There's no great solution.
Typically we would recommend that you control that via indices. Have a daily index (or the minimum granularity you really need) and either:
- move them in/out of an alias each day (potentially you could use ILM to do something here)
- rewrite the role every day to change which indices it has access to
It's also possible to do something with a custom roles provider (in Java), though there are some caching issues to deal with.
- Use an index per day as above, but have role provider automatically calculate the set of allowed days
- Use DLS and have the role provider build a query that uses fixed dates (but that fixed date is dependent on the current date).
In general, if you have the option to solve a security problem with either index names or DLS, our guidance is to use index names. It has better performance properties, and can be extended to support write operations if you ever need them (which DLS doesn't support).