Both PulseAudio(audio server) and X server(display) have access controls enabled within it that does not allow anyone other than the current logged in user to access its services. That means, by default, if you use a separate user (other than root) to start a program, that program will not be able to create a GUI or make a sound.
This may not be ideal in various cases.
Access control in X
This is pretty straight-forward. The program
xhost manages the access controls for the server. To allow a user,
$ xhost +si:localuser:<username>
Or if you want to open X for all local users,
$ xhost +local:
Access control in PulseAudio
For security reasons, PulseAudio runs a separate instance for every user rather than having a single systemwide instance for everyone. There is no simple access controls for PulseAudio. Hence allowing audio for separate user is more of a workaround. What we do is ask PulseAudio to listen to a specific local port and we ask the user to send audio to that port.
For the server configuration, edit
/etc/pulse/default.pa to include the following line:
load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1
This makes PulseAudio listen on localhost for audio. Now edit
~/.config/pulse/client.conf to have the following line
which makes it send audio to localhost
default-server = 127.0.0.1
And done. Now you can create UI and send audio as a separate user.