Depends on the PKGSEC parameter setting in the C1DEFLTS table.
If PKGSEC is set to APPROVER or MIGRATE, then yes, the Approver Group security rules override the ESI Package Utility rules.
PKGSECSpecifies whether users must be part of an approver group to case, or execute, a package.
- APPROVER
Specifies that the site would like to restrict package actions to package approvers. - ESI
Specifies that the site would like to control package options through an external security package such as CA ACF/2 for z/SO, CA Top Secret, and IBM RACF via the ESI interface. - MIGRATE
Specifies that the site is in transition between Approver security and ESI security. Both will be checked.
Note: The approver security rules take precedence over ESI security rules. If the user is granted access to the package by the approver rules, ESI will not be invoked. ESI will be invoked only when the user does not belong to any approver groups associated with the package (If there are no approver groups associated with the package (this is true for ALL packages before they are CAST), no access restrictions apply.)