If authorization fails on an RPC with result-tracking enabled (eg TabletService.Write) then the ResultTracker will FATAL. The issue is that the authz method is called prior to registering the request on the ResultTracker, and the authz method then tries to call RespondFailure(). This triggers code in the ResultTracker which tries to look up the RPC and fails because it wasn't registered. The error is something like "couldn't find ClientState for request"
One fix would be for the authz method to be called after registering the request tracker, but Dan Burkert had some concerns about that back in the review https://gerrit.cloudera.org/c/4897/ . Another fix might be to remember in the RpcContext whether the RPC has been registered yet, and if not, short-circuit the call back into ResultTracker.