A surrogate user is one who has the authority to start work on behalf of
another user. A surrogate user is authorized to act for that user without
knowing that other user's password. To enable surrogate user checking, XUSER=YES
must be specified as a system initialization parameter.
CICS® performs
surrogate user security checking in a number of situations, using the surrogate
user facility of an external security manager (ESM) such as RACF®. If surrogate
user checking is in force, it applies to:
- The CICS default user
- PLT post-initialization processing
- Preset terminal security
- Started transactions
- The userid associated with a CICS business transaction services (BTS)
process or activity that is started by a RUN command
- The userid associated with a transient data destination
- The userid supplied as a parameter on an EXCI call
- The userid supplied on the AUTHID and COMAUTHID attributes of the DB2CONN and DB2ENTRY resource
definitions
The userid supplied on the USERID attribute of URIMAP resource
definitions
- A CPSM MAS agent started with the COLM transaction
- A CPSM local MAS agent started with the CORM transaction