Not sure I fully follow your example but...
What are the classX.ModifyACL and ACLTemplate of the role and the object?
I know what you are talking about. I don’t know if this is a defect really – even if you grant the roles that ACL on the object, if it’s not in the role’s acl list, they can’t perform that object. I do agree it would be useful to see what authorizations a role has when you add entries to the acl template or acl policy. Sounds like a rfe.