[DOCS] CCS no longer needs local *:* permission (elastic/x-pack-elasticsearch#2445)

Original commit: elastic/x-pack-elasticsearch@fb7f6eaeb2

docs/en/security/tribe-clients-integrations/cross-cluster.asciidoc

@@ -16,7 +16,7 @@ roles against its local role definitions to determine which indices the user
 is allowed to access.
 
 
- [WARNING]
+[WARNING]
 This feature was added as Beta in Elasticsearch `v5.3` with further
 improvements made in 5.4 and 5.5. It requires gateway eligible nodes to be on
 `v5.5` onwards.
@@ -86,22 +86,12 @@ PUT _cluster_settings
 Next, set up a role called `cluster_two_logs` on both cluster `one` and
 cluster `two`.
 
-On cluster `one`, this role allows the user to query any indices on remote clusters:
+On cluster `one`, this role does not need any special privileges:
 
 [source,js]
 -----------------------------------------------------------
 POST /_xpack/security/role/cluster_two_logs
 {
-  "indices": [
-    {
-      "names": [
-        "*:*"
-      ],
-      "privileges": [
-        "read"
-      ]
-    }
-  ]
 }
 -----------------------------------------------------------
 
@@ -155,5 +145,6 @@ GET two:logs-2017.04/_search <1>
   }
 }
 -----------------------------------------------------------
+//TBD: Is there a missing description of the <1> callout above?
 
-include::{xkb-repo-dir}/security/cross-cluster-kibana.asciidoc[]
+include::{xkb-repo-dir}/security/cross-cluster-kibana.asciidoc[]