Bless you! There it is! It's table 126 "Security Auditing Journal Entries" in the V5R4 manual. http://publib.boulder.ibm.com/infocenter/iseries/v5r4/topic/books/sc415302.pdf Action or Journal Object Auditing Entry Model Database Value Type Outfile *SPLFDTA SF QASYSFJE/J4/J5 A - A spooled file was read by someone other than the owner. C - A spooled file was created. D - A spooled file was deleted. H - A spooled file was held. I - An inline file was created. R - A spooled file was released. U - A spooled file was changed.
These are all in Appendix F of whatever Security Reference manual is appropriate for your VRM. For V5R4, the full documented list is:
A Spooled file read. C Spooled file created. D Spooled file deleted. H Spooled file held. I Create of inline file. R Spooled file released. S Spooled file saved. T Spooled file restored. U Security-relevant spooled file attributes changed. V Only non-security-relevant spooled file attributes changed.Not sure why your list isn't complete, though it does have some slightly expanded explanations.
All [T] entries are in that appendix and all entry types/sub-types are there (except any that IBM forgets to publish).
This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact