If the user has been associated with a role and its attendant rights, all commands affected by these rights have two types of user IDs (UIDs) and group IDs (GIDs)—effective and real.
Effective UIDs and GIDs are used for access control to protected resources. Real UIDs and GIDs are used to establish ownership and responsibility (for logging purposes). For example, when users create files, the files are created with the real UID and GID; however, the ability to open a file is based on the effective UID and GID.
In most cases, effective IDs are sufficient to grant access to restricted system resources. In other cases, the real IDs are required.
Commands are executed under the real or effective UID and GID established ...