Is there a fairly easy way to restrict users within an Approver Group from having the ability to create packages? THANKS
as an organisational solution (1) you could (let) check and adapt the permissions of a user, when his userid is added to an approver-group. An alternative with only nearly the same effect, (2) you could use Exit-7, when PECBSFCD equal to 2,3,4,5, and do a RACROUTE REQUEST=AUTH to check if the user has permission to approve packages and then deny the package-action in exit-7.
If your intention is to enforce the four-eyes-principle, (3) you could use exit-7 PRCBSFCD equal 0 (approve-action) and check and deny this package-action, if the userid is the same as userid of cast and/or creation etc.
If you define the Package area of the BC1TNEQU table and if you have the ESI feature then YES you restrict users that approve packages from creating a package.
This eliminates the need for an EXIT.
Thank you all for the feeback. We just activated ESI at our site last month so we will pursue this option.