That is the way I understand it,, yes.
If you allow the actual credentials of the authenticating to be used, and the user does not have the rights (Novell LDAP makes this a possibility) to obtain his/her own groups, for example, it could make your policy evaluation fail. Best practice, you should maintain a dedicated user to do this so that you have consistent results.