A logonid with SECURITY and ACCOUNT privileges is unable to grant the group attribute field of another logonid. Getting:

ACF00103 NOT AUTHORIZED TO CHANGE FIELD GROUP
Reason:
You do not have the authority required to modify the requested field (fld). ACF2 Messages determines the authority to modify fields by comparing your SECURITY, ACCOUNT, and LEADER attributes to the authority requirements the @CFDE macro generates.

The current entry for CFDE GROUP -

@CFDE  GROUP,LIDGROUP,CHAR,LIST=SECURITY+AUDIT,                     X02230100
            FLAGS=NULL,GROUP=11,ZERO=YES,VRTN1=10            TS99345 02230200

Release : 16.0

Component : ACF2 for z/OS

If the @CFDE entry for the GROUP field does not specify ALTER then 'no accesses are allowed' meaning no one can change the field.

The logonid SCPLIST field is used to limit or scope a privileged logonid such as a SECURITY or ACCOUNT administrative authority over logonids, rules, and Infostorage databases. If the logonid with SECURITY or ACCOUNT had a SCPLIST specified it may have been what was limiting the logonid from changing the GROUP field for another logonid.

Based on the @CFDE entry for GROUP field the only way to address the issue is to add the 'ALTER' operand to the @CFDE entry to specify one of the security privileges.