feat(jobs): permissions precisions (#5657)

* feat(jobs): permissions precisions

* Apply suggestions from code review

Co-authored-by: Rowena Jones <[email protected]>

* Update pages/serverless-jobs/how-to/create-job.mdx

Co-authored-by: Jessica <[email protected]>

* Update pages/serverless-jobs/how-to/create-job.mdx

Co-authored-by: Jessica <[email protected]>

* fix(srv): doc review

* Update pages/serverless-jobs/how-to/create-job.mdx

Co-authored-by: Néda <[email protected]>

* Update pages/serverless-jobs/how-to/create-job.mdx

Co-authored-by: Néda <[email protected]>

* Update pages/serverless-jobs/how-to/run-job.mdx

Co-authored-by: Néda <[email protected]>

* Update pages/serverless-jobs/how-to/run-job.mdx

Co-authored-by: Néda <[email protected]>

* fix(srv): doc review

---------

Co-authored-by: Rowena Jones <[email protected]>
Co-authored-by: SamyOubouaziz <[email protected]>
Co-authored-by: Jessica <[email protected]>
Co-authored-by: Néda <[email protected]>

Author: 5 people

pages/iam/reference-content/permission-sets.mdx

@@ -229,7 +229,7 @@ Below is a list of the permission sets available at Scaleway.
 
 | Permission set               | Description                                                                           |
 | :--------------------------: | :-----------------------------------------------------------------------------------: |
-| ServerlessJobsFullAccess     | Full access to create, read, list, edit and delete job definition/run |
+| ServerlessJobsFullAccess     | Full access to create, read, list, edit and delete job definition/run. Does not include permissions for Container Registry and Secret Manager |
 | ServerlessJobsReadOnly       | List and read access to job definition/run |
 
 ### Databases

pages/serverless-jobs/how-to/create-job.mdx

@@ -49,13 +49,13 @@ Scaleway's Serverless Jobs allows you to create jobs from several container [reg
 <Tabs>
     <TabsTab label="Data">
     1. Declare [environment variables](/serverless-jobs/concepts/#environment-variables) you want to inject into your job. For each environment variable, click **+Add variable** and enter the key/value pair.
-    2. Add [secrets references](/serverless-functions/concepts/#secrets) for your Job. Secret references are environment variables fetched from [Scaleway Secret Manager](/secret-manager/) that are injected into your job, but the values are not retained or displayed by Scaleway after initial validation. 
+    2. Add [secret references](/serverless-functions/concepts/#secrets) for your job. Secret references are environment variables fetched from [Scaleway Secret Manager](/secret-manager/) that are injected into your job, but the values are not retained or displayed by Scaleway after initial validation.
           <Message type="note">
           Encode your environment variables and secrets to `base64` if they are too large, and contain carriage returns.
           </Message>
     </TabsTab>
     <TabsTab label="Storage">
-    - Customize the ephemeral storage for your job according to your requirements. The data stored in your job is not retained once it is finished. 
+    - Customize the ephemeral storage for your job according to your requirements. The data stored in your job is not retained once it is finished.
     </TabsTab>
     <TabsTab label="Execution">
     1. Add a **startup command** to your job. It will be executed every time your job is run.
@@ -114,13 +114,13 @@ Private external container registries are currently not supported.
 <Tabs>
     <TabsTab label="Data">
     1. Declare [environment variables](/serverless-jobs/concepts/#environment-variables) you want to inject into your job. For each environment variable, click **+Add variable** and enter the key/value pair.
-    2. Add [secrets references](/serverless-functions/concepts/#secrets) for your Job. Secret references are environment variables fetched from [Scaleway Secret Manager](/secret-manager/) that are injected into your job, but the values are not retained or displayed by Scaleway after initial validation. 
+    2. Add [secret references](/serverless-functions/concepts/#secrets) for your job. Secret references are environment variables fetched from [Scaleway Secret Manager](/secret-manager/) that are injected into your job, but the values are not retained or displayed by Scaleway after initial validation.
           <Message type="note">
           Encode your environment variables and secrets to `base64` if they are too large, and contain carriage returns.
           </Message>
     </TabsTab>
     <TabsTab label="Storage">
-    - Customize the ephemeral storage for your job according to your requirements. The data stored in your job is not retained once it is finished. 
+    - Customize the ephemeral storage for your job according to your requirements. The data stored in your job is not retained once it is finished.
     </TabsTab>
     <TabsTab label="Execution">
     1. Add a **startup command** to your job. It will be executed every time your job is run.

pages/serverless-jobs/how-to/run-job.mdx

@@ -49,8 +49,16 @@ The **Job runs** section contains basic monitoring information for your jobs:
     - A start date and an end date
     - The duration of the job execution
 
-<Message type="tip">
-  Use [Cockpit](/cockpit/quickstart/) for in-depth monitoring of the activity of your serverless jobs.
-</Message>
+## Permissions and product dependencies
+
+Depending on the settings used, Serverless Jobs can have dependencies on other products, such as:
+
+- **Secret Manager**: to securely inject data into jobs
+- **Container Registry**: to store images of jobs
+
+Executing a Serverless Job can fail if some permissions are not definied properly in an [IAM policy](/iam/how-to/create-policy/), for example:
 
+- If the job definition uses an image from **Container Registry**, add the `ContainerRegistryReadOnly` permission.
+- If the job definition consumes data from **Secret Manager**, add the `SecretManagerSecretAccess` permission.
 
+Refer to the [dedicated documentation](/serverless-jobs/how-to/monitor-job/) for comprehensive information on how to monitor jobs using Scaleway Cockpit.

pages/serverless-jobs/troubleshooting/job-in-error-state.mdx

@@ -15,4 +15,6 @@ My job run is in an error state.
 
 - Make sure that you have built your image for an `amd64` architecture, as `arm64` is not supported. See the [Architecture](/serverless-jobs/reference-content/jobs-limitations/#architecture) documentation for more information.
 
-- Make sure that your deployment does not exceed the limitations of [Serverless Jobs](/serverless-jobs/reference-content/jobs-limitations/).
+- Make sure that your deployment does not exceed the limitations of [Serverless Jobs](/serverless-jobs/reference-content/jobs-limitations/).
+
+- Make sure to use the correct permissions when other products are involved - see the [permissions and product dependencies documentation](/serverless-jobs/how-to/run-job/#permissions-and-product-dependencies).