You can do this with regular expressions, but the syntax isn't super-obvious.
We use Lucene RegExp syntax for this, which is powerful, but slightly different to standard java Patterns.
This is what you want:
POST /_xpack/security/user/test
{
"password": "changeme",
"roles": [ "untrusted-user" ],
"enabled": true
}
POST /_xpack/security/role/untrusted-user
{
"indices": [
{
"names": [ "/log-@&~(log-wuble-wamwam-@|log-monkey-@)/" ],
"privileges": [ "read" ]
}
]
}
Then as user test
GET /_xpack/security/user/_has_privileges
{
"index" : [
{
"names": [
"log-widget-alpha-2017.01",
"log-doodad-wubwub-2017.01",
"log-widget-alpha-2017.02",
"log-doodad-wubwub-2017.02",
"log-wuble-wamwam-2017.01",
"log-monkey-2017.01",
"log-log-monkey-2017.01",
"not-log-widget-alpha-2017.02"
],
"privileges": [ "read" ]
}
]
}
---
{
"username" : "test",
"has_all_requested" : false,
"cluster" : { },
"index" : {
"log-widget-alpha-2017.01" : {
"read" : true
},
"log-doodad-wubwub-2017.01" : {
"read" : true
},
"log-widget-alpha-2017.02" : {
"read" : true
},
"log-doodad-wubwub-2017.02" : {
"read" : true
},
"log-wuble-wamwam-2017.01" : {
"read" : false
},
"log-monkey-2017.01" : {
"read" : false
},
"log-log-monkey-2017.01" : {
"read" : true
},
"not-log-widget-alpha-2017.02" : {
"read" : false
}
}
}