Looks like a bug. You should open a TAC case to correct this. I have seen some issues with roles and privileges where different MOs are missing from the predefined roles, without posibility to (easily) add them to custom-roles.
You can use the following resources to find more details about the roles/privileges/assigned MOs:
https://www.cisco.com/c/dam/en/us/td/docs/Website/datacenter/apicroles/roles.html
https://developer.cisco.com/site/apic-mim-ref-api/?version=5.2(1) -> here search for faultInfo, click on it, open it (using the square icon) and you will see under the Read Access that there is no role which has access to this MO. And the write one is empty, which means only admin has access to it (and a custom one if you configure it)
Stay safe,
Sergiu