Upon submitting the form to add a local entity through the UI or the API, The following message is returned:
The problem does not occur when the type of the addition is changed back to group. It seems to be specific to localEntity objects as they have a reduced set of privileges which can be assigned.
Per testing, it seems to be related to rules that are being executed as part of the addition of the local entity which are applying privileges inherited from higher-level stems. Editing the configuration and setting rules.enable to false allows the addition to complete.
My setup has executed the GDG template at the root of the project, so there are permissions assigned which cascade through the entire tree. (Just the ones created by the GDG template.)
Full stack trace of the failure is attached.