I have code to create media assets (in this example image files) which was previously working but now gives the access denied exception.  The same accesslevel mechanism seems to work fine for pages and blocks. NOTE: this is a slightly hacked up version showing the mechanism used, but mechanically is the same as code that previously worked.  So I'm wondering if anyone has ideas on where else to be looking in terms of what changed?  One question I have is why does it say it needs Edit access when we are  creating the asset (or does the GetDefault actually do the create?)  Could it be related to needing edit access to the parent folder into which the asset is going?

I have an update, after poking around I found that contrary to the exception itself, the ImageFile is in fact being created in the proper folder.  So the question is, why when it appears to be actually performing the Save am I getting this Exception?

public ContentReference SaveImage(ContentReference parentFolder, string data, string fileName, string fileExtension)
{
    var mediaType = _mediaDataResolver.GetFirstMatching(fileExtension);
    var contentType = _contentTypeRepository.Load(mediaType);

    if (mediaType != typeof(ImageFile))
        return null;

    var imageFile = _contentRepository.GetDefault(parentFolder, contentType.ID);

    imageFile.Name = fileName;

    var imageBlob = _blobFactory.CreateBlob(imageFile.BinaryDataContainer, fileExtension);
    using (MemoryStream memoryStream = new MemoryStream(Convert.FromBase64String(data)))
    {
        imageBlob.Write(memoryStream);
    }
    imageFile.BinaryData = imageBlob;

    return _contentRepository.Save(imageFile, SaveAction.Publish, EPiServer.Security.AccessLevel.NoAccess);
}