IBM Security Z Security

View Only

Command Verifier Policy Profile for group Connect and Protected User

Bill Arrowsmith posted Fri December 12, 2025 02:59 AM

Hello,

zSecure Command Verifier includes the capacity to implement controls of Connect commands based on a number of user attributes. The documented attributes include Special, Operations, Auditor and so on.

We have a situation where we would like to prevent PROTECTED users from being connected to certain groups. Is this possible?

Thank you,

Bill

Tom Zeehandelaar posted Fri December 12, 2025 03:42 AM

Hi Bill,

the current version of Command Verifier does not support a policy profile to allow or disallow protected user IDs to be connected to certain groups. But I can see the added value of such a capability to be supported. Naturally, you are welcome to open an idea to request adding a Command Verifier policy profile that enables you to control whether protected user IDs can be connected to groups. Please also provide the business justification that outlines why your company would like such a policy profiles to be supported in a future release of zSecure Command Verifier.

IBM Security Z Security

Command Verifier Policy Profile for group Connect and Protected User

Additional
Resources

Office

Quick Links

IBM Security Z Security

Command Verifier Policy Profile for group Connect and Protected User

Related Content

Using Command Verifier to prevent DELETE DATASET profile command on certain profiles

Command Verifier profile vs zSecure Admin

You're Going to ❤ zSecure Command Verifier Webinar

zSecure 3.2: RACF User Quarantine, additional integration with zMFA, and extended custom data support

IBM Security zSecure 2.3.1: Command and Ticket Logging

Additional Resources

Office

Quick Links

Additional
Resources