Due to a disconnect between how users and roles are acquired for writing POLICY datastreams and the entries reflecting them in the RELS-EXT(/-INT), it was possible for the set of relationships written to be a subset of those written to the POLICY.
This issue would be likely to manifest as objects with XACML viewing restrictions showing up in lists of results of users/roles who do not have access to view them, and so getting 403s(/404s?) when trying to access them.
This issue should only affect POLICY streams written with the XACML API directly--those written with the "editor" UI should be fine, due to validation the editor performs (requiring the user enabling the viewing rule to be selected)... This issue may potentially affect POLICY streams written with the "Scholar Embargo" module.
A pull with an update hook still to come.