The ipsec command is an APF-authorized application. Users of the ipsec command must also be authorized through the security access facility (SAF). This information assumes that the SAF is RACF®. Authorization is managed with the SERVAUTH profile and is described in ipsec command SERVAUTH profile. For the ipsec -f default and ipsec -f reload command, file system access is also required. You do not need root authority to use the ipsec command, but for filter rule set control on a local stack, the administrator must provide you with some file access capability. For more information about granting group access control, see Group access control for local host stacks.