[7.x] Doc changes for stack management and grouped feature privileges (#80486) (#81795)

Co-authored-by: Kaarina Tungseth <kaarina.tungseth@elastic.co>
Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com>
# Conflicts:
#	docs/images/intro-spaces.jpg

docs/management/advanced-options.asciidoc

@@ -11,6 +11,13 @@ values.
 . Enter a new value for the setting.
 . Click *Save changes*.
 
+[float]
+=== Required permissions
+
+The `Advanced Settings` {kib} privilege is required to access *Advanced Settings*.
+
+To add the privilege, open the menu, then click *Stack Management > Roles*.
+
 
 [float]
 [[settings-read-only-access]]

docs/management/alerting/alerts-and-actions-intro.asciidoc

@@ -24,3 +24,8 @@ The *Alerts and Actions* UI only shows alerts and connectors for the current spa
 can be managed through the <<watcher-ui, Watcher UI>>. See
 <<alerting-concepts-differences>> for more information.
 ============================================================================
+
+[float]
+=== Required permissions
+
+Access to alerts and actions is granted based on your privileges to alerting-enabled features. See <<alerting-security, Alerting Security>> for more information.

docs/management/managing-beats.asciidoc

@@ -29,6 +29,13 @@ more information, see https://www.elastic.co/subscriptions and
 enrollment and configuration process step by step the first time you use the
 Central Management UI.
 
+[float]
+=== Required permissions
+
+You must have the `beats_admin` role assigned to use **{beats} Central Management**
+
+To assign the role, open the menu, then click *Stack Management > Users*.
+
 
 [float]
 === Enroll {beats}

docs/management/managing-fields.asciidoc

@@ -7,6 +7,13 @@ the index patterns that retrieve your data from {es}.
 [role="screenshot"]
 image::images/management-index-patterns.png[]
 
+[float]
+=== Required permissions
+
+The `Index Pattern Management` {kib} privilege is required to access the *Index patterns* UI.
+
+To add the privilege, open the menu, then click *Stack Management > Roles*.
+
 [float]
 === Create an index pattern
 

docs/management/managing-saved-objects.asciidoc

@@ -10,6 +10,16 @@ To get started, open the main menu, then click *Stack Management > Saved Objects
 [role="screenshot"]
 image::images/management-saved-objects.png[Saved Objects]
 
+[float]
+=== Required permissions
+
+The `Saved Objects Management` {kib} privilege is required to access the *Saved Objects* UI.
+
+To add the privilege, open the menu, then click *Stack Management > Roles*.
+
+NOTE:
+Granting access to Saved Objects Management will authorize users to manage all saved objects in {kib}, including objects that are managed by applications they may not otherwise be authorized to access.
+
 
 [float]
 [[managing-saved-objects-view]]

docs/spaces/index.asciidoc

@@ -25,6 +25,11 @@ Kibana supports spaces in several ways.  You can:
 * <<spaces-default-route, Configure a Space-level landing page>>
 * <<spaces-delete-started, Disable the Spaces feature>>
 
+[float]
+==== Required permissions
+
+The `kibana_admin` role or equivilent is required to manage **Spaces**.
+
 [float]
 [[spaces-managing]]
 === View, create, and delete spaces

docs/user/introduction.asciidoc

@@ -112,7 +112,7 @@ You can even choose which features to enable within each space. Don’t need
 Machine learning in your “Executive” space? Simply turn it off.
 
 [role="screenshot"]
-image::images/intro-spaces.jpg[]
+image::images/intro-spaces.png[Space selector screen]
 
 You can take this all one step further with Kibana’s security features, and
 control which users have access to each space. {kib} allows for fine-grained

docs/user/management.asciidoc

@@ -6,6 +6,10 @@
 *Stack Management* is home to UIs for managing all things Elastic Stack—
 indices, clusters, licenses, UI settings, index patterns, spaces, and more.
 
+
+Access to individual features is governed by {es} and {kib} privileges.
+Consult your administrator if you do not have the appropriate access.
+
 [float]
 [[manage-ingest]]
 == Ingest

docs/user/security/authorization/index.asciidoc

@@ -13,7 +13,12 @@ you cannot use `kibana_admin` to grant access. You must create custom roles that
 [[kibana-role-management]]
 === {kib} role management
 
-To create a role that grants {kib} privileges, open the main menu, click *Stack Management > Roles*, then click *Create role*. 
+To create a role that grants {kib} privileges, open the menu, then click *Stack Management > Roles* and click **Create role**.
+
+[float]
+==== Required permissions
+
+The `manage_security` cluster privilege is required to access role management.
 
 [[adding_kibana_privileges]]
 ==== Adding {kib} privileges

docs/user/security/index.asciidoc

@@ -10,6 +10,12 @@ auditing. For more information, see
 {ref}/secure-cluster.html[Secure a cluster] and
 <<using-kibana-with-security,Configuring Security in {kib}>>.
 
+[float]
+=== Required permissions
+
+The `manage_security` cluster privilege is required to access all Security features.
+
+
 [float]
 === Users
 

docs/user/security/role-mappings/index.asciidoc

@@ -19,6 +19,11 @@ With *Role mappings*, you can:
 [role="screenshot"]
 image:user/security/role-mappings/images/role-mappings-grid.png["Role mappings"]
 
+[float]
+==== Required permissions
+
+The `manage_security` cluster privilege is required to manage Role Mappings.
+
 
 [float]
 === Create a role mapping