Hierarchies of Visitors modifying the behavior of parent. Is it fine with Liskov?

There is a class IUser. It has a function which takes a Visitor and allows changes to the public properties.

public IUser
{
    public PermissionMatrix Permissions { get; set; }    

    public void Authorizations(IAuthManager manager)
    {
       manager.SetRoles(this);
    }
}

Now, it can be visited by class hierarchies of IAuthManager

public IAuthManager
{
   public void SetRoles(IUser user);
}

public InternalAuthManager : IAuthManager
{
   public virtual void SetRoles(IUser user)
   {
     // sets permissions in user for internal security
     // according to a complex logic
   }
}

public RestrictInternalAuthManager : InternalAuthManager
{
   public override void SetRoles(IUser user)
   {
     base.SetRoles(user); // need to use complex logic of parent
     // then reverts few permissions based on conditions
   }
}

I want to evaluate if class RestrictInternalAuthManager is violating Liskov Substitution Principle. I have been arguing for both yes and no,

No : There is no check for type of IAuthManager.

Yes : RestrictInternalAuthManager is changing the post-conditions of InternalAuthManager.

Can this be left as it is, or the classes require refactoring? Any help is appreciated.