The CICS default user ID

The CICS® default user ID identifies the user whose security attributes are used to protect CICS resources in the absence of other, more specific, user identification.

The default user ID is specified in the DFLTUSER system initialization parameter. If you do not specify the parameter, the default user ID is CICSUSER.

  • It is assigned to a terminal or a console before a user signs on, and after the user has signed off, except when the terminal or console has preset security specified. For more information, see Verifying CICS users.
  • It is assigned to transient data trigger-level transactions that are not associated with a terminal, and when a user ID is not specified in the definition of the transient data queue. For more information, see Transient data trigger-level transactions.
  • It is used as the link user ID for LU6.1 and LU6.2 connections when the SECURITYNAME attribute is not specified in the CONNECTION definition. For more information, see Link security with LU6.1 and Link security with LU6.2. The default user ID can also be used as the link user ID for IPIC. For more information, see Security checking done in AOR with IPIC.
  • It is assigned to transactions attached by LU6.2 and MRO sessions, when the attach request does not contain security parameters, and the CONNECTION definition specifies USEDFLTUSER(YES). For more information, see SNA profiles and attach-time security and User security with MRO. The default user ID can also be assigned to transactions attached by IPIC sessions. For more information see IPIC user security.
  • For transactions in an application-owning region (AOR) that are initiated using the CICS routing transaction (CRTE), the default user ID is used if the terminal user does not sign on to the AOR while using CRTE. For more information, see CICS routing transaction, CRTE.
  • It is used when an application-owning region (AOR) issues a request for a remote file that is defined as a shared data table, and the AOR is unable to sign on to the file-owning region (FOR). For more information, see Security for CICS shared data tables.
  • In the absence of more explicit identification, it is used to identify TCP/IP clients that connect to CICS. For more information, see Identification.
  • It is assigned to the USERID attribute of an MQMONITOR if the USERID has not been explicitly specified (for example, the dynamically installed MQMONITOR DFHMQINI).
  • The initial user ID used by default by z/OS® Connect, Liberty, and WEBSERVICEs.
  • The user ID used by default for unauthenticated z/OS Connect, Liberty, and WEBSERVICE requests.

    For more information about how you can configure security for a Liberty JVM server, see Configuring security for a Liberty JVM server. For more information about how you can configure permissions for z/OS Connect, see Configuring permissions for z/OS Connect Services and APIs.