I have user A that is getting 3 different roles. Normally this isn't an issue, but one of those roles has a restricted search in it that will only show 4 servers in the main index.
2 of the 3 roles just grants access to specific indexes.
The 3rd role grants access to the main index and has the following restriction:
(host::serverA OR host::serverB OR host::serverC OR host::serverD)
The issue that I am having is that restriction is carrying over to the other roles.
How would I set this up that only those 4 servers are looked for in main without having those restrictions carry over to the other roles.
The search restriction is not carrying over into other roles. The user is a member of a role with a search restriction so It is being applied to that role. The user's membership in other roles does not negate the restriction.
A solution would be to create a new role for the user that has the permissions he needs.
That's what I thought at first, but when we have the role with restrictions applied, the user is not seeing data in index A or B, just the 4 servers in main. But if we remove that role, they are able to see the data in index A and B
That makes perfect sense if indexes A and B do not contain data from host IN (serverA serverB serverC serverD). Once the restriction is removed then the user can see what's in A or B regardless of the host name.
Right, how do I let the user search all of Index A & B, and only host 1-4 in main?
I'm not sure you can. The search restrictions will always get in the way of indexes A and B.
If hosts 1-4 require different security then they should be in a different index.