SAK-11320 is triggered Tools using XML based storage will retain the now orphaned Realms.
Site members are then denied access to Section constrained Tool entities. This is because the XML embedded ACL is bound to a Realm which is no longer used in the Site.
Our investigations at Stanford w/2.4.x find that this encompasses Section aware -
This can be duplicated in the Sakai UI by
1) creating a site
2) creating Sections
3) creating a folder in Resource/Content tool
4) constraining access to the folder to one of your Sections
5) trigger a SiteService.save(s)
5.1) One way is in Section Info - toggle the management from whatever it is, to the opposite, and back.
6) go to the content tool and you'll see that the access constraint is gone. Look carefully - the sections are still listed, but they are based on the new Realm.
7) attempt to access the restricted content as one of your section members.