Using the method described in CV Cloning documentation created a cloned CV for use to issue SQL queries (retrieval only).

But discovered that the SYSTEM-ID used in Signon security check (as well as any resources using external security and passing SYSTEM as a token in EXTNAME) is the original SYSTEM-ID,  not the clone SYSTEM-ID.

This is how it was designed.

The CV Cloning feature is primarily for load balancing access to the same databases so the Security system sets the SYSTEM name in the runtime SRTT to be the original CV's SYSTEM-ID so the existing security rules will govern the clone as well.

CV Cloning

Security Administration