Minor Step to reproduce:
1. Create some WebObject
2. Add a group guard: @WebObject(type = "MyObject", guard = "group=mygroup")
3. Create the group mygroup
4. Create the group subgroup
5. Set the group subgroup as a sub group of mygroup
6. Create a user "test"
7. Add the user "test" to subgroup
8. Try to use the webobject with the user "test"
It answers 401 unauthorized.
