In the last commits concerning acl (either disabling it completely or setting it via config) there was a little mixup i guess - an old check $this->accessPolicyEnabled !== false was left behind at one place even thought the correspoding config option was supposed to be removed. Also the acl setting in the config got overwritten by the default setting.
Additionally (for our use case) setting the acl to empty string was not enough, we explictly needed to not set it at all.
In the last commits concerning acl (either disabling it completely or setting it via config) there was a little mixup i guess - an old check
$this->accessPolicyEnabled !== falsewas left behind at one place even thought the correspoding config option was supposed to be removed. Also the acl setting in the config got overwritten by the default setting. Additionally (for our use case) setting the acl to empty string was not enough, we explictly needed to not set it at all.