The following is posted on Yammer as well.

This summer, we ran into a problem that we had never experienced before in such large numbers. As of the time of this post, we've had at least 8 students out of 56 that have run into an issue where they attempt to go from their section in ANGEL to the Drupal course content, and they land on the "Authorization Needed" page.

Some of the details are:

1. This is only happening in both section of a single course. No other summer course has run into this problem.
2. This course has been offered in previous summer sessions without incident.
3. The rosters and access within Drupal are populated through the ANGEL-API.
4. Every one of these students had previously been on the rosters in ANGEL, and the ANGEL-API had run long before the course opened up and granted them "student" access level. This eliminated a student adding the course and trying to access the material in the gap between cron runs.
5. The students receiving this error do not generate an "access denied" line in the logs in Drupal.
6. When we tested this with an account that had no access rights, an "access denied" log entry was generated.
7. The frameprevention module is on.
8. Firefox failed, IE failed, but Chrome worked for one student.
9. Another student had the site fail in Firefox. They then tried in Chrome and it worked. Since then, they went back and tried Firefox, and Firefox worked just fine.

In digging around in ANGEL, the only thing we were able to find that is unique to this course is that it was set up from a "master" version of the course in ANGEL. We checked other semesters of this one course, as well as different courses, and none of them had this setup process. They were either set up from scratch that semester, or copied from a previous semester's version. The only other differences that we found were that the current sections a few more environmental variables that are active in the summer versions but not active in the master version: instructor-everyone messages and SIS-driven add/drop messages.

For now, we've been telling students to go to the Drupal course from a direct link. I haven't heard back from students if that is working or not, but it should. We'll dig around more with how the course differs, but I wanted to pass along our findings to everyone else in case they experienced the same problem in the past, and possibly help narrow down what might be causing this.