User impersonation functionality allows you to configure the environment's hosting account to either the default user account, or to the session's CICS signed on user account. The signed on user account is controlled using
EXEC CICS SIGNON and
EXEC CICS SIGNOFF.
Applications host under the account that started the session by default. User impersonation allows you to avoid the following situations:
- The hosting account may have inappropriate privileges for normal applications. For example, self-hosted SEPs can run in an administrative account with access to the operating system. This can lead to dangerous situations.
Note: Typically, SEPs are hosted in an IIS
w3wp.exe process that runs under a system administrator account. Self-hosted SEPs are used mainly for debugging.
- Some applications may need access to sensitive resources to which they do not have access under the hosting account. User impersonation lets you set required application privileges as the application requires it.
The user impersonation that you configure applies to a session, which is generally equivalent to a terminal connection, ISC conversation, or MFBINP conversation.