User IDs for system services
For best security, after system startup, all services should be running with their own unique user and group IDs.
Process manager abilities
Within the kernel and process manager, control over a process's ability to perform many actions is governed not by the user ID (UID) of the process, but by a set of approximately 70 permissions called process manager (procmgr) abilities.
Security policies
Security policies provide a central way to control the privileges that processes have, which simplifies an audit of a system’s security.