Proper use of HTTP Error Codes. 550 - Why is it 5xx instead of 4xx?

Question

Today a co-worked used a 550 error on a delete action when the user doesn\'t have permission which at first looked to me bad because as I\'m aware of, that kinda error looks

Answer 1

5xx errors are SERVER errors. If the user doesn't have permission it should be a 4XX error.

However you're correct. A 401 error means that a user must log in to access. i.e. authentication is required.

The error you're looking for is 403 Forbidden

This has no ambiguity over whether its because a user is logged in or not. Its clear cut.

From the wiki on http error codes (http://en.wikipedia.org/wiki/List_of_HTTP_status_codes) (emphasis mine):

403 Forbidden

The request was a valid request, but the server is refusing to respond to it.[2] Unlike a 401 Unauthorized response, authenticating will make no difference.[2] On servers where authentication is required, this commonly means that the provided credentials were successfully authenticated but that the credentials still do not grant the client permission to access the resource (e.g. a recognized user attempting to access restricted content).

Again, according to the above wiki, there is no such thing as a 550 error. I suppose that you could choose to implement it yourself, but there's probably no need to be honest. It should be a server error as defined in the standards however.