Where surrogate user checking applies

A surrogate user is one who has the authority to start work on behalf of another user. A surrogate user is authorized to act for that user without knowing that other user's password. To enable surrogate user checking, XUSER=YES must be specified as a system initialization parameter.

CICS® performs surrogate user security checking in a number of situations, using the surrogate user facility of an external security manager (ESM) such as RACF®. If surrogate user checking is in force, it applies to: