You wan to create an incident access rule for a User Role on the GUI under System > Login Management > Roles > Configure Role: Incident Access.

In the incident access rule created for the role, you create a rule based on a custom attribute and specify multiple values of the attribute, separated by commas.

In the example screenshot below, we have used comma separated attribute values 201 202 and 206

However, the rule does not take effect as intended and the incidents are still visible.

Create a new rule i.e. a new line for every individual attribute value. The values cannot be clubbed together in a single line as CSVs, instead use individual rules for every attribute value.