It is the nature of the Linux operating system and the POSIX security model that the root user has access to all system information stored on the local server. Due to this fact, some organizations choose to monitor the activities of privileged users.
If you are interested in monitoring such activities, two Novell products can assist you.
Novell Sentinel: Universal Password events can be monitored using Novell Sentinel. You enable this by modifying the NMAS Login Policy Object. For instructions, see Auditing NMAS Events. Then refer to the Novell Sentinel Documentation for further instructions.
Privileged User Manager: This product lets you monitor root user activities on the OES server by collecting data, analyzing keystrokes, and creating indelible audit trails. For more information, see the Novell Privileged User Manager Documentation.