There will be a checkbox called “Allow Cross-Subsidiary Record Viewing” in the role record. If a custom role has the Allow Cross-Subsidiary Record Viewing option enabled, clicking a subsidiary node in the Subsidiary Navigator portlet displays all relevant records. Included in these records are those to which the role is not granted access. Users with the role can open all displayed records but can edit only those to which the user has edit rights.
Thus we can restrict the subsidiary restrictions to a custom role.