is it possible to configure SG to control access to custom REST endpoints? I was not able to find any examples or documentation for this.
For example, there is ES Prometheus exporter plugin that introduces new REST API  to the node. Can I use SearchGuard to control access to such endpoint?
Can I assume that the sg_roles.yml will contain config like this?: