Add a note mentioning the privileges needed for SLM

docs/reference/ilm/getting-started-slm.asciidoc

@@ -8,6 +8,52 @@ hands-on scenario. The goal of this example is to automatically back up {es}
 indices using the <<modules-snapshots,snapshots>> every day at a particular
 time.
 
+[float]
+[[slm-and-security]]
+=== Security and SLM
+Before starting, it's important to understand the privileges that are needed
+when configuring SLM if you are using the security plugin. There are two
+built-in cluster privileges that can be used to assist: `manage_slm` and
+`read_slm`. It's also good to note that the `create_snapshot` permission
+allows taking snapshots even for indices the role may not have access to.
+
+An example of configuring an administrator role for SLM follows:
+
+[source,js]
+-----------------------------------
+POST /_security/role/slm-admin
+{
+  "cluster": ["manage_slm", "create_snapshot"],
+  "indices": [
+    {
+      "names": [".slm-history-*"],
+      "privileges": ["all"]
+    }
+  ]
+}
+-----------------------------------
+// CONSOLE
+// TEST[skip:security is not enabled here]
+
+Or, for a read-only role that can retrieve policies (but not update, execute, or
+delete them), as well as only view the history index:
+
+[source,js]
+-----------------------------------
+POST /_security/role/slm-read-only
+{
+  "cluster": ["read_slm"],
+  "indices": [
+    {
+      "names": [".slm-history-*"],
+      "privileges": ["read"]
+    }
+  ]
+}
+-----------------------------------
+// CONSOLE
+// TEST[skip:security is not enabled here]
+
 [float]
 [[slm-gs-create-policy]]
 === Setting up a repository
@@ -166,4 +212,4 @@ by searching the index pattern `.slm-history*`.
 That's it! We have our first SLM policy set up to periodically take snapshots
 so that our backups are always up to date. You can read more details in the 
 <<snapshot-lifecycle-management-api,SLM API documentation>> and the
-<<modules-snapshots,general snapshot documentation.>>
+<<modules-snapshots,general snapshot documentation.>>