[DOCS-12652] Note auto-added permissions on Create Role

.generator/schemas/v2/openapi.yaml

@@ -112740,7 +112740,11 @@ paths:
         permissions:
           - user_access_read
     post:
-      description: Create a new role for your organization.
+      description: >-
+        Create a new role for your organization.
+
+
+        **Note**: When a role is created, the following permissions are automatically added, regardless of whether they are included in the request: Dashboards Read, Notebooks Read, Monitors Read, APM Read, Vulnerability Management Read, RUM Apps Read, Incidents Read, SLOs Read, CI Visibility Read, and CD Visibility Read.
       operationId: CreateRole
       requestBody:
         content:
@@ -129945,15 +129949,10 @@ tags:
       organize, find, and share all of your dashboards with your team and
       organization.
     name: Dashboard Lists
-  - description: |-
-      Manage securely embedded Datadog dashboards. Secure embeds use HMAC-SHA256 signed sessions
-      for authentication, enabling customers to embed dashboards in their own applications with
-      server-side auth control. Unlike public dashboards (open URL) or invite dashboards
-      (email-based access), secure embeds provide programmatic access control.
+  - description: >-
+      Manage securely embedded Datadog dashboards. Secure embeds use HMAC-SHA256 signed sessions for authentication, enabling customers to embed dashboards in their own applications with server-side auth control. Unlike public dashboards (open URL) or invite dashboards (email-based access), secure embeds provide programmatic access control.
 
-      **Requirements:**
-      - **Embed** sharing must be enabled under **Organization Settings** > **Public Sharing** > **Shared Dashboards**.
-      - You need [an API key and an application key](https://docs.datadoghq.com/account_management/api-app-keys/) to interact with these endpoints.
+      **Requirements:** - Org setting: SharedDashboards > Embed sharing must be enabled. - AuthN: Datadog API key and application key. - Read operations require `dashboards_read` permission. - Write operations require `dashboards_embed_share` permission.
     name: Dashboard Secure Embed
   - description: |-
       The Data Deletion API allows the user to target and delete data from the allowed products. It's currently enabled for Logs and RUM and depends on `logs_delete_data` and `rum_delete_data` permissions respectively.

features/v2/dashboard_secure_embed.feature

@@ -4,11 +4,11 @@ Feature: Dashboard Secure Embed
   signed sessions for authentication, enabling customers to embed dashboards
   in their own applications with server-side auth control. Unlike public
   dashboards (open URL) or invite dashboards (email-based access), secure
-  embeds provide programmatic access control.  **Requirements:** - **Embed**
-  sharing must be enabled under **Organization Settings** > **Public
-  Sharing** > **Shared Dashboards**. - You need [an API key and an
-  application key](https://docs.datadoghq.com/account_management/api-app-
-  keys/) to interact with these endpoints.
+  embeds provide programmatic access control. **Requirements:** - Org
+  setting: SharedDashboards > Embed sharing must be enabled. - AuthN:
+  Datadog API key and application key. - Read operations require
+  `dashboards_read` permission. - Write operations require
+  `dashboards_embed_share` permission.
 
   Background:
     Given a valid "apiKeyAuth" key in the system

services/dashboard_secure_embed/README.md

@@ -2,14 +2,8 @@
 
 ## Description
 
-Manage securely embedded Datadog dashboards. Secure embeds use HMAC-SHA256 signed sessions
-for authentication, enabling customers to embed dashboards in their own applications with
-server-side auth control. Unlike public dashboards (open URL) or invite dashboards
-(email-based access), secure embeds provide programmatic access control.
-
-**Requirements:**
-- **Embed** sharing must be enabled under **Organization Settings** > **Public Sharing** > **Shared Dashboards**.
-- You need [an API key and an application key](https://docs.datadoghq.com/account_management/api-app-keys/) to interact with these endpoints.
+Manage securely embedded Datadog dashboards. Secure embeds use HMAC-SHA256 signed sessions for authentication, enabling customers to embed dashboards in their own applications with server-side auth control. Unlike public dashboards (open URL) or invite dashboards (email-based access), secure embeds provide programmatic access control.
+**Requirements:** - Org setting: SharedDashboards > Embed sharing must be enabled. - AuthN: Datadog API key and application key. - Read operations require `dashboards_read` permission. - Write operations require `dashboards_embed_share` permission.
 
 ## Navigation
 

services/roles/src/v2/RolesApi.ts

@@ -1902,6 +1902,8 @@ export class RolesApi {
 
   /**
    * Create a new role for your organization.
+   *
+   * **Note**: When a role is created, the following permissions are automatically added, regardless of whether they are included in the request: Dashboards Read, Notebooks Read, Monitors Read, APM Read, Vulnerability Management Read, RUM Apps Read, Incidents Read, SLOs Read, CI Visibility Read, and CD Visibility Read.
    * @param param The request object
    */
   public createRole(