Magento released a new patch yesterday called SUPEE 6285 along with a new version of the CE (18.104.22.168):
This patch introduces some really annoying bugs though, especially regarding 3rd party modules/extensions. Basically, any third party extension that introduces Adminhtml pages needs a new
_isAllowed method in it’s controllers that sets up proper access control layers for its functioning.
Any person trying to access anything to do with a third party extension that has a user role with anything less than administrator permissions will not be able to access those pages, no matter what permissions they have!!
I’ll show you how to fix those issues, particularly pertaining to the Ebizmarts Sage Pay suite.