[Response Ops][Reporting] Add documentation about required privileges with API key authentication

[ymao1]

In 8.19, we switched to using API keys for authenticating report generation: elastic/kibana#216558 instead of using a session cookie based on user credentials. There's a subtle difference between the permissions required for CCS access between using user credentials and API key credentials. According to the Elasticsearch docs

If requests are authenticated with an API key, the API key requires the above privileges on the local cluster, instead of the remote.

We should add a note to our documentation identifying this difference, perhaps with an example of the permissions update needed for report generation in a CCS environment

[elasticmachine]

Pinging @elastic/response-ops (Team:ResponseOps)

[nastasha-solomon]

@ymao1 what were you thinking of for this?

an example of the permissions update needed for report generation in a CCS environment

[ymao1]

Something like the example from the linked SDH?

Where the permissions of the user on the local cluster needs to look like:

{

 "indices": [

  {

   "names": [ "general:filebeat-*-isam*", "filebeat-*-isam*" ],

   "privileges": [ "read", "view_index_metadata", "read_cross_cluster" ]

  }

 ]

}

The important part is that in the local cluster, they're giving permission to both the index in the remote cluster: general:filebeat-* AND the index in the local cluster filebeat-*, even if the index does not exist in the local cluster.

[nastasha-solomon]

8.19, 9.x, and Serverless docs updated.