ports updates to serverless

Author: benironside

docs/serverless/cloud-native-security/cspm-get-started-azure.asciidoc

@@ -14,13 +14,9 @@ This page explains how to get started monitoring the security posture of your cl
 .Requirements
 [NOTE]
 ====
+* Minimum privileges vary depending on whether you need to read, write, or manage CSPM data and integrations. Refer to <<cspm-required-permissions>>.
 * CSPM only works in the `Default` {kib} space. Installing the CSPM integration on a different {kib} space will not work.
 * CSPM is supported only on AWS, GCP, and Azure commercial cloud platforms, and AWS GovCloud. Other government cloud platforms are not supported (https://github.com/elastic/kibana/issues/new/choose[request support]).
-* To view posture data, you need `read` privileges for the following {es} indices:
-+
-** `logs-cloud_security_posture.findings_latest-*`
-** `logs-cloud_security_posture.scores-*`
-** `logs-cloud_security_posture.findings`
 * The user who gives the CSPM integration permissions in Azure must be an Azure subscription `admin`.
 ====
 

docs/serverless/cloud-native-security/cspm-get-started-gcp.asciidoc

@@ -14,13 +14,9 @@ This page explains how to get started monitoring the security posture of your cl
 .Requirements
 [NOTE]
 ====
+* Minimum privileges vary depending on whether you need to read, write, or manage CSPM data and integrations. Refer to <<cspm-required-permissions>>.
 * CSPM only works in the `Default` {kib} space. Installing the CSPM integration on a different {kib} space will not work.
 * CSPM is supported only on AWS, GCP, and Azure commercial cloud platforms, and AWS GovCloud. Other government cloud platforms are not supported (https://github.com/elastic/kibana/issues/new/choose[request support]).
-* To view posture data, you need the appropriate user role to read the following {es} indices:
-+
-** `logs-cloud_security_posture.findings_latest-*`
-** `logs-cloud_security_posture.scores-*`
-** `Logs-cloud_security_posture.findings`
 * The user who gives the CSPM integration GCP permissions must be a GCP project `admin`.
 ====
 

docs/serverless/cloud-native-security/cspm-get-started.asciidoc

@@ -14,13 +14,9 @@ This page explains how to get started monitoring the security posture of your cl
 .Requirements
 [NOTE]
 ====
+* Minimum privileges vary depending on whether you need to read, write, or manage CSPM data and integrations. Refer to <<cspm-required-permissions>>.
 * CSPM only works in the `Default` {kib} space. Installing the CSPM integration on a different {kib} space will not work.
 * CSPM is supported only on AWS, GCP, and Azure commercial cloud platforms, and AWS GovCloud. Other government cloud platforms are not supported (https://github.com/elastic/kibana/issues/new/choose[request support]).
-* To view posture data, you need the appropriate user role to read the following {es} indices:
-+
-** `logs-cloud_security_posture.findings_latest-*`
-** `logs-cloud_security_posture.scores-*`
-** `Logs-cloud_security_posture.findings`
 * The user who gives the CSPM integration AWS permissions must be an AWS account `admin`.
 ====
 

docs/serverless/cloud-native-security/cspm-permissions.asciidoc

@@ -0,0 +1,61 @@
+[[cspm-required-permissions]]
+= CSPM privilege requirements
+
+This page lists required privilges for {elastic-sec}'s CSPM features. There are three access levels: read, write, and manage. Each access level and its requirements are described below.
+
+[discrete]
+== Read
+
+Users with these minimum permissions can view data on the Findings page and the Cloud Posture dashboard.
+
+[discrete]
+=== {es} index privileges
+`Read` privileges for the following {es} indices:
+
+* `logs-cloud_security_posture.findings_latest-*`
+* `logs-cloud_security_posture.scores-*`
+
+[discrete]
+=== {kib} privileges
+
+* `Security: Read`
+
+
+[discrete]
+== Write
+
+Users with these minimum permissions can view data on the Findings page and the Cloud Posture dashboard, create detection rules from the findings details flyout, and enable or disable benchmark rules.
+
+[discrete]
+=== {es} index privileges
+`Read` privileges for the following {es} indices:
+
+* `logs-cloud_security_posture.findings_latest-*`
+* `logs-cloud_security_posture.scores-*`
+
+[discrete]
+=== {kib} privileges
+
+* `Security: All`
+
+
+[discrete]
+== Manage
+
+Users with these minimum permissions can view data on the Findings page and the Cloud Posture dashboard, create detection rules from the findings details flyout, enable or disable benchmark rules, and install, update, or uninstall CSPM integrations and assets.
+
+[discrete]
+=== {es} index privileges
+`Read` privileges for the following {es} indices:
+
+* `logs-cloud_security_posture.findings_latest-*`
+* `logs-cloud_security_posture.scores-*`
+
+[discrete]
+=== {kib} privileges
+
+* `Security: All`
+* `Spaces: All`
+* `Fleet: All`
+* `Integrations: All`
+

docs/serverless/index.asciidoc

@@ -88,6 +88,7 @@ include::./cloud-native-security/cspm.asciidoc[leveloffset=+3]
 include::./cloud-native-security/cspm-get-started.asciidoc[leveloffset=+4]
 include::./cloud-native-security/cspm-get-started-gcp.asciidoc[leveloffset=+4]
 include::./cloud-native-security/cspm-get-started-azure.asciidoc[leveloffset=+4]
+include::./cloud-native-security/cspm-permissions.asciidoc[leveloffset=+4]
 include::./cloud-native-security/cspm-findings-page.asciidoc[leveloffset=+4]
 include::./cloud-native-security/benchmark-rules.asciidoc[leveloffset=+4]
 include::./cloud-native-security/cspm-cloud-posture-dashboard-dash.asciidoc[leveloffset=+4]