Started transactions

CICS® performs surrogate user checks when you use a START command to start a transaction that is not associated with a terminal.

In the following, the user ID under which the transaction issuing the START command runs is called the starting-userid, and the user ID under which the started transaction runs is called the started-userid:
  • If the TERMID option is specified on the START command, surrogate user checking does not apply. The started-userid is inherited from the terminal at which the transaction runs.
  • If the USERID option is specified on the START command, the started-userid is set to that specified userid.
  • If neither TERMID nor USERID is specified on the START command, the started-userid is set to be the same as the starting-userid.

CICS requires that all the user IDs associated with the transaction issuing the START are surrogates of the started-userid. CICS also assumes that any user ID is always a surrogate of itself. So user IDs that are the same as started-userid are regarded as surrogates already, and the external security manager is not called for them.

A transaction can be associated with user IDs that are different from starting-userid when it is using CICS intercommunication, and when it is using EDF in the two-terminal mode.

If neither USERID nor TERMID is specified on the START command, surrogate checking is not done, because the starting-userid and the started-userid are assumed to be the same. If an ICRX is available, CICS passes it to the started task and the started task inherits the distributed identity used by the ICRX.