You have left it a long time to move away from 2.1.2 (a CICS release of which I had a lot to do with the coding of!) and is now unsupported. I strongly recommend going straight to CTS 2.2 and not stopping off on the way at CTS 1.3 - there is nothing particularily interesting to you about the Java Support in CTS 2.2, so there is absolutlely no benefit in pausing along the way: the main item of concern will be to implement the logger (and this is equally painful to get going in either release).
You will need two logonids: one for the StartedTask/Job that the CICS Region will be using (which will have to be OE enabled) and another one to act as the default & non-terminal userid used by CICS Transactions.
I don't think that there is any benefit at all in having different JCL logonids for your CICS regions.
There is a bit of a stronger case in having different default userids INSIDE the CICS regions, but I'm not really too keen on that either. I say this because these default userids will want - bassically - the same level of authority wherever they run. Which means it's going to be a waste of time ensuring that a change to one regions-default-access gets done/migrated to all the others. This is especially so if the CICS regions are being cloaned (multiple AORs) for performance or integrity reasons.
On the other hand - if you have lots of AORs that are doing logically different things, it may be better to have distinct default userids.
This was first published in March 2003