What can be done if message "IPPTPKT01 User not authorized to view packet data. Data suppressed." appears?

Document ID : KB000020996
Last Modified Date : 14/02/2018
Show Technical Document Details

Introduction:

When message "IPPTPKT01 User not authorized to view packet data. Data suppressed." appears the user is not authorized to view packet data. Reason for that is because packet data can contain payload data. To view packet data, your user ID must have read access to resource NETMSTR.PKTTRACE.region in your external security package.

Instructions:

For that read access to packet payload data a further level of authority is required for users. This authority must be granted by your external security system (CA ACF2 for z/OS, CA Top Secret for z/OS, or RACF). The user must have READ access to NETMSTR.PKTTRACE.region, where region is the region's ACB name, as specified in the PRI= parameter in the RUNSYSIN member.

To set up definitions to allow access to SmartTrace in your region with ACB NMTEST, issue the following commands (refer also to Chapter 5 of the CA Mainframe Network Management Security Guide r12):

In CA Top Secret:    TSS ADD(dept) IBMFAC(NETMSTR)
                     TSS PERMIT(USER1) IBMFAC(NETMSTR.PKTTRACE.*) ACCESS(NONE)
 
In CA ACF2:          [ACF]
                     SET RESOURCE(FAC)
                     COMPILE * $KEY
                     (NETMSTR.PKTTRACE.*) TYPE(FAC)
 
In RACF:             RDEFINE FACILITY NETMSTR.PKTTRACE.* UACC(NONE)
                     RDEFINE FACILITY NETMSTR.PKTTRACE.NMTEST UACC(NONE)
                     SETROPTS RACLIST(FACILITY) REFRESH
 
To allow user USER1 to access SmartTrace data, issue the following command:
In CA Top Secret:    TSS PERMIT(USER1) IBMFAC(NETMSTR.PKTTRACE.NMTEST) ACCESS(CONTROL)
 
In CA ACF2:          $KEY(NETMSTR.PKTTRACE.NMTEST) TYPE(FAC) USER1(USER1) READ(ALLOW)
                     STORE
                     [END]
 
In RACF:             PERMIT NETMSTR.PKTTRACE.NMTEST CLASS(FACILITY) ID(USER1) ACCESS(READ)