The Question is:
I have never understood why in order to use SUBMIT/USER=someone_else
you need both CMKRNL privilege and WRITE access to the SYSUAF.
I would have expected CMKRNL + READ access to the SYSUAF.
The Answer is :
You need to write to the SYSUAF as part of a standard login, and
you also need access to kernel-mode data structures for this
particular spoofing operation.
If you want to create a process under another username, please
consider DECnet task-to-task or similar, or consider a program
that uses the persona services and $creprc or $sndjbc or such.