Presumably if something sneaks onto your system it will run as the user who was active when it snuck on, or as SYSTEM.
identifying what USER the process is running under is not so important -- but identifying the PROCESS is.
I think identifying the user along with process, time, type of operation (read, write, open, etc.) is equally important. Think about it, you are browsing the internet or listening to music and you see an alert for file/folder access. You know that you are not the one trying to access it but would want to know who initiated it (system access which was genuine or hacker who sneaked in the system logged in under your name). If you see that a access alert under your name is trying to access, you can take action on that immediately.
I think the program SpyShelter Firewall comes very close to what I need. For any type of access, it alerts me and I can either allow, reject or terminate the action but not sure if someone sneaks in my PC, will it prompt me with an alert.