When you install a DB2CONN resource definition that specifies the AUTHID, SIGNID, or COMAUTHID attribute, or when you install a DB2ENTRY definition that specifies AUTHID, or when you modify one of these attributes, CICS checks that the userid performing the operation is authorized as a surrogate user of AUTHID, COMAUTHID, or SIGNID. This also applies to the CICS region userid during group list install on a CICS cold or initial start.