IBM will be removing the option of AllowUserKeyCSA(YES) in future, enforcing it to be NO..
This may impact clients with code accessing ERE/ESE areas from a CICS address space.
This may be a problem because by default, CA-IDMS uses z/OS sub-pool 231 for the ERE and ESE areas and that is fetch-protected.
S0C4/AKEA abends may result.
As of September, 2018, CA IDMS development are in the process of developing a System Generation option which will allow clients to specify which sub-pool should be used.