We are currently implementing Web Viewer r14.0 on LPAR running z/OS 2.4 and CA-TSS r16.0 and facing an issue when browsing a repository. 
We can see the following message into the server log: TSS9405E NO AUTHORITY FOR INTERNAL SECURITY FUNCTION ( ) 

From the manual it might have something to do with missing APF, however all libraries have been added to APF. 

Release : 14.0

The log shows the call to View to open the View database is failing.

SARUSDUX is the View User ID Determination exit for DRAS.  According to the TSS documentation one of the reasons for the TSS9405E message is a call requiring APF authorization was made in a non-APR state.  Web Viewer r14 runs non-APF authorized and a user exit is making a RACROUTE call that requires APF authorization. The SARUSDUX user exit (which contains RACROUTE code) source needed to be adjusted. 

A SARUSDUX user exit with RACROUTE code in it will not work for Web Viewer 14.0. SARUSDUX code with RACROUTE calls date back to pre-r11 releases. At release 11.0 the RACROUTE code was removed from the SARUSDUX and all other signon/signoff user exits, and then handled as a standard feature of the product. The customer needed to add a few instructions to their existing user exit. Broadcom is not responsible for maintaining customer/user exits.