I am getting the 'ACF00103 NOT AUTHORIZED TO CHANGE FIELD ACCOUNT' message when trying to INSERT a logonid with 'CANCEL' even though I have access to the CASECAUT Resource 'ACFCMD.USER.CANCEL', why?

Document ID : KB000015096
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

I am getting the 'ACF00103 NOT AUTHORIZED TO CHANGE FIELD ACCOUNT' message when trying to INSERT a logonid with 'CANCEL' even though I have access to the CASECAUT Resource 'ACFCMD.USER.CANCEL', why?

Answer:

The 'ACF00103 NOT AUTHORIZED TO CHANGE FIELD ACCOUNT' message is based on comparing the privileges(SECURITY, ACCOUNT, and LEADER) of the logonid issuing the INSERT command to the authority requirements the @CFDE macro of the fields specified on the INSERT command. 

If the ALTER= parameter of the entry has "ALTER=SECURITY" and not ALTER=SECURITY+ACCOUNT" then that would explain why the ACF00103 error is occurring. 

Please note the CASECAUT Resource check for ACFCMD.USER.CANCEL is only checked for CHANGE commands not INSERT commands so the $KEY(ACFCMD.USER.CANCEL) TYPE(AUT) rule would allow CHANGE id CANCEL but not INSERT id CANCEL.