The recommended method:
Clone the User Role, and rename as UserGroupA
Modify UserGroupA allowed indexes, and ensure the role does not inherit any other roles.
Assign the role to a user and verify.
https://docs.splunk.com/Documentation/Splunk/7.3.1/Security/Aboutusersandroles#How_users_inherit_allowed_indexes
If this isn't working, I would first verify the roles assigned to the user:
|rest /services/authentication/users splunk_server=local
|fields title roles realname|rename title as userName|rename realname as Name
Ensure the user doesnt have additional roles assigned that may be allowing the user access to the index.
Next, verify the indexes that a role is given access to...both configured and inherited:
| rest /servicesNS/nobody/system/admin/roles splunk_server=local
| rename title as roles
| eval idx=mvjoin(srchIndexesAllowed," ")
| eval iidx=mvjoin(imported_srchIndexesAllowed, " ")
| table roles idx, iidx
... View more