Bob,
SURROGAT resource class is not only used for cross authorization checks, but it is also used in CICS, Lotus Domino Go Webserver, OPC/ESA, JES and Websphere for different purposes aside from cross authorization authority.
Couldnt find anything off hand that discusses the difference between PERMITing a user to an acid vs using SURROGAT checking in JES. This will need further research. Please open a ticket support if you would us to pursue it further.
Regards,
Joseph Porto - CA Level 1 Support