Component : LDAP Server

The IBM documentation states there are 3 ways to provide UID 0 access. These are:

     1) Using the UNIXPRIV class profiles, the preferred way. See Using UNIXPRIV class profiles.
     2) Using the BPX.SUPERUSER resource in the FACILITY class. See Using the BPX.SUPERUSER resource in the FACILITY class.
     3) Assigning a UID of 0, which is the least desirable way. See Assigning a UID of 0.

Top Secret ACIDs, including the LDAP Server started task ACID, can use either the UNIXPRIV(SUPERUSER.FILESYS) or the IBMFAC(BPX.SUPERUSER) permission. These are recommended over UID(0) because both provide accountability for the ACID. With UID(0), you can't tell which UID(0) ACID made a change.

Superuser Granularity for UNIXPRIV is documented Superuser Granularity.