Only one can be correct, either user has authorization or he don't. What is stated in the original discussion cannot be true. User don't have authorization but he blocked. He blocked it because he has authorization.
Functional guys may not have access to authorization. Check with basis/security. They will be able to drill down into details and see what happened. That's the solution.