@tejas I duplicated this issue and will be filing a bug.
I was able to work around this issue though by changing the component access to “_table/department/” instead of “_table/department/*”
Clarification:
This is not a bug. The way the role access configuration works is thus.
_table/department/ allows you access to items at that level of the API (think like folder paths.) Get all records, user filters, etc.
_table/department/* allows you access to items in the next level of the of REST path. For SQL tables this individual records by id. I.e. GET on _table/department/4 retrieves the record whose ID is 4.