CICS default user

When you are using CICS with external security, CICS assigns the security attributes of the CICS default user to all CICS terminal users who do not sign on.

CICS also assigns the operator data from the CICS segment of the default user to signed-on users who do not have their own CICS segment data. To enable CICS to assign default security attributes and operator data, you define a CICS default user id to RACF. You then tell CICS which default user to use by specifying the DFLTUSER system initialization parameter. If you do not specify a default user id on the DFLTUSER parameter, CICS uses the name CICSUSER.

Whether you use installation-defined operator data on your DFLTUSER parameter, or use the default, it is essential that the userid is defined to RACF and that the region user id has installed surrogate security to use the default user (see Surrogate user security).

CICS signs on the default user during system initialization. If you specify SEC=YES as a system initialization parameter, and CICS cannot sign on the default userid, CICS initialization fails.

CICS uses the security attributes of the default userid to perform all the security checks for terminal users who do not explicitly sign on. These security checks include resource and command security checking, in addition to transaction-attach security checking.

Note: If the default user's RACF profile specifies a non-zero TIMEOUT, that value does not apply to terminals that do not sign on.