From 3a8bc2d77a14f709ebba2a3e73819742fc7cda73 Mon Sep 17 00:00:00 2001
From: Florence Morris <florence@cockroachlabs.com>
Date: Thu, 11 Sep 2025 17:08:45 -0400
Subject: [PATCH 1/5] In authorization.md, added sections for Cluster Monitor
 and Metrics Viewer.

In cloud-roles-table.md, added columns for Cluster Monitor and Metrics Viewer.

In export-metrics-advanced.md, export-metrics.md, export-logs-advanced.md and export-logs.md, added link to Metrics Viewer.

In insights-page.md, jobs-page.md, sessions-page.md, statements-page.md, transactions-page.md, added link to Cluster Monitor.

In metrics.md, added link to Metrics Viewer.
---
 src/current/cockroachcloud/authorization.md   | 21 ++++++++++++++++++-
 .../cockroachcloud/export-logs-advanced.md    |  1 +
 src/current/cockroachcloud/export-logs.md     |  1 +
 .../cockroachcloud/export-metrics-advanced.md |  6 +++++-
 src/current/cockroachcloud/export-metrics.md  |  6 +++++-
 src/current/cockroachcloud/insights-page.md   |  4 ++--
 src/current/cockroachcloud/jobs-page.md       |  2 +-
 src/current/cockroachcloud/metrics.md         |  2 +-
 src/current/cockroachcloud/sessions-page.md   |  2 ++
 src/current/cockroachcloud/statements-page.md |  4 +++-
 .../cockroachcloud/transactions-page.md       |  4 +++-
 11 files changed, 44 insertions(+), 9 deletions(-)

diff --git a/src/current/cockroachcloud/authorization.md b/src/current/cockroachcloud/authorization.md
index e6d39251cf2..befe7c2b2ec 100644
--- a/src/current/cockroachcloud/authorization.md
+++ b/src/current/cockroachcloud/authorization.md
@@ -132,10 +132,29 @@ This role can be assigned at the scope of the organization or on a folder. If as
 
 ### Cluster Developer
 
-The **Cluster Developer** role allows users view cluster details and access the [DB Console]({% link cockroachcloud/network-authorization.md %}#db-console), allowing them to [export a connection string from the cluster page UI]({% link cockroachcloud/authentication.md %}#the-connection-string), although they will still need a Cluster Admin to [provision their SQL credentials]({% link cockroachcloud/managing-access.md %}#manage-sql-users-on-a-cluster) for the cluster.
+The **Cluster Developer** role allows users to view cluster details and access the [DB Console]({% link cockroachcloud/network-authorization.md %}#db-console), allowing them to [export a connection string from the cluster page UI]({% link cockroachcloud/authentication.md %}#the-connection-string), although they will still need a Cluster Admin to [provision their SQL credentials]({% link cockroachcloud/managing-access.md %}#manage-sql-users-on-a-cluster) for the cluster.
 
 This role can be assigned at the scope of the organization, on an individual cluster, or on a folder. If assigned to a folder, it is inherited on the folder's clusters, descendent folders, and their descendants.
 
+### Cluster Monitor
+
+The **Cluster Monitor** role provides read‑only visibility into SQL activity and workload health without broader administrative privileges. Users with this role can view the SQL Activity pages ([Sessions]({% link cockroachcloud/sessions-page.md %}), [Statements]({% link cockroachcloud/statements-page.md %}), and [Transactions]({% link cockroachcloud/transactions-page.md %})), the [Jobs page]({% link cockroachcloud/jobs-page.md %}), and the [Insights page]({% link cockroachcloud/insights-page.md %}).
+
+This role can be assigned at the scope of the organization, on an individual cluster, or on a folder. If assigned to a folder, it is inherited on the folder's clusters, descendent folders, and their descendants.
+
+### Metrics Viewer
+
+The **Metrics Viewer** role grants read‑only access to observability metrics for a cluster without any administrative or data‑manipulation privileges.
+
+- Users with this role can view a cluster's Metrics from the [Metrics page]({% link cockroachcloud/metrics.md %}#cockroachdb-cloud-console-metrics-page).
+- Service accounts with this role can access the [metrics export API]({% link cockroachcloud/export-metrics.md %}#the-metricexport-endpoint) and the [log export API]({% link cockroachcloud/export-logs.md %}#the-logexport-endpoint) to integrate with external observability systems.
+
+This role can be assigned at the scope of the organization, on an individual cluster, or on a folder. If assigned to a folder, it is inherited on the folder's clusters, descendent folders, and their descendants.
+
+{{site.data.alerts.callout_info}}
+To give a developer the ability to both connect to a cluster and monitor performance with least privilege, combine [**Cluster Developer**](#cluster-developer) with **Metrics Viewer** (and optionally [**Cluster Monitor**](#cluster-monitor)).
+{{site.data.alerts.end}}
+
 ### Folder Admin
 
 {% capture folder_admin_docs %}{% include cockroachcloud/org-roles/folder-admin.md %}{% endcapture %}
diff --git a/src/current/cockroachcloud/export-logs-advanced.md b/src/current/cockroachcloud/export-logs-advanced.md
index 02a17e9e756..cf3767dcccd 100644
--- a/src/current/cockroachcloud/export-logs-advanced.md
+++ b/src/current/cockroachcloud/export-logs-advanced.md
@@ -24,6 +24,7 @@ Access to the `logexport` endpoint requires a valid CockroachDB {{ site.data.pro
 - [Organization Admin]({% link cockroachcloud/authorization.md %}#organization-admin)
 - [Cluster Admin]({% link cockroachcloud/authorization.md %}#cluster-admin)
 - [Cluster Operator]({% link cockroachcloud/authorization.md %}#cluster-operator)
+- [Metrics Viewer]({% link cockroachcloud/authorization.md %}#metrics-viewer)
 
 The following methods are available for use with the `logexport` endpoint:
 
diff --git a/src/current/cockroachcloud/export-logs.md b/src/current/cockroachcloud/export-logs.md
index 6aab93e67ba..c1ca6569b7e 100644
--- a/src/current/cockroachcloud/export-logs.md
+++ b/src/current/cockroachcloud/export-logs.md
@@ -24,6 +24,7 @@ Access to the `logexport` endpoint requires a valid CockroachDB {{ site.data.pro
 - [Organization Admin]({% link cockroachcloud/authorization.md %}#organization-admin)
 - [Cluster Admin]({% link cockroachcloud/authorization.md %}#cluster-admin)
 - [Cluster Operator]({% link cockroachcloud/authorization.md %}#cluster-operator)
+- [Metrics Viewer]({% link cockroachcloud/authorization.md %}#metrics-viewer)
 
 The following methods are available for use with the `logexport` endpoint:
 
diff --git a/src/current/cockroachcloud/export-metrics-advanced.md b/src/current/cockroachcloud/export-metrics-advanced.md
index 38c5faf1535..374335446b6 100644
--- a/src/current/cockroachcloud/export-metrics-advanced.md
+++ b/src/current/cockroachcloud/export-metrics-advanced.md
@@ -27,7 +27,11 @@ Datadog            | `https://cockroachlabs.cloud/api/v1/clusters/{your_cluster_
 Prometheus         | `https://cockroachlabs.cloud/api/v1/clusters/{your_cluster_id}/metricexport/prometheus`
 Azure Monitor      | `https://cockroachlabs.cloud/api/v1/clusters/{your_cluster_id}/metricexport/azuremonitor`
 
-Access to the `metricexport` endpoints requires a valid CockroachDB {{ site.data.products.cloud }} [service account]({% link cockroachcloud/managing-access.md %}#manage-service-accounts) with the appropriate permissions (`admin` privilege, Cluster Admin role, or Cluster Operator role).
+Access to the `metricexport` endpoints requires a valid CockroachDB {{ site.data.products.cloud }} [service account]({% link cockroachcloud/managing-access.md %}#manage-service-accounts) assigned one of the following [roles]({% link cockroachcloud/managing-access.md %}#edit-roles-on-a-service-account):
+
+- [Metrics Viewer]({% link cockroachcloud/authorization.md %}#metrics-viewer)
+- [Cluster Operator]({% link cockroachcloud/authorization.md %}#cluster-operator)
+- [Cluster Admin]({% link cockroachcloud/authorization.md %}#cluster-admin)
 
