I did my "homework", and it turned out, that this topic is a duplicate of X-Pack Security : Role definition query template with 'terms'
Anyway, I'm going to summarize my "finding" here again:
User:
{
"template": {
"inline": {
"match": {
"acl_allow": "{{_user.username}}"
}
}
}
}
Roles:
{
"template": {
"inline": "{\"terms\":{\"acl_allow\": {{#toJson}}_user.roles{{/toJson}}}}"
}
}
Thank you for your help again!