diff --git a/products/bring-your-own-cloud/reference/privilege.mdx b/products/bring-your-own-cloud/reference/privilege.mdx
index 4ee23581..010a0053 100644
--- a/products/bring-your-own-cloud/reference/privilege.mdx
+++ b/products/bring-your-own-cloud/reference/privilege.mdx
@@ -7,7 +7,7 @@ description: 'Deploy ClickHouse on your own cloud infrastructure'
doc_type: 'reference'
---
-## CloudFormation IAM roles {#cloudformation-iam-roles}
+## AWS IAM roles {#aws-iam-roles}
### Bootstrap IAM role {#bootstrap-iam-role}
diff --git a/products/cloud/guides/security/audit-logging/byoc-security-playbook.mdx b/products/cloud/guides/security/audit-logging/byoc-security-playbook.mdx
index 6ade2b86..3297ac37 100644
--- a/products/cloud/guides/security/audit-logging/byoc-security-playbook.mdx
+++ b/products/cloud/guides/security/audit-logging/byoc-security-playbook.mdx
@@ -26,7 +26,7 @@ FROM clusterAllReplicas('default',system.crash_log)
ClickHouse utilizes pre-created roles to enable system functions. This section assumes the customer is using AWS with CloudTrail and has access to the CloudTrail logs.
-If an incident may be the result of a compromised role, review activities in CloudTrail and CloudWatch related to the ClickHouse IAM roles and actions. Refer to the [CloudFormation](/products/bring-your-own-cloud/reference/privilege#cloudformation-iam-roles) stack or Terraform module provided as part of setup for a list of IAM roles.
+If an incident may be the result of a compromised role, review activities in CloudTrail and CloudWatch related to the ClickHouse IAM roles and actions. Refer to the [CloudFormation](/products/bring-your-own-cloud/reference/privilege#aws-iam-roles) stack or Terraform module provided as part of setup for a list of IAM roles.
## Unauthorized access to EKS cluster {#unauthorized-access-eks-cluster}
diff --git a/products/cloud/guides/security/cloud-access-management/manage-custom-roles.mdx b/products/cloud/guides/security/cloud-access-management/manage-custom-roles.mdx
index ea1cc958..442b6a8a 100644
--- a/products/cloud/guides/security/cloud-access-management/manage-custom-roles.mdx
+++ b/products/cloud/guides/security/cloud-access-management/manage-custom-roles.mdx
@@ -55,6 +55,10 @@ Click the `Allow` button and select from Organization, Service, and/or Database
Ensure users who will log into the console have a minimum of Organization > Access organization permissions.
+
+**Data Sources tab access**: To access the **Data Sources** tab, the role currently requires the `Manage and Delete Selected Services` permission.
+
+
diff --git a/products/cloud/reference/security/console-roles.mdx b/products/cloud/reference/security/console-roles.mdx
index ddb87cee..dde81541 100644
--- a/products/cloud/reference/security/console-roles.mdx
+++ b/products/cloud/reference/security/console-roles.mdx
@@ -76,7 +76,7 @@ The table below describes the ClickHouse console and SQL console permissions. Mo
| control-plane:service:view-private-endpoints | View private endpoint configuration for a service. |
| control-plane:service:manage-private-endpoints | Create and manage private endpoints and private networking. |
| **ClickPipes** ([more info](/integrations/clickpipes/home)) | ClickPipes integration |
-| control-plane:service:manage-clickpipes | Manage ClickPipes integration and related settings. |
+| control-plane:service:manage-clickpipes | Manage ClickPipes integration and related settings. Accessing the **Data Sources** tab currently requires `control-plane:service:manage` ("Manage and Delete Selected Services"). |
| **Scaling** ([more info](/products/cloud/features/autoscaling/overview)) | Scaling and autoscaling configuration |
| control-plane:service:view-scaling-config | View scaling configuration and autoscaling settings for a service. |
| control-plane:service:manage-scaling-config | Modify scaling configuration and trigger scaling operations. |