 The following methods are available for use with the `metricexport` endpoints, and require the listed service account permissions:
 
diff --git a/src/current/cockroachcloud/export-metrics.md b/src/current/cockroachcloud/export-metrics.md
index c28293ecf5e..c8c20cbecb6 100644
--- a/src/current/cockroachcloud/export-metrics.md
+++ b/src/current/cockroachcloud/export-metrics.md
@@ -26,7 +26,11 @@ Amazon CloudWatch  | `https://cockroachlabs.cloud/api/v1/clusters/{your_cluster_
 Datadog            | `https://cockroachlabs.cloud/api/v1/clusters/{your_cluster_id}/metricexport/datadog`
 Prometheus         | `https://cockroachlabs.cloud/api/v1/clusters/{your_cluster_id}/metricexport/prometheus`
 
-Access to the `metricexport` endpoints requires a valid CockroachDB {{ site.data.products.cloud }} [service account]({% link cockroachcloud/managing-access.md %}#manage-service-accounts) with the appropriate permissions (`admin` privilege or Cluster Admin role).
+Access to the `metricexport` endpoints requires a valid CockroachDB {{ site.data.products.cloud }} [service account]({% link cockroachcloud/managing-access.md %}#manage-service-accounts) assigned one of the following [roles]({% link cockroachcloud/managing-access.md %}#edit-roles-on-a-service-account):
+
+- [Metrics Viewer]({% link cockroachcloud/authorization.md %}#metrics-viewer)
+- [Cluster Operator]({% link cockroachcloud/authorization.md %}#cluster-operator)
+- [Cluster Admin]({% link cockroachcloud/authorization.md %}#cluster-admin)
 
 The following methods are available for use with the `metricexport` endpoints, and require the listed service account permissions:
 
diff --git a/src/current/cockroachcloud/insights-page.md b/src/current/cockroachcloud/insights-page.md
index e2499a53301..d06c4a83654 100644
--- a/src/current/cockroachcloud/insights-page.md
+++ b/src/current/cockroachcloud/insights-page.md
@@ -15,7 +15,7 @@ The **Insights** page of the CockroachDB {{ site.data.products.cloud }} Console
 - Identify SQL statements with [high retry counts]({% link {{ site.current_cloud_version }}/transactions.md %}#automatic-retries), [slow execution]({% link {{ site.current_cloud_version }}/query-behavior-troubleshooting.md %}#identify-slow-queries), or [suboptimal plans]({% link {{ site.current_cloud_version }}/cost-based-optimizer.md %}).
 - Identify [indexes]({% link {{ site.current_cloud_version }}/indexes.md %}) that should be created, altered, replaced, or dropped to improve performance.
 
-Viewing the insights page requires the [Cluster Admin]({% link cockroachcloud/authorization.md %}#cluster-admin) or [Cluster Operator]({% link cockroachcloud/authorization.md %}#cluster-operator) role. To view this page, select a cluster from the [**Clusters** page]({% link cockroachcloud/cluster-management.md %}#view-clusters-page), and click **Insights** in the **Monitoring** section of the left side navigation.
+Viewing the Insights page requires the [Cluster Monitor]({% link cockroachcloud/authorization.md %}#cluster-monitor), [Cluster Operator]({% link cockroachcloud/authorization.md %}#cluster-operator), or [Cluster Admin]({% link cockroachcloud/authorization.md %}#cluster-admin) role. To view this page, select a cluster from the [**Clusters** page]({% link cockroachcloud/cluster-management.md %}#view-clusters-page), and click **Insights** in the **Monitoring** section of the left side navigation.
 
 {% include {{version_prefix}}ui/insights.md version_prefix=version_prefix %}
 
@@ -23,4 +23,4 @@ Viewing the insights page requires the [Cluster Admin]({% link cockroachcloud/au
 
 - [Statements page]({% link cockroachcloud/statements-page.md %})
 - [Transactions page]({% link cockroachcloud/transactions-page.md %})
-- [Databases page]({% link cockroachcloud/databases-page.md %})
\ No newline at end of file
+- [Databases page]({% link cockroachcloud/databases-page.md %})
diff --git a/src/current/cockroachcloud/jobs-page.md b/src/current/cockroachcloud/jobs-page.md
index 99b1d32ce1d..e522856b4e8 100644
--- a/src/current/cockroachcloud/jobs-page.md
+++ b/src/current/cockroachcloud/jobs-page.md
@@ -10,7 +10,7 @@ docs_area: manage
 
 The **Jobs** page of the CockroachDB {{ site.data.products.cloud }} Console provides details of all jobs in the cluster.
 
