Hello,
please, how are internally handled anonymous API requests? Is the request internally processed as guest user (with his application roles)? I’ve an entity with defined Row Level Security Filter and it seems that the assigned roles are not reflected for guest user when accessing data via anonymous API.
In case of anonymous API requests (public API) the user guest is assigned. If it has assigned user roles, their application roles are evaluated during Row Level Security Filter resolution step.