The userid in question has access to R(UNI) $KEY(SUPERUSER) "FILESYS.-" with SERVICE(READ) ALLOW As per IBM documentation this is what should be required (as it was working fine with z/OS 2.2): SUPERUSER.FILESYS.MOUNT on the UNIXPRIV class.
Environment
Release: Component: ACF2MS
Resolution
In z/OS 2.3, the mount is done with SETUID and requires UPDATE authority instead of READ.