I don't understand how this can work, even if you do pass 'bsmith' rather than 5 into the check function (can '5' be cast as a sysname, anyway?).
The function returns 1 if the supplied name matches the value returned by USER_NAME(). If I run that on my system, I get 'dbo', which according to books online is what you get for a user that is a member of the sysadmin role.
Even if USER_NAME() returned 'bsmith' for that user, what does this achieve? It appears to have the effect of allowing users to only give themselves access to the specified customer. But it does not stop anybody from doing so, does it?
Am I missing something?