The XUSER system initialization parameter specifies whether CICS® is to perform surrogate user checks.

You can specify the XUSER parameter in the SIT, PARM, or SYSIN only. Valid values are as follows:
CICS is to perform surrogate user checking in all those situations that permit such checks to be made; for example, on EXEC CICS START commands without an associated terminal. Surrogate user security checking is also performed by CICS against user IDs installing or modifying Db2® resource definitions that specify AUTHID or COMAUTHID.
Note: The XUSER parameter is also used by CICS to control access to the AUTHTYPE and COMAUTHTYPE attributes on Db2 resource definitions, although not through surrogate user checks. For more information about AUTHTYPE and COMAUTHTYPE attributes, see DB2CONN resources.

For information about the various circumstances in which CICS performs surrogate user checks, see Surrogate user security.

CICS is not to perform any surrogate user checking.

For information on how resource security can provide a further level of security to transaction security, see Resource security for transactions.