RBAC pam apparmor

Hello!, I’m trying to implement some basic role based access control on my system as described here; https://gitlab.com/apparmor/apparmor/-/wikis/pam_apparmor, and here; https://gitlab.com/apparmor/apparmor/-/wikis/Pam_apparmor_example. I’ve added the files as described and added a little test line for the confined_user profile in pam_roles, as such:

profile confined_user {

deny /home/USERNAME/testfile rwk,

I can see that the correct profile is in enforce mode (/bin/su//USERNAME), I have libpam-apparmor installed, I’ve added the necessary lines in the su pam configuration file. Yet if I su to USERNAME I can still edit and read the testfile logged in as USERNAME. If I change the apparmor line in /etc/pam.d I cannot use su anymore (su: cannot open session: System error) which means that the transition isn’t hapenning :(.

How do I get this to work?
Also, where may I find better (more recent?) and more complete documentation of pam apparmor and apparmor RBAC?

Here are the files I’ve used (more or less the same ass the pam apparmor example linked above above)
/etc/pam-d/su https://pastebin.com/X1a5UAbZ
/etc/apparmor.d/pam_roles https://pastebin.com/rU0vnTtU (replaced my actual username with USERNAME)
/etc/apparmor.d/pam_binaries https://pastebin.com/MyaRj18Z
/etc/apparmor.d/pa/mappings https://pastebin.com/maFMFpxP

Minor errors in the text: The error “su: cannot open session: System error” happens when I change the pam apparmor line from optional to required.
There are also some irrelevant grammatical errors in the file paths before the pastebin links.

Also, here are the error messages when I try to su from user olof to admin

Is pam_apparmor installed?

P.S. please always put computer text inside [noparse]


[/noparse] tags.
P.P.S. please upload information to https://susepaste.org, not to commercial sites. Not everyone can or want access them.

Sorry about that, first time posting here.
Yes libpam-apparmor is installed.

Such package does not exist in openSUSE. I asked about pam_apparmor.