RDEFINE SURROGAT PLTUSER.DFHINSTL UACC(NONE) OWNER(PLTUSER)
PERMIT PLTUSER.DFHINSTL CLASS(SURROGAT) ID(CICSHT01) ACCESS(READ)
In addition to enabling PLT security by defining SURROGAT profiles, ensure that when PLT security is active (through the use of the PLTPISEC system initialization parameter) you also add the PLT userid to the access lists of all the resources accessed by PLT programs. For example, if you specify PLTPISEC=RESSEC, ensure that the PLT userid is authorized to all the CICS resources for which security is active.