IBM manual that states there are 3 ways to provide UID 0 access. They are as follows:
Assigning a UID of 0, which is the least desirable way. See Assigning a UID of 0
Release : 15.0
Component : CA LDAP Server
Top Secret can use UNIXPRIV(SUPERUSER.FILESYS) or (BPX.SUPERUSER) rule.
IBMFAC(BPX.SUPERUSER) is the same as giving UID(0), however since UID(0) has been removed and the ACID now has a unique UID, and you can pin point them for accountability
With UID(0) you can't tell which of the ID's that have that access did something.
Superuser Granularity for UNIXPRIV documented:
https://techdocs.broadcom.com/us/en/ca-mainframe-software/security/ca-top-secret-for-z-os/16-0/using/z-os-unix-system-services/superuser-granularity.html