I've created a user group TEST and TEST2, and a new role in PFCG with only SU01 and only the authorization object S_USER_GRP activated.
One user has been given the role and this is the users only role. However, when running SU01 the user can lock users that are added to TEST2 even though the class limits the user to group TEST.
Can you please help me figure out why this happens?
Also, is it correct that I have to add ALL users to a group to be able to limit editing of users inside one particular group?