-Viewing jobs requires the [Cluster Admin]({% link cockroachcloud/authorization.md %}#cluster-admin) role. To view this page, select a cluster from the [**Clusters** page]({% link cockroachcloud/cluster-management.md %}#view-clusters-page), and click **Jobs** in the **Monitoring** section of the left side navigation.
+Viewing jobs requires the [Cluster Monitor]({% link cockroachcloud/authorization.md %}#cluster-monitor), [Cluster Operator]({% link cockroachcloud/authorization.md %}#cluster-operator), or [Cluster Admin]({% link cockroachcloud/authorization.md %}#cluster-admin) role. To view this page, select a cluster from the [**Clusters** page]({% link cockroachcloud/cluster-management.md %}#view-clusters-page), and click **Jobs** in the **Monitoring** section of the left side navigation.
 
 {% include common/ui/jobs-page.md %}
 
diff --git a/src/current/cockroachcloud/metrics.md b/src/current/cockroachcloud/metrics.md
index 8d5698d8c96..8384dadc065 100644
--- a/src/current/cockroachcloud/metrics.md
+++ b/src/current/cockroachcloud/metrics.md
@@ -10,7 +10,7 @@ Depending on your CockroachDB {{ site.data.products.cloud }} deployment, you can
 - For all CockroachDB {{ site.data.products.cloud }} deployments, you can use the [CockroachDB {{ site.data.products.cloud }} Console **Metrics** page](#cockroachdb-cloud-console-metrics-page).
 - For CockroachDB {{ site.data.products.standard }} and CockroachDB {{ site.data.products.advanced }} deployments, you can [export metrics](#export-metrics) to a third-party cloud sink.
 
-Viewing metrics on a cluster requires the [Cluster Admin]({% link cockroachcloud/authorization.md %}#cluster-admin) or [Cluster Operator]({% link cockroachcloud/authorization.md %}#cluster-operator) role.
+Viewing metrics on a cluster requires the [Metrics Viewer]({% link cockroachcloud/authorization.md %}#metrics-viewer), [Cluster Operator]({% link cockroachcloud/authorization.md %}#cluster-operator), or [Cluster Admin]({% link cockroachcloud/authorization.md %}#cluster-admin) role.
 
 To understand how to make both practical and actionable use of the metrics in a production deployment, refer to the following documentation:
 
diff --git a/src/current/cockroachcloud/sessions-page.md b/src/current/cockroachcloud/sessions-page.md
index 8e7940f3699..db75fa5f3d5 100644
--- a/src/current/cockroachcloud/sessions-page.md
+++ b/src/current/cockroachcloud/sessions-page.md
@@ -10,6 +10,8 @@ docs_area: manage
 
 The **Sessions** page of the CockroachDB {{ site.data.products.cloud }} Console provides details of all open sessions in the cluster.
 
+Viewing the Sessions page requires the [Cluster Monitor]({% link cockroachcloud/authorization.md %}#cluster-monitor), [Cluster Operator]({% link cockroachcloud/authorization.md %}#cluster-operator), or [Cluster Admin]({% link cockroachcloud/authorization.md %}#cluster-admin) role.
+
 To view this page, select a cluster from the [**Clusters** page]({% link cockroachcloud/cluster-management.md %}#view-clusters-page), and click **SQL Activity** in the **Monitoring** section of the left side navigation. Select the **Sessions** tab.
 
 {% include common/ui/sessions-page.md %}
diff --git a/src/current/cockroachcloud/statements-page.md b/src/current/cockroachcloud/statements-page.md
index 1d894dbba2e..7192105ce4b 100644
--- a/src/current/cockroachcloud/statements-page.md
+++ b/src/current/cockroachcloud/statements-page.md
@@ -8,6 +8,8 @@ docs_area: manage
 
 {% capture version_prefix %}{{site.current_cloud_version}}/{% endcapture %}
 
+Viewing the Statements page requires the [Cluster Monitor]({% link cockroachcloud/authorization.md %}#cluster-monitor), [Cluster Operator]({% link cockroachcloud/authorization.md %}#cluster-operator), or [Cluster Admin]({% link cockroachcloud/authorization.md %}#cluster-admin) role.
+
 {% include {{version_prefix}}ui/statements-views.md %}
 
