Allow kibana readonly access to create short URLs

Is it possible to allow readonly users to create short URLs in kibana without allowing full access to change the kibana index?

Here’s an example request log:

no block has matched, forbidding by default: { ID:f512f1a7a84e47f09d325cf87cfa474b, TYP:IndexRequest, USR:k, BRS:false, ACT:indices:data/write/index, OA:127.0.0.1, IDX:.kibana, MET:POST, PTH:/.kibana/u
rl/4694c9657fb6068f510b7465fbdb67fe, CNT:<OMITTED, LENGTH=273>, HDR:authorization,Connection,content-type,Host,Content-Length, EFF:0, HIS:[Kibana read-only->[kibana_access->false, indices->true]] }

(originally posted at Allow kibana ro access to create short URLs · Issue #166 · sscarduzio/elasticsearch-readonlyrest-plugin · GitHub)

I use this for allowing users to create visualizations and dashboards:

## {{ user }}
###  Create NEW saved objects (but not overwrite) for {{ user }}
    - name: "Accept {{ user }} create objects"
      type: allow
      methods: [POST]
      auth_key: {{ user }}:{{ pass }}
      uri_re: ^/.kibana/.*\?op_type=create$
      kibana_access: rw

### READ-ONLY access for {{ user }}
    - name: "Accept {{ user }} user"
      type: allow
      methods: [GET,POST,HEAD]
      auth_key: {{ user }}:{{ pass }}
      kibana_access: ro

looking to your log i would say this should work:

## {{ user }}
###  Create short urls for {{ user }}
    - name: "Accept {{ user }} create short urls"
      type: allow
      methods: [POST]
      auth_key: {{ user }}:{{ pass }}
      uri_re: ^/.kibana/url/.*
      kibana_access: rw

### READ-ONLY access for {{ user }}
    - name: "Accept {{ user }} user"
      type: allow
      methods: [GET,POST,HEAD]
      auth_key: {{ user }}:{{ pass }}
      kibana_access: ro

Thanks for the suggestion! I had tried a uri_re rule, but it was letting other stuff through. Trying again based on your recommendation seems to work as desired, so I must have messed something up earlier. Thanks again!