Adding these lines to org.elasticsearch.bootstrap.ESPolicy will make a huge difference 
@Override
public PermissionCollection getPermissions(CodeSource codesource) {
PermissionCollection pc = template.getPermissions(codesource);
for (Enumeration<Permission> en = dynamic.elements(); en.hasMoreElements(); ) {
pc.add(en.nextElement());
}
return pc;
}