] ON [FIRST|EACH] [ALL|operation_type ...(, operation_type)|GRANT] FOR CONSTRAINT constraint_name [BY user_name ...(, user_name)] [ON object_name ...(, object_name);
|DENIALS||Causes the system to create a log entry if a security constraint defined for the object being accessed is not defined for the session.
A denial is not logged if the session has the constraint definition, but lacks the required value to access a row.
|WITH TEXT||Specifies inclusion of the full text of the request in the log entry.|
|ON [FIRST|EACH]||Optionally defines the logging frequency as either the FIRST time, or EACH time, that the specified action is attempted against the specified object.|
|ALL||Specify one of the following options:
|operation_type ...(, operation_type)|
|FOR CONSTRAINT constraint_name||Logging of row level security privilege checks must include the keywords FOR CONSTRAINT.
A BEGIN LOGGING statement can only reference one constraint name, and it must be the name of a constraint object that already exists in the system.
|BY user_name ...(, user_name)||Identifies the users whose sessions are logged.
If the BY clause is not specified, logging applies to all users.
|ON object_name ...(, object_name)||Identifies the objects for which requests can generate row level security access logging, based on the specified logging parameters.
Each object_name must be a database or a table.
If no objects are specified, access logging rules apply to all objects that are subject to the security constraint specification.