Creates CSPM privileges standalone page

docs/cloud-native-security/cloud-native-security-index.asciidoc

@@ -41,6 +41,7 @@ include::cspm.asciidoc[leveloffset=+1]
 include::cspm-get-started-aws.asciidoc[leveloffset=+2]
 include::cspm-get-started-gcp.asciidoc[leveloffset=+2]
 include::cspm-get-started-azure.asciidoc[leveloffset=+2]
+include::cspm-permissions.asciidoc[leveloffset=+2]
 include::cspm-findings.asciidoc[leveloffset=+2]
 include::cspm-benchmark-rules.asciidoc[leveloffset=+2]
 include::cspm-cloud-posture-dashboard.asciidoc[leveloffset=+2]

docs/cloud-native-security/cspm-get-started-aws.asciidoc

@@ -10,17 +10,10 @@ This page explains how to get started monitoring the security posture of your cl
 .Requirements
 [sidebar]
 --
+* Minimum privileges vary depending on whether you need to read, write, or manage CSPM data and integrations. Refer to <<cspm-required-permissions>>.
 * The CSPM integration is available to all {ecloud} users. On-premise deployments require an https://www.elastic.co/pricing[Enterprise subscription].
 * CSPM only works in the `Default` {kib} space. Installing the CSPM integration on a different {kib} space will not work. 
 * CSPM is supported only on AWS, GCP, and Azure commercial cloud platforms, and AWS GovCloud. Other government cloud platforms are not supported. https://github.com/elastic/kibana/issues/new/choose[Click here to request support].
-* `Read` privileges for the following {es} indices:
-** `logs-cloud_security_posture.findings_latest-*`
-** `logs-cloud_security_posture.scores-*`
-* The following {kib} privileges:
-** Security: `Read`
-** Integrations: `Read`
-** Saved Objects Management: `Read` 
-** Fleet: `All`
 * The user who gives the CSPM integration AWS permissions must be an AWS account `admin`.
 --
 

docs/cloud-native-security/cspm-get-started-azure.asciidoc

@@ -10,17 +10,10 @@ This page explains how to get started monitoring the security posture of your cl
 .Requirements
 [sidebar]
 --
+* Minimum privileges vary depending on whether you need to read, write, or manage CSPM data and integrations. Refer to <<cspm-required-permissions>>.
 * The CSPM integration is available to all {ecloud} users. On-premise deployments require an https://www.elastic.co/pricing[Enterprise subscription].
 * CSPM only works in the `Default` {kib} space. Installing the CSPM integration on a different {kib} space will not work. 
 * CSPM is supported only on AWS, GCP, and Azure commercial cloud platforms, and AWS GovCloud. Other government cloud platforms are not supported. https://github.com/elastic/kibana/issues/new/choose[Click here to request support].
-* `Read` privileges for the following {es} indices:
-** `logs-cloud_security_posture.findings_latest-*`
-** `logs-cloud_security_posture.scores-*`
-* The following {kib} privileges:
-** Security: `Read`
-** Integrations: `Read`
-** Saved Objects Management: `Read` 
-** Fleet: `All`
 * The user who gives the CSPM integration permissions in Azure must be an Azure subscription `admin`.
 --
 

docs/cloud-native-security/cspm-get-started-gcp.asciidoc

@@ -10,17 +10,10 @@ This page explains how to get started monitoring the security posture of your GC
 .Requirements
 [sidebar]
 --
+* Minimum privileges vary depending on whether you need to read, write, or manage CSPM data and integrations. Refer to <<cspm-required-permissions>>.
 * The CSPM integration is available to all {ecloud} users. On-premise deployments require an https://www.elastic.co/pricing[Enterprise subscription].
 * CSPM only works in the `Default` {kib} space. Installing the CSPM integration on a different {kib} space will not work. 
 * CSPM is supported only on AWS, GCP, and Azure commercial cloud platforms, and AWS GovCloud. Other government cloud platforms are not supported. https://github.com/elastic/kibana/issues/new/choose[Click here to request support].
-* `Read` privileges for the following {es} indices:
-** `logs-cloud_security_posture.findings_latest-*`
-** `logs-cloud_security_posture.scores-*`
-* The following {kib} privileges:
-** Security: `Read`
-** Integrations: `Read`
-** Saved Objects Management: `Read` 
-** Fleet: `All`
 * The user who gives the CSPM integration GCP permissions must be a GCP project `admin`.
 --
 

docs/cloud-native-security/cspm-permissions.asciidoc

@@ -0,0 +1,61 @@
+[[cspm-required-permissions]]
+= CSPM privilege requirements
+
+This page lists required privilges for {elastic-sec}'s CSPM features. There are three access levels: read, write, and manage. Each access level and its requirements are described below.
+
+[discrete]
+== Read
+
+Users with these minimum permissions can view data on the Findings page and the Cloud Posture dashboard.
+
+[discrete]
+=== {es} index privileges
+`Read` privileges for the following {es} indices:
+
+* `logs-cloud_security_posture.findings_latest-*`
+* `logs-cloud_security_posture.scores-*`
+
+[discrete]
+=== {kib} privileges
+
+* `Security: Read`
+
+
+[discrete]
+== Write
+
+Users with these minimum permissions can view data on the Findings page and the Cloud Posture dashboard, create detection rules from the findings details flyout, and enable or disable benchmark rules.
+
+[discrete]
+=== {es} index privileges
+`Read` privileges for the following {es} indices:
+
+* `logs-cloud_security_posture.findings_latest-*`
+* `logs-cloud_security_posture.scores-*`
+
+[discrete]
+=== {kib} privileges
+
+* `Security: All`
+
+
+[discrete]
+== Manage
+
+Users with these minimum permissions can view data on the Findings page and the Cloud Posture dashboard, create detection rules from the findings details flyout, enable or disable benchmark rules, and install, update, or uninstall CSPM integrations and assets.
+
+[discrete]
+=== {es} index privileges
+`Read` privileges for the following {es} indices:
+
+* `logs-cloud_security_posture.findings_latest-*`
+* `logs-cloud_security_posture.scores-*`
+
+[discrete]
+=== {kib} privileges
+
+* `Security: All`
+* `Spaces: All`
+* `Fleet: All`
+* `Integrations: All`
+