So, this would actually work out best in two rules, applied at the same time in one policy.
Rule 1
Find all you should find, critical IF NOT FOUND
test1|test2|test3|etc
Rule 2
Tell me if you find anything that should NOT be there. Critical IF FOUND
(?!(test1|test2|test3)).*privilege 15 blahblahblah
Obviously, you will have to adjust your search regex there to accommodate your block of text, but this should help you out.