Returning grant instead of deny leading to unauthorised access
Returning deny instead of grant leaving to DOS.
Returning wrong obligations
Missing obligations from authz decisions
Attribution of wrong access rights to an otherwise trusted member