diff --git a/lib/www/server/api/middleware/auth/access.js b/lib/www/server/api/middleware/auth/access.js
index 8d1b651..df06aeb 100644
--- a/lib/www/server/api/middleware/auth/access.js
+++ b/lib/www/server/api/middleware/auth/access.js
@@ -1,6 +1,7 @@
 const { projectOrganisations, vesselOrganisations/*, orgAccess */} = require('../../../lib/db/project/organisations');
 const ServerUser = require('../../../lib/db/user/User');
 const { Organisations } = require('@dougal/organisations');
+const { ERROR, INFO, DEBUG } = require('DOUGAL_ROOT/debug')(__filename);
 
 /** Second-order function.
  * Returns a middleware that checks if the user has access to
@@ -14,11 +15,7 @@ function operation (operation) {
 		if (req.params.project) {
 			const projectOrgs = new Organisations(await projectOrganisations(req.params.project));
 			const availableOrgs = projectOrgs.accessToOperation(operation).filter(user.organisations);
-			console.log("Operation:      ", operation);
-			console.log("User:           ", user.name);
-			console.log("User orgs:      ", user.organisations);
-			console.log("Project orgs:   ", projectOrgs);
-			console.log("Available orgs: ", availableOrgs);
+			DEBUG(`operation = ${operation}, user = ${user?.name}, user orgs = %j, project orgs = %j, availableOrgs = %j`, user.organisations.toJSON(), projectOrgs.toJSON(), availableOrgs.toJSON());
 			if (availableOrgs.length > 0) {
 				next();
 				return;
@@ -26,16 +23,13 @@ function operation (operation) {
 		} else {
 			const vesselOrgs = new Organisations(await vesselOrganisations());
 			const availableOrgs = vesselOrgs.accessToOperation(operation).filter(user.organisations);
-			console.log("Operation:      ", operation);
-			console.log("User:           ", user.name);
-			console.log("User orgs:      ", user.organisations);
-			console.log("Vessel orgs:    ", vesselOrgs);
-			console.log("Available orgs: ", availableOrgs);
+			DEBUG(`operation = ${operation}, user = ${user?.name}, user orgs = %j, vessel orgs = %j, availableOrgs = %j`, user.organisations.toJSON(), vesselOrgs.toJSON(), availableOrgs.toJSON());
 			if (availableOrgs.length > 0) {
 				next();
 				return;
 			}
 		}
+		DEBUG(`Access denied to operation ${operation}.`);
 		next({status: 403, message: "Access denied"});
 	}
 }