You say you created an Access Policy against a Index- class?
In what way ? Was it "Discover" where a query is executed against a certain class?
IMHO reports should not be defined directly against Index- classes, instead they should be defined against the parent class with a join to the Index- class. Reports can also be secured with a Privilege using RBAC.