Specifying the CICS region user ID

When you start a CICS® region (either as a job or as a started task) in an MVS™ environment that has RACF® installed, the job or task is associated with a user ID, referred to as the CICS region user ID. The authority associated with this user ID determines which RACF-protected resources the CICS region can access.

Each CICS region, for either production or test use, should be subject to normal RACF data set protection based on the region user ID under which the CICS region executes. You specify the region user ID under which CICS executes in one of three ways:

As a started task: In the RACF started procedures table, ICHRIN03, when you start CICS as a started task using the MVS START command. See Authorizing CICS procedures to run under RACF.
However, do not assign the trusted or privileged attributes to CICS entries in the started procedures table. For more information, see the description of associating MVS started procedures with user IDs in the z/OS® Security Server RACF System Programmer's Guide.
As a started job: In a STARTED general resource class profile, on the user parameter of the STDATA segment.
As a job: On the USER parameter of the JOB statement when you start CICS as a JOB.

To ensure the authorizations for different CICS regions are properly differentiated, run each with a unique region user ID. For example, the user ID under which you run the production CICS regions to process payroll and personnel applications should be the only CICS user ID authorized to access production payroll and personnel data sets.

Important: If you are using intercommunication, ensure to use unique user IDs, unless you want to bypass link security checking. For more information, see Link security with LU6.2, Link security with LU6.1, or Link security with MRO, depending on the environment you are using.