 {% include {{version_prefix}}ui/statements-filter.md %}
@@ -22,4 +24,4 @@ docs_area: manage
 
 {% include {{version_prefix}}ui/statement-details.md %}
 
-{% include {{version_prefix}}ui/active-statement-executions.md %}
\ No newline at end of file
+{% include {{version_prefix}}ui/active-statement-executions.md %}
diff --git a/src/current/cockroachcloud/transactions-page.md b/src/current/cockroachcloud/transactions-page.md
index ce8bae63bcc..6c13cbbdabc 100644
--- a/src/current/cockroachcloud/transactions-page.md
+++ b/src/current/cockroachcloud/transactions-page.md
@@ -8,6 +8,8 @@ docs_area: manage
 
 {% capture version_prefix %}{{site.current_cloud_version}}/{% endcapture %}
 
+Viewing the Transactions page requires the [Cluster Monitor]({% link cockroachcloud/authorization.md %}#cluster-monitor), [Cluster Operator]({% link cockroachcloud/authorization.md %}#cluster-operator), or [Cluster Admin]({% link cockroachcloud/authorization.md %}#cluster-admin) role.
+
 {% include {{version_prefix}}ui/transactions-views.md %}
 
 {% include {{version_prefix}}ui/transactions-filter.md %}
@@ -22,4 +24,4 @@ docs_area: manage
 
 {% include {{version_prefix}}ui/transaction-details.md %}
 
-{% include {{version_prefix}}ui/active-transaction-executions.md %}
\ No newline at end of file
+{% include {{version_prefix}}ui/active-transaction-executions.md %}

From 34f72b1fd54f5a589082b52b6060e9dc7fbee07a Mon Sep 17 00:00:00 2001
From: Florence Morris <florence@cockroachlabs.com>
Date: Thu, 11 Sep 2025 17:20:17 -0400
Subject: [PATCH 2/5] In cloud-roles-table.md, added columns for Cluster
 Monitor and Metrics Viewer.

---
 .../org-roles/cloud-roles-table.md            | 72 +++++++++----------
 1 file changed, 36 insertions(+), 36 deletions(-)

diff --git a/src/current/_includes/cockroachcloud/org-roles/cloud-roles-table.md b/src/current/_includes/cockroachcloud/org-roles/cloud-roles-table.md
index 4128cb28eff..ebc1144d5f6 100644
--- a/src/current/_includes/cockroachcloud/org-roles/cloud-roles-table.md
+++ b/src/current/_includes/cockroachcloud/org-roles/cloud-roles-table.md
@@ -2,44 +2,44 @@ The following table describes the high level permissions given by each Cockroach
 
