From 1d89e62b30a682a8996a5a1c20a30028f7f40b77 Mon Sep 17 00:00:00 2001
From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com>
Date: Fri, 13 Dec 2024 13:58:23 -0800
Subject: [PATCH] [8.16] Creates CSPM privileges standalone page (backport
 #6269) (#6319)

* Creates CSPM privileges standalone page (#6269)

* Creates CSPM privileges standalone page

* ports updates to serverless

* Apply suggestions from code review

Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com>

---------

Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>
Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com>
(cherry picked from commit 51b58c2f0c21d07773148202be04847f1d12e52f)

# Conflicts:
#	docs/serverless/cloud-native-security/cspm-get-started-azure.asciidoc
#	docs/serverless/cloud-native-security/cspm-get-started-gcp.asciidoc
#	docs/serverless/cloud-native-security/cspm-get-started.asciidoc
#	docs/serverless/index.asciidoc

* Delete docs/serverless directory and its contents

---------

Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
---
 .../cloud-native-security-index.asciidoc      |  1 +
 .../cspm-get-started-aws.asciidoc             |  9 +--
 .../cspm-get-started-azure.asciidoc           |  9 +--
 .../cspm-get-started-gcp.asciidoc             |  9 +--
 .../cspm-permissions.asciidoc                 | 61 +++++++++++++++++++
 5 files changed, 65 insertions(+), 24 deletions(-)
 create mode 100644 docs/cloud-native-security/cspm-permissions.asciidoc

diff --git a/docs/cloud-native-security/cloud-native-security-index.asciidoc b/docs/cloud-native-security/cloud-native-security-index.asciidoc
index e612f49018..d342eb6c4d 100644
--- a/docs/cloud-native-security/cloud-native-security-index.asciidoc
+++ b/docs/cloud-native-security/cloud-native-security-index.asciidoc
@@ -41,6 +41,7 @@ include::cspm.asciidoc[leveloffset=+1]
 include::cspm-get-started-aws.asciidoc[leveloffset=+2]
 include::cspm-get-started-gcp.asciidoc[leveloffset=+2]
 include::cspm-get-started-azure.asciidoc[leveloffset=+2]
+include::cspm-permissions.asciidoc[leveloffset=+2]
 include::cspm-findings.asciidoc[leveloffset=+2]
 include::cspm-benchmark-rules.asciidoc[leveloffset=+2]
 include::cspm-cloud-posture-dashboard.asciidoc[leveloffset=+2]
diff --git a/docs/cloud-native-security/cspm-get-started-aws.asciidoc b/docs/cloud-native-security/cspm-get-started-aws.asciidoc
index 9ac8268747..4bc8f107a7 100644
--- a/docs/cloud-native-security/cspm-get-started-aws.asciidoc
+++ b/docs/cloud-native-security/cspm-get-started-aws.asciidoc
@@ -10,17 +10,10 @@ This page explains how to get started monitoring the security posture of your cl
 .Requirements
 [sidebar]
 --
+* Minimum privileges vary depending on whether you need to read, write, or manage CSPM data and integrations. Refer to <<cspm-required-permissions>>.
 * The CSPM integration is available to all {ecloud} users. On-premise deployments require an https://www.elastic.co/pricing[Enterprise subscription].
 * CSPM only works in the `Default` {kib} space. Installing the CSPM integration on a different {kib} space will not work. 
 * CSPM is supported only on AWS, GCP, and Azure commercial cloud platforms, and AWS GovCloud. Other government cloud platforms are not supported. https://github.com/elastic/kibana/issues/new/choose[Click here to request support].
-* `Read` privileges for the following {es} indices:
-** `logs-cloud_security_posture.findings_latest-*`
-** `logs-cloud_security_posture.scores-*`
-* The following {kib} privileges:
-** Security: `Read`
-** Integrations: `Read`
-** Saved Objects Management: `Read` 
-** Fleet: `All`
 * The user who gives the CSPM integration AWS permissions must be an AWS account `admin`.
 --
 
