Socket Filter cannot control against the user that has the same privilege as the root user?

Document ID : KB000124796
Last Modified Date : 16/01/2019
Show Technical Document Details
Question:
Regarding the SFA, the DocOps explains as follows. It does not work for root user, but do work for non-root user that has the same level permission as the root user? 
 
http://bit.ly/2LyRu8v 
Install and Configure a Socket Filter Agent on UNIX 
Note: On UNIX and Linux targets, the Socket Filter Agent only filters non-root users. A Socket Filter List defined in a policy becomes effective for non-root users logging in to targets through CA Privileged Access Manager. 
Environment:
CA Privileged Access Manager r3.x
Answer:
A specific "root" user cannot be controlled by the SFA. 
The SFA can control the user who has the same permission as the root user.