Policy re-evaluation can deny previously allowed transaction if Force action (such as force_deny or force_exception) is applied with sub-optimal layer order.