ClickHouse · mintlify · Jun 2, 2026
diff --git a/products/bring-your-own-cloud/reference/privilege.mdx b/products/bring-your-own-cloud/reference/privilege.mdx
@@ -7,7 +7,7 @@ description: 'Deploy ClickHouse on your own cloud infrastructure'
 doc_type: 'reference'
 ---
 
-## CloudFormation IAM roles {#cloudformation-iam-roles}
+## AWS IAM roles {#aws-iam-roles}
 
 ### Bootstrap IAM role {#bootstrap-iam-role}
 

diff --git a/products/cloud/guides/security/audit-logging/byoc-security-playbook.mdx b/products/cloud/guides/security/audit-logging/byoc-security-playbook.mdx
@@ -26,7 +26,7 @@ FROM clusterAllReplicas('default',system.crash_log)
 
 ClickHouse utilizes pre-created roles to enable system functions. This section assumes the customer is using AWS with CloudTrail and has access to the CloudTrail logs.
 
-If an incident may be the result of a compromised role, review activities in CloudTrail and CloudWatch related to the ClickHouse IAM roles and actions. Refer to the [CloudFormation](/products/bring-your-own-cloud/reference/privilege#cloudformation-iam-roles) stack or Terraform module provided as part of setup for a list of IAM roles.
+If an incident may be the result of a compromised role, review activities in CloudTrail and CloudWatch related to the ClickHouse IAM roles and actions. Refer to the [CloudFormation](/products/bring-your-own-cloud/reference/privilege#aws-iam-roles) stack or Terraform module provided as part of setup for a list of IAM roles.
 
 ## Unauthorized access to EKS cluster {#unauthorized-access-eks-cluster}
 

diff --git a/products/cloud/guides/security/cloud-access-management/manage-custom-roles.mdx b/products/cloud/guides/security/cloud-access-management/manage-custom-roles.mdx
@@ -55,6 +55,10 @@ Click the `Allow` button and select from Organization, Service, and/or Database
 Ensure users who will log into the console have a minimum of Organization > Access organization permissions.
 </Tip>
 
+<Note>
+**Data Sources tab access**: To access the **Data Sources** tab, the role currently requires the `Manage and Delete Selected Services` permission.
+</Note>
+
 <Image img="/images/cloud/guides/control_plane/manage_custom_roles/5_custom_role.png" size="md"/>
 </Step>
 <Step>

diff --git a/products/cloud/reference/security/console-roles.mdx b/products/cloud/reference/security/console-roles.mdx
@@ -76,7 +76,7 @@ The table below describes the ClickHouse console and SQL console permissions. Mo
 | control-plane:service:view-private-endpoints | View private endpoint configuration for a service. |
 | control-plane:service:manage-private-endpoints | Create and manage private endpoints and private networking. |
 | **ClickPipes** ([more info](/integrations/clickpipes/home)) | ClickPipes integration |
-| control-plane:service:manage-clickpipes | Manage ClickPipes integration and related settings. |
+| control-plane:service:manage-clickpipes | Manage ClickPipes integration and related settings. Accessing the **Data Sources** tab currently requires `control-plane:service:manage` ("Manage and Delete Selected Services"). |
 | **Scaling** ([more info](/products/cloud/features/autoscaling/overview)) | Scaling and autoscaling configuration |
 | control-plane:service:view-scaling-config | View scaling configuration and autoscaling settings for a service. |
 | control-plane:service:manage-scaling-config | Modify scaling configuration and trigger scaling operations. |
-Original file line number
+Diff line change
@@ Expand Up @@
     Ensure users who will log into the console have a minimum of Organization > Access organization permissions.
     </Tip>
+    <Note>
+    **Data Sources tab access**: To access the **Data Sources** tab, the role currently requires the `Manage and Delete Selected Services` permission.
+    </Note>
     <Image img="/images/cloud/guides/control_plane/manage_custom_roles/5_custom_role.png" size="md"/>
     </Step>
     <Step>
@@ Expand Down @@