The error indicates that the query touched projects for which the user does not have permission to see. Adding _ProjectHierarchy to the criteria changes the scope and limits the results to projects within that hierarchy. For example, a query like:
{ "PlanEstimate" : 5 }
will try to return all snapshots in the workspace with a plan estimate of 5. Changing it to:
{ "PlanEstimate" : 5, "_ProjectHierarchy" : 1234 }
changes the results to be all snapshots in project 1234 or one of its children with a plan estimate of 5, potentially a very different set of results. If the user has access to all projects in the workspace, then they should not have gotten the error. The user can check that by doing an ALM WSAPI (https://rally1.rallydev.com/slm/doc/webservice) query against Project looking for (ObjectID = 1177026886 ) etc. I think that will return no results or an error if the user does not have access to the project.
If the same query was working before the new year, it is possible that new projects have been added to the workspace since then without the needed permissions.