When you create a view which has a relation to a user, and this view has an exposed combined field with user fields in it, using this combined filter will throw a 404 for users who do not have the "administer users" permission.
Since searching/filtering with a combined filter is not really "administering users", it should probably use the "access user profiles" permission instead.