Anonymous token - ACL capabilities list-jobs

I have anonymous token ACL policy on a Nomad cluster as follows:

namespace "default" {
  policy       = "read"
  capabilities = ["list-jobs"]

With this policy, I can still inspect the job anonymously (which seems rather granular rather than coarse?)

nomad job inspect blah
    "Job": {
        "Affinities": null,
        "AllAtOnce": false,
        "Constraints": null,

Is this the expected behaviour?

How could I configure the policy so that:

~% nomad job status

shows me the list of jobs, but it’s not possible to inspect them.

Same behaviour happens in the UI - under the definition tab for the job.