Coding the USER parameter on the CICS JOB statement

If you start CICS from a job, include the parameters USER= and PASSWORD= on the JOB statement. For example:
//CICSA   JOB ... ,USER=CICSR,PASSWORD=password
When you define a new user to RACF, the password is automatically flagged as expired. For this reason, the first time you start CICS under a new userid, change the PASSWORD parameter on the JOB statement. For example:
PASSWORD=(oldpassword,newpassword)

If you want to avoid specifying the password on the JOB statement, you can allow a surrogate user to submit the CICS job. A surrogate user is a RACF-defined user who is authorized to submit jobs on behalf of another user (the original user), without having to specify the original user's password. Jobs submitted by a surrogate user execute with the identity of the original user. See Surrogate job submission in a CICS environment for more information. The region userid must also have surrogate authority to use the default user; see Surrogate user security.