ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

What Is CICS SURROGAT Checking And The XUSER Setting?

book

Article ID: 49593

calendar_today

Updated On:

Products

Cleanup Datacom DATACOM - AD CIS COMMON SERVICES FOR Z/OS 90S SERVICES DATABASE MANAGEMENT SOLUTIONS FOR DB2 FOR Z/OS COMMON PRODUCT SERVICES COMPONENT Common Services Datacom/AD CA ecoMeter Server Component FOC EASYTRIEVE REPORT GENERATOR FOR COMMON SERVICES INFOCAI MAINTENANCE IPC UNICENTER JCLCHECK COMMON COMPONENT Mainframe VM Product Manager CHORUS SOFTWARE MANAGER CA On Demand Portal CA Service Desk Manager - Unified Self Service PAM CLIENT FOR LINUX ON MAINFRAME MAINFRAME CONNECTOR FOR LINUX ON MAINFRAME GRAPHICAL MANAGEMENT INTERFACE WEB ADMINISTRATOR FOR TOP SECRET Xpertware Top Secret Top Secret - LDAP Top Secret - VSE

Issue/Introduction

Description:

What is SURROGAT user checking and what it does?

Solution:

The Top Secret Implementation: CICS Guide will go into detail on SURROGAT.

A surrogate user is a user who has the authority to start work on behalf of another user. A surrogate user is authorized to act for that user without knowing the other user's password.

There are two ways to enable surrogate user checking:

  1. Specify XUSER=YES in the DFHSIT
  2. Specify FACMATRX=YES and XUSER=YES for the CICS Facility control options.

Example:

With XUSER=YES, TEST02 can issue an EXEC CICS START TRANS(CEMT) USERID(TEST01)
The DEFAULT value for XUSER is XUSER=NO

Environment

Release:
Component: AWAGNT