You MAY install Node-RED using elevated privileges (e.g. using
sudo on a Linux system) - this is generally required if installing as a "global"
node-red install -g ..... Which many people do.
You should NOT run Node-RED using a privileged account (e.g
root on Linux systems). Since this is very insecure and will also almost certainly cause you many issues later on.
For a low security installation, you might install globally using elevated privileges and run using the same account as you usually log in with.
For a production system, it is better to install into a local folder under a dedicated user id and group which you use to run the service. This makes it easier to keep Node-RED isolated from the rest of the server and is the same approach used for web servers and other microservice architectures.
For even higher security, consider installing locally using a semi-privileged account and run using a low-privilege account. This helps ensure separation of the service from the OS and separation of what a user can do from the service.