Protecting spool request

Hi

My client requires a specific spool request to be protected, in order for only a small number or users to be able to access it.

The spool was created with an authorisation group. This authorisation groups was added to the users who are allowed to view the spool under the S_SPO_ACT .

However we are finding that all users are still able to view this spool even though they do not have access to the specific authorisation group. The other users have access to __USER__ which should allow for display of unprotected spools. Looking at the authorisation trace logs, the check fails again the authorisation set in the spool, but then passes the check to __USER__ which then allows them to view the spool.

What am I missing, was the authorisation check no configured correctly, or have we not set up the protection on the spool properly?

Regards