How it works
The search engine does not implement any access rights filtering for documents (pages, files and so on). However, when using the Episerver CMS integration, the return value from an extension method for PageData named RolesWithReadAccess are indexed. This means that you can filter out pages that the current user should not be able to see.
Filtering out results using RolesWithReadAcess:
SearchClient.Instance.Search<StandardPage>() .For("Possibly secret stuff") .Filter(x => x.RolesWithReadAccess().Match("Everyone")) .GetPagesResult();