 <div class="roles-table" markdown="1">
 
-|  | Org. Member | Org. Admin | Billing Coord. | Cluster Creator | Cluster Operator | Cluster Admin | Cluster Developer | Folder Admin | Folder Mover |
-|---|-------------|-------------|------------------|------------------|-------------------|----------------|--------------------|----------------|----------------|
+|  | Org. Member | Org. Admin | Billing Coord. | Cluster Creator | Cluster Operator | Cluster Admin | Cluster Developer | Cluster Monitor | Metrics Viewer | Folder Admin | Folder Mover |
+|---|-------------|-------------|------------------|------------------|-------------------|----------------|--------------------|------------------|----------------|----------------|----------------|
 | **User/Access Management** |  |  |  |  |  |  |  |  |  |
-| Assign and revoke roles | — | ✓ | — | — | — | ✓ | — | — | — |
-| Assign {{ site.data.products.cloud }} user and service account roles | — | — | — | — | — | ✓ | — | — | — |
-| Manage SQL users | — | — | — | — | — | ✓ | — | — | — |
-| Manage {{ site.data.products.cloud }} users and service accounts | — | ✓ | — | — | — | ✓ | — | — | — |
-| Apply roles at the [folder]({% link cockroachcloud/folders.md %}) scope | — | — | — | — | — | — | — | ✓ | — |
+| Assign and revoke roles | — | ✓ | — | — | — | ✓ | — | — | — | — | — |
+| Assign {{ site.data.products.cloud }} user and service account roles | — | — | — | — | — | ✓ | — | — | — | — | — |
+| Manage SQL users | — | — | — | — | — | ✓ | — | — | — | — | — |
+| Manage {{ site.data.products.cloud }} users and service accounts | — | ✓ | — | — | — | ✓ | — | — | — | — | — |
+| Apply roles at the [folder]({% link cockroachcloud/folders.md %}) scope | — | — | — | — | — | — | — | — | — | ✓ | — |
 | **Cluster & Infrastructure** |  |  |  |  |  |  |  |  |  |
-| Create cluster or [private cluster]({% link cockroachcloud/private-clusters.md %}) | — | — | — | ✓ | — | — | — | — | — |
-| Create / edit / delete cluster | — | — | — | — | — | ✓ | — | — | — |
-| Edit / delete clusters created by this user | — | — | — | ✓ | — | — | — | — | — |
-| Create / delete / manage [folders]({% link cockroachcloud/folders.md %}) | — | — | — | — | — | — | — | ✓ | — |
-| Move cluster between [folders]({% link cockroachcloud/folders.md %}) | — | — | — | — | — | — | — | — | ✓ |
-| Scale nodes | — | — | — | — | ✓ | ✓ | — | — | — |
-| Upgrade CockroachDB | — | — | — | — | ✓ | ✓ | — | — | — |
-| Configure [maintenance windows]({% link cockroachcloud/advanced-cluster-management.md %}#set-a-maintenance-window) | — | — | — | — | ✓ | ✓ | — | — | — |
-| Use the [{{ site.data.products.cloud }} Terraform provider]({% link cockroachcloud/provision-a-cluster-with-terraform.md %}) | — | — | — | ✓ | — | ✓ | — | — | — |
+| Create cluster or [private cluster]({% link cockroachcloud/private-clusters.md %}) | — | — | — | ✓ | — | — | — | — | — | — | — |
+| Create / edit / delete cluster | — | — | — | — | — | ✓ | — | — | — | — | — |
+| Edit / delete clusters created by this user | — | — | — | ✓ | — | — | — | — | — | — | — |
+| Create / delete / manage [folders]({% link cockroachcloud/folders.md %}) | — | — | — | — | — | — | — | — | — | ✓ | — |
+| Move cluster between [folders]({% link cockroachcloud/folders.md %}) | — | — | — | — | — | — | — | — | — | — | ✓ |
+| Scale nodes | — | — | — | — | ✓ | ✓ | — | — | — | — | — |
+| Upgrade CockroachDB | — | — | — | — | ✓ | ✓ | — | — | — | — | — |
+| Configure [maintenance windows]({% link cockroachcloud/advanced-cluster-management.md %}#set-a-maintenance-window) | — | — | — | — | ✓ | ✓ | — | — | — | — | — |
+| Use the [{{ site.data.products.cloud }} Terraform provider]({% link cockroachcloud/provision-a-cluster-with-terraform.md %}) | — | — | — | ✓ | — | ✓ | — | — | — | — | — |
 | **Monitoring & Observability** |  |  |  |  |  |  |  |  |  |
-| View cluster details | — | — | — | — | — | — | ✓ | — | — |
-| View [audit logs]({% link cockroachcloud/cloud-org-audit-logs.md %}) | — | — | — | — | ✓ | — | — | — | — |
-| View [insights]({% link cockroachcloud/insights-page.md %}) | — | — | — | — | ✓ | ✓ | — | — | — |
-| View [jobs]({% link cockroachcloud/jobs-page.md %}) | — | — | — | — | ✓ | — | — | — | — |
