Hey Everyone,
I opened a TAC case on this and it's not a bug it's a feature :).
Let me explain. I was using a nested policy. So in the api explorer I did a GET of all ACP's (access control policy). The access-rules I wanted to query were in a child ACP. So I entered the UUID of the ACP into the container field and did a GET of the access-rules.
This gives you ALL access-rules. So both the rules from the parent ACP as the rules from the child. The same as when you would click the ACP in the GUI.
However when you now take the UUID of an access-rule that is part of the parent ACP and do a GET on that you will get an error, because that UUID is not strictly part of the child ACP.
This makes sense but it's quite unfortunate as it takes quite some extra code from my end to automate this. I need to do a GET on the child ACP and check if there is a parent ACP. Then iterate first through the parent and it's access-rules. Then go to the child and iterate through the rules there and omitting the ones from the parent as they will throw an error.
I think this is quite cumbersome. If anyone has a better way of doing this kind of GET please let me know.