diff --git a/.generator/schemas/v2/openapi.yaml b/.generator/schemas/v2/openapi.yaml
index 6b2be5e511d9..c92e22b2d73d 100644
--- a/.generator/schemas/v2/openapi.yaml
+++ b/.generator/schemas/v2/openapi.yaml
@@ -112740,7 +112740,11 @@ paths:
         permissions:
           - user_access_read
     post:
-      description: Create a new role for your organization.
+      description: >-
+        Create a new role for your organization.
+
+
+        **Note**: When a role is created, the following permissions are automatically added, regardless of whether they are included in the request: Dashboards Read, Notebooks Read, Monitors Read, APM Read, Vulnerability Management Read, RUM Apps Read, Incidents Read, SLOs Read, CI Visibility Read, and CD Visibility Read.
       operationId: CreateRole
       requestBody:
         content:
@@ -129945,15 +129949,10 @@ tags:
       organize, find, and share all of your dashboards with your team and
       organization.
     name: Dashboard Lists
-  - description: |-
-      Manage securely embedded Datadog dashboards. Secure embeds use HMAC-SHA256 signed sessions
-      for authentication, enabling customers to embed dashboards in their own applications with
-      server-side auth control. Unlike public dashboards (open URL) or invite dashboards
-      (email-based access), secure embeds provide programmatic access control.
+  - description: >-
+      Manage securely embedded Datadog dashboards. Secure embeds use HMAC-SHA256 signed sessions for authentication, enabling customers to embed dashboards in their own applications with server-side auth control. Unlike public dashboards (open URL) or invite dashboards (email-based access), secure embeds provide programmatic access control.
 
-      **Requirements:**
-      - **Embed** sharing must be enabled under **Organization Settings** > **Public Sharing** > **Shared Dashboards**.
-      - You need [an API key and an application key](https://docs.datadoghq.com/account_management/api-app-keys/) to interact with these endpoints.
+      **Requirements:** - Org setting: SharedDashboards > Embed sharing must be enabled. - AuthN: Datadog API key and application key. - Read operations require `dashboards_read` permission. - Write operations require `dashboards_embed_share` permission.
     name: Dashboard Secure Embed
   - description: |-
       The Data Deletion API allows the user to target and delete data from the allowed products. It's currently enabled for Logs and RUM and depends on `logs_delete_data` and `rum_delete_data` permissions respectively.
diff --git a/features/v2/dashboard_secure_embed.feature b/features/v2/dashboard_secure_embed.feature
index ad268373fbc1..25cb5335e322 100644
--- a/features/v2/dashboard_secure_embed.feature
+++ b/features/v2/dashboard_secure_embed.feature
@@ -4,11 +4,11 @@ Feature: Dashboard Secure Embed
   signed sessions for authentication, enabling customers to embed dashboards
   in their own applications with server-side auth control. Unlike public
   dashboards (open URL) or invite dashboards (email-based access), secure
-  embeds provide programmatic access control.  **Requirements:** - **Embed**
-  sharing must be enabled under **Organization Settings** > **Public
-  Sharing** > **Shared Dashboards**. - You need [an API key and an
-  application key](https://docs.datadoghq.com/account_management/api-app-
-  keys/) to interact with these endpoints.
+  embeds provide programmatic access control. **Requirements:** - Org
+  setting: SharedDashboards > Embed sharing must be enabled. - AuthN:
+  Datadog API key and application key. - Read operations require
+  `dashboards_read` permission. - Write operations require
+  `dashboards_embed_share` permission.
 
   Background:
     Given a valid "apiKeyAuth" key in the system
diff --git a/services/dashboard_secure_embed/README.md b/services/dashboard_secure_embed/README.md
index b41dbd3ba5d6..62adb7694838 100644
--- a/services/dashboard_secure_embed/README.md
+++ b/services/dashboard_secure_embed/README.md
@@ -2,14 +2,8 @@
 
 ## Description
 
-Manage securely embedded Datadog dashboards. Secure embeds use HMAC-SHA256 signed sessions
-for authentication, enabling customers to embed dashboards in their own applications with
-server-side auth control. Unlike public dashboards (open URL) or invite dashboards
-(email-based access), secure embeds provide programmatic access control.
-
-**Requirements:**
-- **Embed** sharing must be enabled under **Organization Settings** > **Public Sharing** > **Shared Dashboards**.
-- You need [an API key and an application key](https://docs.datadoghq.com/account_management/api-app-keys/) to interact with these endpoints.
+Manage securely embedded Datadog dashboards. Secure embeds use HMAC-SHA256 signed sessions for authentication, enabling customers to embed dashboards in their own applications with server-side auth control. Unlike public dashboards (open URL) or invite dashboards (email-based access), secure embeds provide programmatic access control.
+**Requirements:** - Org setting: SharedDashboards > Embed sharing must be enabled. - AuthN: Datadog API key and application key. - Read operations require `dashboards_read` permission. - Write operations require `dashboards_embed_share` permission.
 
 ## Navigation
 
diff --git a/services/roles/src/v2/RolesApi.ts b/services/roles/src/v2/RolesApi.ts
index d3ddf242603c..765fc2da7c18 100644
--- a/services/roles/src/v2/RolesApi.ts
+++ b/services/roles/src/v2/RolesApi.ts
@@ -1902,6 +1902,8 @@ export class RolesApi {
 
   /**
    * Create a new role for your organization.
+   *
+   * **Note**: When a role is created, the following permissions are automatically added, regardless of whether they are included in the request: Dashboards Read, Notebooks Read, Monitors Read, APM Read, Vulnerability Management Read, RUM Apps Read, Incidents Read, SLOs Read, CI Visibility Read, and CD Visibility Read.
    * @param param The request object
    */
   public createRole(