Coveo for Sitecore - User permissions created when only Role is assigned
I am having an issue with a coveo for sitecore where individual users are being added to the effective permission set when only the role the user was in was ever assigned to an item. This is causing issues when that role is removed from the item but the user is still left, granting the permission set the role was given.
From within sitecore, the extranet/anonymous role is denied read access to an item and then the role extranet/partner is assigned read access. The item is published and it acts as expected. However, when I look at the effective permissions of the indexed item both the role and the user have been given access to the item. Not an issue at this point.
During testing the extranet/partner role is removed from the security applied to the item leaving only extranet/anonymous being denied read access as the security settings on the item. The item is published and… I can still see the item being returned. When I look at the indexed items effective permissions now the extranet/partner role is removed as expected but the user that was in that role is still given access to the item.
I have waited for the index update transaction to be committed and have run both Update Cache Now and Clear External Security Cache Now commands in Security Cache section.
Is this the expected behaviour?