Since 2.5 validations are triggered on change instead of commit. Validations means: no object may exist in memory or database which doesn't comply to the validations.
This also makes sure security is checked on change instead of commit. In other words: you cannot pass the security.
A work around which I use often now:
Perform validations manually in a before commit, using the 'Validation Feedback' activity. The user won't notice the difference.