When you have assigned rights to a column that has a lookup and later you change the lookup display column, the column becomes unavailable and effectively has no rights anymore. I made a validation to detect columns with lookups that have rights but are unavailable, please add this to the validation basemodel.
--Lookup has rights, but is not available
select rco.*
from role_tab rt
join role_col_overview rco
on rco.model_id = rt.model_id
and rco.branch_id = rt.branch_id
and rco.role_id = rt.role_id
and rco.tab_id = rt.tab_id
where rt.model_id = @model_id
and rt.branch_id = @branch_id
and rt.select_granted = 1 -- own table has rights
and rco.col_access_type in (0, 1) --0=edit, 1=read only, 3=hidden
and rco.available = 0
and rco.look_up_source_tab_id is not null
and rco.sf_type_of_col <> 3 -- meta hidden fieldWhat also could be considered is to automatically assign rights when changing a lookup display column that previously had rights.