What HTTP code to use in “Not Authenticated” and “Not authorized” cases?

Question

I read that \"401 Unauthorized\" code must be used when a user:

1. Is not logged, but login is required (\"not authenticated\");
2. Is logged, but his profile d

Answer 1

I believe 403 is the right one. We may have to tune the language in the specification to make that clear.