It looks like the change made back in February:
KULRICE-3825 - replace aliased kim update services with beans to allow easier overriding of update services.
Completely broke the document configuration view as it relates to permissions (and probably responsibilities).
They used a special criteria property name which was known to the lookupable for PermissionImpl. Unfortunately, it was changed to fully use the lookup service. Unfortunate because the lookup service provides the "service" of removing unrecognized properties from the input criteria. (Such as the one I needed: "detailCriteria". The result is that every document shows every document initiation permission.
The offending code is in LookupDaoOjb.createCriteria() where it returns null if the property type returns null.
Either that code needs to be removed (default to a String?) or the property needs to be added to the object and DD.
Should the lookup service be "sanitizing" the input criteria? It seems like this results in more problems for developers in troubleshooting rather than it would cause failures during lookups. What do you think?