Considerations for CICS surrogate security checks

If CICS® surrogate security checking is required, you need to work out which user ID against which CICS surrogate security checks will be performed and plan for that in the RACF® definitions.

In some situations, CICS issues a surrogate security check on a user requesting an action that is required to be run on behalf of another user. To allow this request to be processed, the user requesting the action must have surrogate access for the other user ID.

However, CICSPlex® SM simulated CICS security does not include the simulation of CICS surrogate security.

For CICS surrogate security, the checks will be performed against the MAS agent user ID rather than the user issuing the request. To determine the MAS agent user ID, follow the instructions in Determining the agent user ID of CICSPlex SM components.