Users getting least permissions when mapped to multiple roles

I mapped the backend roles from LDAP. There are some users who have multiple backend roles. Those users are only able to see logs from the role which have least permission. For example a user is mapped to all_access and another role (ABCD for example). The user lost access for (all_access) role and only able to access as per ABCD role. What needs to be done so that user have access as per all the roles.

@kanath can you provide definition for this ABCD role. Also, please confirm what version of odfe you are running.

I just tested locally with 1.13.1, mapped user to all_access and test_role with only access to 1 index, and was able to create new index not listed in test_role.

Is there any DLS filter in ABCD role?

I am using 1.12.0
There is a DLS filter for ABCD role for example:


The user is only able to see the documents which matches “somefield”:“somevalue”

@kanath The DLS is the issue here, the way it seems to work is if a user has a role that defines DLS restrictions on an index and another role has no DLS restrictions on the same index, the restrictions defined in the first role apply. Currently there doesn’t seem to be a way to change this behaviour.

Okay. Is there any workaround that can be applied for this issue except removing ABCD role from the user?