rob wrote:
Bless you! There it is!
It's table 126 "Security Auditing Journal Entries" in the V5R4 manual.
http://publib.boulder.ibm.com/infocenter/iseries/v5r4/topic/books/sc415302.pdf
Action or Journal
Object Auditing Entry Model Database
Value Type Outfile
*SPLFDTA SF QASYSFJE/J4/J5
A - A spooled file was read by someone other than the owner.
C - A spooled file was created.
D - A spooled file was deleted.
H - A spooled file was held.
I - An inline file was created.
R - A spooled file was released.
U - A spooled file was changed.
These are all in Appendix F of whatever Security Reference manual is
appropriate for your VRM. For V5R4, the full documented list is:
A Spooled file read.
C Spooled file created.
D Spooled file deleted.
H Spooled file held.
I Create of inline file.
R Spooled file released.
S Spooled file saved.
T Spooled file restored.
U Security-relevant spooled file attributes changed.
V Only non-security-relevant spooled file attributes changed.
Not sure why your list isn't complete, though it does have some
slightly expanded explanations.
All [T] entries are in that appendix and all entry types/sub-types
are there (except any that IBM forgets to publish).
Tom Liotta
