Roles and permissions


I have a user that should have access to every scope of a bucket, except one, and the user should access from the GUI and be able to view documents (from allowed collections) and run queries (idem).

I have bucket1, and 3 scopes with some collections:

bucket1.scope2.collection2 - the user should not have access here

I’ve assgined permissions from the GUI as per below:
Read-Only Admin , Query Select [bucket1:scope1:] , Data Reader [bucket1:scope1:] , Query Select [bucket1:scope3:] , Data Reader [bucket1:scope3:] , Query Select [bucket1:scope2:collection1] , Data Reader [bucket1:scope2:collection1]

It seem to work, but whenever the user run a query on any of the allowed buckets (from the query menu option, like SELECT count(*) FROM bucket1.scope1.collection1 where xxxx;), below error is shown
“code”: 12008,
“msg”: “Error performing bulk get operation - cause: {1 error, starting with EOF,
“retry”; true

If I update the users profile, and add the role Views Reader [bucket1], the error is gone, and the execution of such query completes successfully, BUT if the user go to Documents option, he is able to see everything from bucket1.scope2.collection2 that should not.

How can it be possible? If there is not any Read access over such scope2.collection2, why it is happening? And how can it be solved? I need to prevent access to such collection, but of course allow the user to run queries without errors on the rest of buckets.

Any idea or suggestion, please?
Thanks in advance,