How is DLS applied when user has multiple roles

This is more of a question around expected behavior/specification as I cannot determine the behavior via test and observe:

If a user is mapped to a Role A that grants read access to Index 1 with a document level security pattern match of :

{"term": { "_id": 1}}

And same user is mapped to a Role B that also grants read access to Index 1 with a document level security pattern match of :

{"term": { "_id": 2}}"

Which one wins out? Or do both apply?

In testing, it appears to be possibly related to the order in which ODFE processes the dls patterns but cannot confirm.

Anyone have any suggestions?