You say you are on build 573? That's very old. According to the release history it was published on 12/15/2011. There is a commit dated 2/22/2012 that says "Change Authorization to return 403 if user is not in group or users list". That's probably a fix that you need.
I would update to at least the last stable build - 1.0.960 and see if your issue persists.
If you're not in a production environment, now would be a good time to move to 2.0 unstable.