Search authorizations work the other way around: first the authorizations statements are compiled to a search filter. For For example if the authorization allows access only to business active roles the authorization is compiled to a filter
enabled. Then this filter is appended to the normal search filter and the search operation is performed. This approach ensures that the search returns only the objects that the user is authorized to see. It also makes the search as efficient as possible and maintains page boundaries. But that is not all. Another round of post processing is needed to filter out only the items that are not visible to the user. This is the same filter as is applied to get operations.