You can use Access Manager feature with wildcard channel names, however, you need to keep in mind the way it works.
Access Manager checks all permissions that match a given channel pattern (
foo.*), first. If no permissions are found for a wildcard pattern match, then it looks for an explicit channel match (
foo.bar). In other words, if a permission does not exist for wildcard pattern, it checks the exact channel name for the permission.
If you have a wildcard
read=true and write=true, and a
foo.bar channel with
read=true and write=false, publishing to
foo.bar would succeed, following the wildcard permissions.
In case you have
read=true, write=false and a
read=true, write=true, publishing to
foo.bar would also result in success, following channel-specific permissions.
NOTE: If permission is granted using a wildcard (
foo.*), you cannot remove a permission for an explicit channel (
foo.bar) that matches that channel pattern. In other words, permissions granted for the channel pattern exist for all channels that match that pattern even if you attempt to revoke a permission for an individual channel name