# A role that has all sorts of configuration:
# - it can monitor the cluster
# - for index1 and index2 it can do CRUD things and refresh
# - for other indices it has search-only privileges
actual_role:
  run_as: [ "joe" ]
  cluster:
    - monitor
  indices:
    - names: [ "index1", "index2" ]
      privileges: [ "read", "write", "create_index", "indices:admin/refresh" ]
      field_security:
        grant:
          - foo
          - bar
      query:
        bool:
          must_not:
            match:
              hidden: true
    - names: "*"
      privileges: [ "read" ]