I am playing with user/role management API in Shield 2.3 (thanks for getting this out!).
I observed that I can specify users in the run_as_role list using wildcards! This is super useful to me. However, this feature is not documented here: https://www.elastic.co/guide/en/shield/current/submitting-requests-for-other-users.html.
Just wanted to make sure the configuration works as intended and this is merely a documentation issue