Problem
When record-level access rules fail to evaluate due to SQL/runtime errors, the request can end up as Forbidden, which is indistinguishable from a real authorization denial.
Why this matters
- makes debugging access rules difficult
- misleads clients and operators into thinking ACL denied the request
- hides actionable runtime failures
Expected behavior
- keep Forbidden only for actual permission denial
- surface evaluation failures as internal errors with a stable machine-readable code
- preserve safe error-message behavior in non-dev mode
Scope
Affects record access checks and subscription access checks (HTTP/SSE/WS).
Problem
When record-level access rules fail to evaluate due to SQL/runtime errors, the request can end up as Forbidden, which is indistinguishable from a real authorization denial.
Why this matters
Expected behavior
Scope
Affects record access checks and subscription access checks (HTTP/SSE/WS).