Search API handles roles wrong

Steps to reproduce: 1. Ingest a video, publish it to engage and set the access policy to private (role ROLE_USER_ADMIN has read access). 2. Create a user with role ROLE_USER (as is the case with LTI user) 3. Login as this user (e.g. in Engage UI) Actual Results: This user can access the ingested video. Expected Results: This user has no access to the video. Workaround (if any): none Problem: The problem lies in the query that is send to Solr:     `"*:* AND oc_organization:mh_default_org AND (oc_acl_read:ROLE_USER_TEST OR oc_acl_read:ROLE_ANONYMOUS OR oc_acl_read:ROLE_USER) AND -oc_mediatype:Series AND -oc_deleted:[* TO *]"` Since ROLE_USER is a sub string of ROLE_USER_ADMIN, Solr is returning this entry. A fix would be to store the role always enclose in some sort of symbols (e.g. comma) and require that in the search query.