What Is CICS SURROGAT Checking And The XUSER Setting?

book

Article ID: 49593

calendar_today

Updated On:

Products

CA Cleanup CA Datacom - DB CA Datacom CA Datacom - AD CA Datacom - Server CA CIS CA Common Services for z/OS CA 90s Services CA Database Management Solutions for DB2 for z/OS CA Common Product Services Component CA Common Services CA Datacom/AD CA ecoMeter Server Component FOC CA Easytrieve Report Generator for Common Services CA Infocai Maintenance CA IPC Unicenter CA-JCLCheck Common Component CA Mainframe VM Product Manager CA Chorus Software Manager CA On Demand Portal CA Service Desk Manager - Unified Self Service CA PAM Client for Linux for zSeries CA Mainframe Connector for Linux on System z CA Graphical Management Interface CA Web Administrator for Top Secret CA CA- Xpertware CA Top Secret CA Top Secret - LDAP CA Top Secret - VSE

Issue/Introduction

Description:

What is SURROGAT user checking and what it does?

Solution:

The Top Secret Implementation: CICS Guide will go into detail on SURROGAT.

A surrogate user is a user who has the authority to start work on behalf of another user. A surrogate user is authorized to act for that user without knowing the other user's password.

There are two ways to enable surrogate user checking:

  1. Specify XUSER=YES in the DFHSIT
  2. Specify FACMATRX=YES and XUSER=YES for the CICS Facility control options.

Example:

With XUSER=YES, TEST02 can issue an EXEC CICS START TRANS(CEMT) USERID(TEST01)
The DEFAULT value for XUSER is XUSER=NO

Environment

Release:
Component: AWAGNT