When you are using CICS with external security, CICS assigns the security attributes of the CICS default user to all CICS terminal users who do not sign on. CICS also assigns the operator data from the CICS segment of the default user to signed-on users who do not have their own CICS segment data. To enable CICS to assign default security attributes and operator data, you define a CICS default userid to RACF. You then tell CICS which default user to use by specifying the DFLTUSER system initialization parameter. (See the CICS® System Definition Guide for information about this parameter.) If you do not specify a default userid on the DFLTUSER parameter, CICS uses the name "CICSUSER."
Whether you use installation-defined operator data on your DFLTUSER parameter, or use the default, it is essential that the userid is defined to RACF and that the region userid has installed surrogate security to use the default user (see Surrogate user security).
CICS "signs on" the default user during system initialization. If you specify SEC=YES as a system initialization parameter, and CICS cannot "sign on" the default userid, CICS initialization fails.