I was able to reproduce on 6.2.8, it's not related to authorization layer. The filters works fine with Katello::ActivationKey.authorized(:view_actiovation_keys). The problem appears when counts of found resources are calculated in generic api controller.
Created redmine issue http://projects.theforeman.org/issues/18738 from this bug
*** Bug 1433048 has been marked as a duplicate of this bug. ***
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/18738 has been resolved.
Build : Satellite 6.2.11 snap1 1.Created a role with Similar filter mentioned above 2.Created ak with three envs QA, Dev, Production 3.Created filter for view_activation_keys with filter as environment = QA or environment = Dev Output: This displayed the ak's for QA and Dev Environment There was no traceback
Created attachment 1303549 [details] perm Permission with filter
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2466