RBAC read-only policy for all users

[Teviwe]

Greetings.
Perhaps someone has already asked this question, but I couldn't find any information about it.
We want to implement read-only permissions for all users to access clusters.
We have set up an RBAC policy to grant admin access to specific groups.
Now, want to provide read-only access to all company members who are not part of the admin group.

We thought about configuring the settings in a certain way, but unfortunately, it didn't work.:

  rbac:
      roles:
        - name: "admins"
          clusters:
            - 01-kafka
            - 02-kafka
            - 03-kafka
            - 04-kafka
            - 05-kafka
          subjects:
            - provider: oauth
              type: role
              value: "superadmin-group"
          permissions:
            - resource: applicationconfig
              actions: all
            - resource: clusterconfig
              actions: all
            - resource: topic
              value: ".*"
              actions: all
            - resource: consumer
              value: ".*"
              actions: all
            - resource: schema
              value: ".*"
              actions: all
            - resource: connect
              value: ".*"
              actions: all
            - resource: ksql
              value: ".*"
              actions: all
            - resource: acl
              value: ".*"
              actions: [ view ]
        - name: "readonly"
          clusters:
            - 01-kafka
            - 02-kafka
            - 03-kafka
            - 04-kafka
            - 05-kafka
          subjects:
            - provider: oauth
              type: role
              value: ".*"
          permissions:
            - resource: clusterconfig
              actions: [ "view" ]
            - resource: topic
              value: ".*"
              actions: 
                - VIEW
                - MESSAGES_READ
            - resource: consumer
              value: ".*"
              actions: [ view ]
            - resource: schema
              value: ".*"
              actions: [ view ]
            - resource: connect
              value: ".*"
              actions: [ view ]
            - resource: acl
              value: ".*"
              actions: [ view ]

In our case this code didn't work. Maybe there is another option for this?
Not works:

subjects:
   - provider: oauth
      type: role
      value: ".*"

Work fine:

subjects:
   - provider: oauth
      type: role
      value: "superadmin-group"

Thanks for your replay in advance.

[Haarolean]

Hi, currently regexp is not supported there.
We plan to support default roles within #3763. Please upvote the issue!