vince-sop alright, at first let me write few words so we can speak the same terms here.
There is a substantial difference between term and taxonomy. So the resource
Term:category:posts conceptually is going to be incorrect because
category is a taxonomy. Terms belong to some specific taxonomy. In other words, a term is an instance of taxonomy.
The fact that any taxonomy can be attached to one or more post types, this alone, create quite the complex challenge to manage access to terms. Because now you have to take in consideration the context, terms appear in (which post type is currently used to display terms).
This something that I've been working on to solve in the past couple weeks with the new resource to Access Policy called Taxonomy. Basically, this will allow you to define access settings to all terms that belong to specific taxonomy (e.g.
Taxonomy:category:posts manages access to all posts that are associated with the term of category taxonomy disregarding post type).
I know, this is tongue-twisting and head-spinning explanation, so bear with me.
I was able to replicate the same structure of custom taxonomies and custom post types as you've described. First I've created a custom post type "Events" (slug event) and custom taxonomy "Event Categories" (slug event_category). This is the access policy that I've defined that worked perfectly fine:
"Description": "Restrict the ability to manage any Events that belong to Uncategorized category",
As you can see, I've created a custom category "Uncategorized" and set is a default category that all new Events will be assigned to and then hiding all posts that belong to this category.
This can be a good starting point.
Keep me updated.