Hello @TimV
Thanks for you help.
I resolved the problem by adding a new role which only has the manage_security privileges.
The next problem was we are working remotely, and my colleague which tested his privileges, did the tests on an other ELK cluster, which explains the responses he got.
That what happen - I happy we did not have a real issue in the Elastic cluster. I'll close this issue