Policy viewing history

Hi there,

we have a really resticted access permisson policy.
Everything is forbidden, except viewing and editing well definded pathes:

The policy for that:

path "kv/data/pc/pl/lnx/*" {
  capabilities = ["create", "update","read"]

But I can’t see secret history.
So I tried:

path "secret/data/pc/pl/lnx/*" {
  capabilities = ["read", "create", "update"]
path "secret/metadata/pc/pl/lnx/*" {
  capabilities = ["read"]

I can create new versions, but I can’t see the version button.

What is the correect policy for that?

Vault 1.13.2+ent


Frank Meier