I am getting the 'ACF00103 NOT AUTHORIZED TO CHANGE FIELD ACCOUNT' message when trying to INSERT a logonid with 'CANCEL' even though I have access to the CASECAUT Resource 'ACFCMD.USER.CANCEL', why?
The 'ACF00103 NOT AUTHORIZED TO CHANGE FIELD ACCOUNT' message is based on comparing the privileges(SECURITY, ACCOUNT, and LEADER) of the logonid issuing the INSERT command to the authority requirements the @CFDE macro of the fields specified on the INSERT command.
If the ALTER= parameter of the entry has "ALTER=SECURITY" and not ALTER=SECURITY+ACCOUNT" then that would explain why the ACF00103 error is occurring.
Please note the CASECAUT Resource check for ACFCMD.USER.CANCEL is only checked for CHANGE commands not INSERT commands so the $KEY(ACFCMD.USER.CANCEL) TYPE(AUT) rule would allow CHANGE id CANCEL but not INSERT id CANCEL.