The target CICS® server region performs user security checking against the user ID passed on a DPL_ Request call. User security checking is performed only when connections specify ATTACHCSEC(IDENTIFY).
User security is performed in addition to any link security.
For user security, in addition to any authorizations you make for link security, you must also authorize the user ID specified on the DPL_Request call.
Note that there is no provision for specifying a user ID on the EXEC CICS LINK command. In this case, the external CICS interface passes the batch region's user ID. User security checking is therefore performed against the batch region's user ID if the connection definition specifies ATTACHSEC(IDENTIFY).
If you want to run external CICS interface server programs without any security active, you must specify ATTACHSEC(LOCAL).