Steve
With USE_ALTID=Y, the exit runs under the "security context" of the user's ID, but the context is momentarily swapped to the alternate ID during OPEN operations. This is similar to the alternate ID support provided during endevor native processing but it affects all datasets opened by the exit (not only endevor datasets).
With USE_ALTID=+, the exit runs entirely under the security context of the alternate ID. This includes dataset OPEN's as well as any other operation which would involve a RACF security check like, say, a program load (provided that RACF were set to protect programs).
With USE_ALTID=N, the exit runs entirely (including dataset OPEN's) under the security context of the user's ID, which is never swapped during the processing of the exit.
In the above description, "security context" means a RACF ACEE (Accessor Control Execution Environment) control block anchored to the TCBSENV field (Security environment pointer) of the TCB (Task Control Block) under which the user exit is running.
Hope this helps
Eduard Penafiel
CA-Endevor Support