diff --git a/docs/cloud-native-security/cspm-get-started-azure.asciidoc b/docs/cloud-native-security/cspm-get-started-azure.asciidoc
index 865ebf02b0..4e78781323 100644
--- a/docs/cloud-native-security/cspm-get-started-azure.asciidoc
+++ b/docs/cloud-native-security/cspm-get-started-azure.asciidoc
@@ -10,17 +10,10 @@ This page explains how to get started monitoring the security posture of your cl
 .Requirements
 [sidebar]
 --
+* Minimum privileges vary depending on whether you need to read, write, or manage CSPM data and integrations. Refer to <<cspm-required-permissions>>.
 * The CSPM integration is available to all {ecloud} users. On-premise deployments require an https://www.elastic.co/pricing[Enterprise subscription].
 * CSPM only works in the `Default` {kib} space. Installing the CSPM integration on a different {kib} space will not work. 
 * CSPM is supported only on AWS, GCP, and Azure commercial cloud platforms, and AWS GovCloud. Other government cloud platforms are not supported. https://github.com/elastic/kibana/issues/new/choose[Click here to request support].
-* `Read` privileges for the following {es} indices:
-** `logs-cloud_security_posture.findings_latest-*`
-** `logs-cloud_security_posture.scores-*`
-* The following {kib} privileges:
-** Security: `Read`
-** Integrations: `Read`
-** Saved Objects Management: `Read` 
-** Fleet: `All`
 * The user who gives the CSPM integration permissions in Azure must be an Azure subscription `admin`.
 --
 
diff --git a/docs/cloud-native-security/cspm-get-started-gcp.asciidoc b/docs/cloud-native-security/cspm-get-started-gcp.asciidoc
index 30d34c74c0..dc5bfca23b 100644
--- a/docs/cloud-native-security/cspm-get-started-gcp.asciidoc
+++ b/docs/cloud-native-security/cspm-get-started-gcp.asciidoc
@@ -10,17 +10,10 @@ This page explains how to get started monitoring the security posture of your GC
 .Requirements
 [sidebar]
 --
+* Minimum privileges vary depending on whether you need to read, write, or manage CSPM data and integrations. Refer to <<cspm-required-permissions>>.
 * The CSPM integration is available to all {ecloud} users. On-premise deployments require an https://www.elastic.co/pricing[Enterprise subscription].
 * CSPM only works in the `Default` {kib} space. Installing the CSPM integration on a different {kib} space will not work. 
 * CSPM is supported only on AWS, GCP, and Azure commercial cloud platforms, and AWS GovCloud. Other government cloud platforms are not supported. https://github.com/elastic/kibana/issues/new/choose[Click here to request support].
-* `Read` privileges for the following {es} indices:
-** `logs-cloud_security_posture.findings_latest-*`
-** `logs-cloud_security_posture.scores-*`
-* The following {kib} privileges:
-** Security: `Read`
-** Integrations: `Read`
-** Saved Objects Management: `Read` 
-** Fleet: `All`
 * The user who gives the CSPM integration GCP permissions must be a GCP project `admin`.
 --
 
diff --git a/docs/cloud-native-security/cspm-permissions.asciidoc b/docs/cloud-native-security/cspm-permissions.asciidoc
new file mode 100644
index 0000000000..c79a6fd36c
--- /dev/null
+++ b/docs/cloud-native-security/cspm-permissions.asciidoc
@@ -0,0 +1,61 @@
+[[cspm-required-permissions]]
+= CSPM privilege requirements
+
+This page lists required privileges for {elastic-sec}'s CSPM features. There are three access levels: read, write, and manage. Each access level and its requirements are described below.
+
+[discrete]
+== Read
+
+Users with these minimum permissions can view data on the **Findings** page and the Cloud Posture dashboard.
+
+[discrete]
+=== {es} index privileges
+`Read` privileges for the following {es} indices:
+
+* `logs-cloud_security_posture.findings_latest-*`
+* `logs-cloud_security_posture.scores-*`
+
+[discrete]
+=== {kib} privileges
+
+* `Security: Read`
+
+
+[discrete]
+== Write
+
+Users with these minimum permissions can view data on the **Findings** page and the Cloud Posture dashboard, create detection rules from the findings details flyout, and enable or disable benchmark rules.
+
+[discrete]
+=== {es} index privileges
+`Read` privileges for the following {es} indices:
+
+* `logs-cloud_security_posture.findings_latest-*`
+* `logs-cloud_security_posture.scores-*`
+
+[discrete]
+=== {kib} privileges
+
+* `Security: All`
+
+
+[discrete]
+== Manage
+
+Users with these minimum permissions can view data on the **Findings** page and the Cloud Posture dashboard, create detection rules from the findings details flyout, enable or disable benchmark rules, and install, update, or uninstall CSPM integrations and assets.
+
+[discrete]
+=== {es} index privileges
+`Read` privileges for the following {es} indices:
+
+* `logs-cloud_security_posture.findings_latest-*`
+* `logs-cloud_security_posture.scores-*`
+
+[discrete]
+=== {kib} privileges
+
+* `Security: All`
+* `Spaces: All`
+* `Fleet: All`
+* `Integrations: All`
+