Defining user profiles for CICS region userids

Before bringing up a CICS® region, ensure that the required userids are defined - the CICS region userid and the CICS default userid. If you are suitably authorized, you can define a RACF® user profile for a CICS region by means of the ADDUSER command. For example, to define CICSR as a userid for a CICS region, enter the following RACF command from TSO:
ADDUSER CICSR  NAME(user-name) DFLTGRP(cics_region_group)

In this example, DFLTGRP has been specified, so the initial password is the DFLTGRP name. If you do not specify DFLTGRP, the password is set by default to the name of the group to which the person issuing the ADDUSER command belongs. Alternatively, you can specify a password explicitly on the PASSWORD parameter of the ADDUSER command. See Coding the USER parameter on the CICS JOB statement for details about changing new userid passwords.

Do not assign the OPERATIONS attribute to CICS region userids. Doing so would allow the CICS region to access RACF-protected data sets for which no specific authorization has been performed. CICS region userids do not need the OPERATIONS attribute if the appropriate CONNECT or PERMIT commands have been issued. These commands authorize the CICS region userid for each CICS region to access only the specific data sets required by that region.