OK, here it is clue:

I use 2 userroles (rprod, rtest) - inherited from object/role user:

authorize.conf

[role_user]
srchIndexesAllowed = 

[role_rprod]
importRoles = user
srchIndexesAllowed = index1
srchIndexesDefault = index1

[role_rtest]
importRoles = user
srchIndexesAllowed = index2
srchIndexesDefault = index2

user1 is member of role rprod / user2 is member of role rtest

by default, the user-role has the property:

[role_user]
srchIndexesAllowed = *

and this caused the problem, because I used searches by sourcetype not by index, to be more flexible in customeres usecases ...