I've recently created USPS tracking module for Drupal, so Qwintry.com users could get notifications when their international packages change state. I've used queue operations to build requests to USPS API by cron, and it seems to work great for our customers, but this story is not about the module.
My plan was to provide rules event "The package [tracking number] changed active state from [old state] to [new state]". (words in square brackets are Rules arguments).
On Qwintry website, "Package" is a node, with "tracking number" textfield.
So, basically, my Rule was:
if [tracking number] changed active state from [old state] to [new state]: - fetch entity by property "tracking number" = [tracking number] - send [author of loaded entity] a nice email about state change
_rules_event_info() hook in my module code, and created my Rule.
The rule worked perfectly when I triggered the event using my admin account, but..
.. it didn't work when I run website cron to trigger my event.
event was triggered but it couldn't find the node with such property (though I knew that I have node with such tracking number in db).
After hours of debugging I found out that the issue here is that "Fetch entity by property" action of Rules uses EntityFieldQuery, which of course respects node access permissions and checks current user access. My "package" nodes were private for their owners. And cron uses anonymous user to trigger the event! So, cron didn't have enough permissions to load the nodes.
That makes perfect sense (for lots of use cases!) to check node access unconditionally, but in my case it was a big trouble.
I think that the perfect solution for the issue would be an "ignore access permissions" checkbox in "fetch entity by property" Rules action.
I've created an issue in Rules issue queue: http://drupal.org/node/1804586 but didn't get any replies yet.
I hope this will save some time to someone else!