The ability to change the MVS™ identity of an address space is reserved for a subset of superusers who control daemons. A daemon is a process that verifies the identity of a user before creating a process to run work on behalf of the user. This approach allows the installation to have superusers whose job is to maintain the file system and user processes, but who do not have the ability to change their user identity. See Setting up the BPX.* FACILITY class profiles in z/OS UNIX System Services Planning for a description of the BPX.DAEMON resource profile in the RACF® FACILITY class and how it is created. This information also describes additional BPX.xxxxxxxx resource profiles in the FACILITY class that are used to provide selective permission to certain restricted functions.
Also, superusers are said to have daemon authority if the BPX.DAEMON resource profile is defined and they have access to it. If BPX.DAEMON is not defined, the users have daemon authority if they are a superuser.
Note that aliases can be supplied for user IDs. Callable services that pass or receive user ID parameters may need to use the userid alias table. Its use is described in USERIDALIASTABLE in z/OS UNIX System Services Planning.