PreviewController::previewContentAction() checks if the current user is authorized to access any versions of a content.

if ( !$this->securityContext->isGranted( new AuthorizationAttribute( 'content', 'versionview', array( 'valueObject' => $content ) ) ) )

But there is no policy for a module function "content/versionview" - so it's not possible to grant access to the Preview to any user that hasn't unlimited access to content module functions.

Comparing this to the legacy preview function, "content/versionread" should be used, so the line should be:

if ( !$this->securityContext->isGranted( new AuthorizationAttribute( 'content', 'versionread', array( 'valueObject' => $content ) ) ) )