Privilege naming and hierarchy

Edit online

AIX privileges cannot be created, modified or deleted by a system administrator.

The list of available privileges and a brief description of the privilege can be displayed on a system by running the following command:
lspriv -v

The privileges provided on AIX are listed in AIX® privileges. All AIX privileges have a textual representation of the privilege bit that begins with PV_. The naming convention used after the PV_ prefix denotes the hierarchical relationship between privileges. For example, the auditing privilege PV_AU_ is the parent of privileges PV_AU_ADD, PV_AU_ADMIN, PV_AU_READ, PV_AU_WRITE and PV_AU_PROC. When checking for privilege, the system first determines if the process has the lowest privilege needed and then proceeds up the hierarchy, checking for the presence of a more powerful privilege. The PV_ROOT privilege is a special privilege that represents the parent of all privileges except PV_SU_. A process that is assigned the PV_ROOT privilege behaves as if it has been assigned every privilege on the system except PV_SU_.