CICS users

When CICS® security is active, requests to attach transactions, and requests by transactions to access resources, are associated with a user. When a user makes a request, CICS calls the external security manager to determine if the user has the authority to make the request. If the user does not have the correct authority, CICS denies the request.

In many cases, a user is a human operator, interacting with CICS through a terminal or a workstation. However, this is not always the case: a user can also be a program executing in a client system. In general, a CICS user is an entity that is identified by a user identifier (or user ID).

All CICS users must be defined to the security manager; when the security manager is RACF®, information about each users is stored in a user profile.

Here are some of the ways that the user of a CICS transaction, or a CICS resource, can be identified:
There are two user IDs that CICS uses in addition to those that identify individual end users:
The region user ID
This user ID is used for authorization checking when the CICS system (rather than an individual user of the system) requests access to a resource.

For more information, see The CICS region user ID.

The default user ID
This user ID identifies the user whose security attributes are used to protect CICS resources in the absence of other, more specific, user identification.

For more information, see The CICS default user ID.

By itself, a user ID does not protect the system from unauthorized access: in many cases, user IDs are known to other people than the user they identify. To prevent impersonation, another piece of information — known only to the individual user — must be supplied in order to authenticate the user. For example: