When calling GET "/inventory/instances" with a user that has the required permission "inventory.instances.collection.get", but not any other inventory/inventory-storage related permissions, an internal call to "/instance-storage/instance-relationships" fails with a 403 due to the missing permission "inventory-storage.instances.item.get".
It is possible that the mod-inventory-storage permission is a copy/paste error, since it is a "collection" API, but requires an "item" permission:
If that is the case, then we should move this to MODINVSTOR since mod-inventory provides "inventory-storage.instances.collection.get" as a module permission. If not, we need to add "inventory-storage.instances.item.get" to the module permissions for "/inventory/instances".
While the API does return, the side effect of the 403 is that none of the instance relationships are part of returned JSON.