I encountered the problem on a LISTEARN server but looking into LISTSERV's
LSVSFILE there is not much difference, anyway:
Given the following:
* ABC LIST has an explicit FILELIST associated with it
* ABC FILELIST has a generic entry of the form
  /    A/> *        *        PRV OWN ....
* XYZ LIST has only NOTEBOOKs but no explicit FILELIST.
 
Problem:
INDEX and GET  commands for XYZ (FILELIST) fail with  either "you are not
authorized" or "not yet available".
 
As far as I  could find out the problem is  within LSVSFILE. For explicit
or implicit FILELISTs LSVSFILE  starts from the root(=LISTSERV) FILELIST.
In case the sought file is  not found other FILELISTs found are searched.
Only when the file couldn't be found in any of the FILELISTs the search
continues for NOTEBOOKs or LOGs according to the LIST specification.
If any FILELIST happens to contain a generic entry matching the requested
FILELIST the search stops and authorization  is given as specified in the
generic entry.
 
This is not only an inconvenience  but also a security exposure. FILELIST
owners can  specify whatever patterns and  fileids they like since  it is
expected that  the postmaster  controls the mapping  of the  filenames by
means of  the XXXX FILEID  files. Thus  even when a  filelist-owner lists
PROFILE EXEC as PUT=ALL this doesn't map to the real PROFILE EXEC.
The owner of ABC (FILE)LIST could specify  a generic entry of * * GET=OWN
and thus  be able to  retreive the logs of  XYZ LIST regardless  of their
FACs.
 
Christian