The UNIX operating system traditionally uses an "all or nothing" privilege model,
in which superusers (those with effective UID=0, such as the root user) have virtually unlimited power, and other
users have few or no special privileges.
HP-UX provides several legacy methods of delegating
limited powers, including restricted smh(1M), the
privilege groups described in privgrp(4), the shutdown.allow file described in shutdown(1M), and the cron.allow file described in crontab(1).
These legacy methods can be replaced by the use
of fine-grained privileges and the HP-UX RBAC access control framework.
The HP-UX fine-grained privilege model splits the
powers of superusers into a set of privileges. Fine-grained privileges
are granted to processes. Each privilege grants a process that possesses
that privilege the right to a certain set of restricted services provided
by the kernel.
See privileges(5) for more information.