In theory, yes. The documentation for XCMD option says that "it can be restricted by the administor" meaning, this option is compatible with Restriction options at SAS Foundation level.
https://go.documentation.sas.com/?cdcId=pgmsascdc&cdcVersion=9.4_3.4&docsetId=hostunx&docsetTarget=n...
$SASROOT/misc/rstropts/groups
the restriction applies selectively upon the SAS session owner account's login or - better - primary group.
the admin creates a specific SASV9.cfg file in the directory below with the option values set accordingly
<primary group>_rsasv.cfg
-XCMD
-this file will take precedence over any SASV9.cfg file globally applied
-if the option value (not the case, here) can also be changed during the sas session, the restriction applies and the change is refused
Never tested. I am suprised this very option is compatible with restriction since it applies only for IOM server sessions.