Index permissions with Alias

Im trying to set up index permissions such that a user may have permission to access index1 but not index2. If however they access an alias over index1 and index2 then they will only see results from index1.
I have tries adding the appropriate index_patterns to a role for index1 which works fine but if I access the alias I get a 403. If I add an index_patterns for the alias then my user can access the alias and index1 but also index2 (which they shouldn’t). I understand there is a property - “do_not_fail_on_forbidden” which should help but has no effect for me, maybe its specific to the Kibana use case.

So I managed to get this working. Just needed to rerun
The problem now is that I want to get all indices under the alia that the user can view.
Ive tried GET /alias/_alias and GET /alias/_mapping hoping it return the visible indices (index1 but not index2), but unfortunately it returned a 403. Any ideas how else I can lookup the visible indices?