Hi John,
One way to achieve this is to use the support for regular expressions in the roles file. These regular expressions user the Lucene Regexp format; some examples of this format can be be found in the elasticsearch documentation.
Do the indices that you don't want the user to access have a specific prefix or anything? If they do, you could define a regex like so:
user:
indices:
'/@$~(prefix.+)/': read
That example would allow any index that does not start with prefix.