diff --git a/src/applications/diffusion/herald/HeraldCommitAdapter.php b/src/applications/diffusion/herald/HeraldCommitAdapter.php
--- a/src/applications/diffusion/herald/HeraldCommitAdapter.php
+++ b/src/applications/diffusion/herald/HeraldCommitAdapter.php
@@ -209,7 +209,7 @@
   }
 
   private function loadCommitDiff() {
-    $viewer = PhabricatorUser::getOmnipotentUser();
+    $viewer = $this->getViewer();
 
     $byte_limit = self::getEnormousByteLimit();
     $time_limit = self::getEnormousTimeLimit();
diff --git a/src/applications/herald/adapter/HeraldAdapter.php b/src/applications/herald/adapter/HeraldAdapter.php
--- a/src/applications/herald/adapter/HeraldAdapter.php
+++ b/src/applications/herald/adapter/HeraldAdapter.php
@@ -38,6 +38,7 @@
   private $actionMap;
   private $edgeCache = array();
   private $forbiddenActions = array();
+  private $viewer;
 
   public function getEmailPHIDs() {
     return array_values($this->emailPHIDs);
@@ -55,10 +56,29 @@
     return $this;
   }
 
+  public function setViewer(PhabricatorUser $viewer) {
+    $this->viewer = $viewer;
+    return $this;
+  }
+
+  public function getViewer() {
+    // See PHI276. Normally, Herald runs without regard for policy checks.
+    // However, we use a real viewer during test console runs: this makes
+    // intracluster calls to Diffusion APIs work even if web nodes don't
+    // have privileged credentials.
+
+    if ($this->viewer) {
+      return $this->viewer;
+    }
+
+    return PhabricatorUser::getOmnipotentUser();
+  }
+
   public function setContentSource(PhabricatorContentSource $content_source) {
     $this->contentSource = $content_source;
     return $this;
   }
+
   public function getContentSource() {
     return $this->contentSource;
   }
diff --git a/src/applications/herald/controller/HeraldTestConsoleController.php b/src/applications/herald/controller/HeraldTestConsoleController.php
--- a/src/applications/herald/controller/HeraldTestConsoleController.php
+++ b/src/applications/herald/controller/HeraldTestConsoleController.php
@@ -39,7 +39,9 @@
     $object = $this->getTestObject();
     $adapter = $this->getTestAdapter();
 
-    $adapter->setIsNewObject(false);
+    $adapter
+      ->setIsNewObject(false)
+      ->setViewer($viewer);
 
     $rules = id(new HeraldRuleQuery())
       ->setViewer($viewer)