We have defined a role:
importRoles = can_delete;user
rtSrchJobsQuota = 0
srchDiskQuota = 0
srchIndexesAllowed = indexA
srchIndexesDefault = indexA
srchJobsQuota = 0
We have created a local user that has this role. The problem is that doing a search using REST the user has access to index=main. Since this user "can_delete" we really want to restrict their access to a specific index.
It inherits the user role - doesn't this role have access to index main? If so, you need to remove this inheritance.
Yes, this appears to have been the problem.
I suspected this. Trying this today. I will post a response on the results.