The M preview changes the way Android deals with permissions. Rather than viewing a bulky list and approving all of the things an app wants access to right from the beginning, M lets you grant permission as the need arises.
Starting with the second preview, apps now need permission to access storage outside of their own personal space. This was something they could do out-of-the-box in the first preview build of Android M. Now attempting to read or write to any area that is also accessible to other apps has been designated as dangerous behavior, and you will have to allow apps to do so.
You can see the change in the release notes that accompanied the second preview. Note, both the permission to read and write are included under the same broader STORAGE group of permissions.
The android.permission.WRITE_EXTERNAL_STORAGE permission has protection level "dangerous", meaning that apps wanting to write to external storage will need to request permission from the user at runtime. Both READ_EXTERNAL_STORAGE and WRITE_EXTERNAL_STORAGE are members of the STORAGEpermission group.
To be clear, WRITE_EXTERNAL_STORAGE and READ_EXTERNAL_STORAGE don't just refer to removable storage such as microSD cards. Apps will also need permission to access parts of internal storage outside of the folders they manage by default.
This isn't the only change to permissions, either. Reading fingerprints, in contrast, is no longer considered dangerous. This means users can do it without a prompt.
The android.permission.USE_FINGERPRINT permission now has "normal" protection level, so it is no longer necessary to request this permission directly from the user. The USE_FINGERPRINT permission enables fingerprints to be enabled for authentication, but does not give the requesting app access to the enrollment/fingerprint administration flow.
As always, Android M remains a work in progress, and any of this could change in the next monthly update. Stay tuned.