You could create facl rules to allow the user running Edge to various parts of the file system. There's really nothing stopping you from having that user access every location on disk, but it would be a fairly challenging facl to write.

To do this for the /var/log directory, you can run the following:
setfacl -m user<user>:rx /var/log

You can set the CAP_DAC_READ_SEARCH ability as with allowing sub 1024 port numbers. Run systemctl edit cribl-edgeand add the CAP_DAC_READ_SEARCH capability. Save the file and restart Cribl Edge:

[Service]
AmbientCapabilities=CAP_DAC_READ_SEARCH

We have the method @Wayne Gillo is describing documented here: https://docs.cribl.io/edge/usecase-edge-acls

You can find more details in the documentation - https://docs.cribl.io/edge/deploy-runtime-user