How to assign F5 remote user different roles on separate partitions?

We have an F5 LTM device running 11.5.3 that uses LDAP users for authentication. Right now these users are in LDAP groups which correspond to partition-specific groups on the LTM. The problem is that I want to be able to be able to put each person in more than one of these groups, which does not seem to work.

For example, right now USER1 is in a group which assigns the Operator role on PARTITION1. I would like to also assign them the Guest role on PARTITION2. When I attempted this by adding USER1 to both LDAP groups, it seemed that only a single set of permissions was applied. USER1 reported that they were stuck in PARTITION2 as a Guest, without the ability to switch to PARTITION1. Is there a way to fix this?