During initial startup of a new version of WebShpere STC, observe multiple errors :
 CAS2312E - Update Access Denied and Alter Access Denied    .... messages from the Unix file system servant process.  

Current HFS resource rules allows the owner of the STC  and updated the keys to allow access. 
The OMVS segments and LIDS were validated as correct, but the access denied messages persist on startup.  

Release : 16.0
Component : CA ACF2 for z/OS

Rules for the specific SYSID where the new release of WebSphere is running needed modification.

- Review the ACFRPTRV report to identify the offending rule-set (ROLE or Rule)

Updating the rule-set may be required, identifying the proper ROLE or Rule that will need modification to accommodate STC {user-id}  for HFS file access that is 
missing as per the RV report. 

It is possible that a specific rule-set is missing for the SYSID in consideration.

If file authentication failure appears to be on a specific Lpar, .
Recommend that the rule-set update should be targeted for this specific LPAR / SYSID.

The process to authenticate file access when ACF2 is activated in a unix environment, requires valid ACF2 resource rules for file authentication. 
The presence of UID(0) is not valid for 'file authentication'.