Thanks for the infos, that helps! The problem here is that the scroll permission seems to require an additional permission cluster level. You can see it here in the log output:
2019-10-17T11:05:54,412][INFO ][c.f.s.p.PrivilegesEvaluator] [ktelastic] No **cluster-level** perm match for User [name=36b46947-e27f-4423-9d82-98c1fc0cc660, ...
To fix that, add the following permission in the cluster_permissions section:
indices:data/read/scroll*
Also, we will investigate why this permission is required on cluster level, seems a bit unintuitive to me.