-| View [metrics]({% link cockroachcloud/metrics.md %}) | — | — | — | — | ✓ | ✓ | — | — | — |
-| Send [test alerts]({% link cockroachcloud/alerts-page.md %}#send-a-test-alert) | — | — | — | — | ✓ | — | — | — | — |
-| Access [DB console]({% link cockroachcloud/network-authorization.md %}#db-console) | — | — | — | — | ✓ | ✓ | ✓ | — | — |
+| View cluster details | — | — | — | — | — | — | ✓ | — | — | — | — |
+| View [audit logs]({% link cockroachcloud/cloud-org-audit-logs.md %}) | — | — | — | — | ✓ | ✓ | — | — | — | — | — |
+| View [insights]({% link cockroachcloud/insights-page.md %}) | — | — | — | — | ✓ | ✓ | — | ✓ | — | — | — |
+| View [jobs]({% link cockroachcloud/jobs-page.md %}) | — | — | — | — | ✓ | ✓ | — | ✓ | — | — | — |
+| View [metrics]({% link cockroachcloud/metrics.md %}) | — | — | — | — | ✓ | ✓ | — | — | ✓ | — | — |
+| Send [test alerts]({% link cockroachcloud/alerts-page.md %}#send-a-test-alert) | — | — | — | — | ✓ | ✓ | — | — | — | — | — |
+| Access [DB console]({% link cockroachcloud/network-authorization.md %}#db-console) | — | — | — | — | ✓ | ✓ | ✓ | — | — | — | — |
 | **Security** |  |  |  |  |  |  |  |  |  |
-| Configure [cluster SSO]({% link cockroachcloud/cloud-sso-sql.md %}) | — | — | — | — | ✓ | ✓ | — | — | — |
-| Manage [egress perimeter controls]({% link cockroachcloud/egress-perimeter-controls.md %}) | — | — | — | — | — | ✓ | — | — | — |
-| Manage [network authorization]({% link cockroachcloud/network-authorization.md %}) | — | — | — | — | ✓ | ✓ | — | — | — |
-| View PCI status | — | — | — | — | ✓ | ✓ | — | — | — |
+| Configure [cluster SSO]({% link cockroachcloud/cloud-sso-sql.md %}) | — | — | — | — | ✓ | ✓ | — | — | — | — | — |
+| Manage [egress perimeter controls]({% link cockroachcloud/egress-perimeter-controls.md %}) | — | — | — | — | — | ✓ | — | — | — | — | — |
+| Manage [network authorization]({% link cockroachcloud/network-authorization.md %}) | — | — | — | — | ✓ | ✓ | — | — | — | — | — |
+| View PCI status | — | — | — | — | ✓ | ✓ | — | — | — | — | — |
 | **Database & Data** |  |  |  |  |  |  |  |  |  |
-| Manage databases | — | — | — | — | ✓ | ✓ | — | — | — |
-| View / restore [backups]({% link cockroachcloud/backup-and-restore-overview.md %}) | — | — | — | — | ✓ | ✓ | — | — | — |
+| Manage databases | — | — | — | — | ✓ | ✓ | — | — | — | — | — |
+| View / restore [backups]({% link cockroachcloud/backup-and-restore-overview.md %}) | — | — | — | — | ✓ | ✓ | — | — | — | — | — |
 | **Billing & Licensing** |  |  |  |  |  |  |  |  |  |
-| Manage [billing]({% link cockroachcloud/billing-management.md %}) | — | — | ✓ | — | — | — | — | — | — |
-| Manage [email alerts]({% link cockroachcloud/alerts-page.md %}#configure-alerts) | — | ✓ | — | — | — | — | — | — | — |
-| Manage CockroachDB [Self-Hosted cluster licenses]({% link {{ site.current_cloud_version }}/licensing-faqs.md %}#obtain-a-license) | — | ✓ | — | — | — | — | — | — | — |
+| Manage [billing]({% link cockroachcloud/billing-management.md %}) | — | — | ✓ | — | — | — | — | — | — | — | — |
+| Manage [email alerts]({% link cockroachcloud/alerts-page.md %}#configure-alerts) | — | ✓ | — | — | — | — | — | — | — | — | — |
+| Manage CockroachDB [Self-Hosted cluster licenses]({% link {{ site.current_cloud_version }}/licensing-faqs.md %}#obtain-a-license) | — | ✓ | — | — | — | — | — | — | — | — | — |
 
 </div>
 
@@ -47,8 +47,8 @@ Some roles can be assigned to users at specific levels of scope to provide more
 
 | **Scope level** | **Description** | **Applicable roles** |
 |---|---|---|
-| `Organization` | Applies to the entire CockroachDB {{ site.data.products.cloud }} organization, including all clusters and folders | `Cluster Operator`, `Cluster Admin`, `Cluster Creator`, `Cluster Developer`, `Billing Coordinator`, `Organization Admin`, `Folder Admin`, `Folder Mover` |
-| `Folder` | Applies to clusters within a specific [folder]({% link cockroachcloud/folders.md %}). Only available as a selectable scope if folders have been created within the organization by a user with the `Folder Admin` role | `Cluster Operator`, `Cluster Admin`, `Cluster Creator`, `Cluster Developer`, `Folder Admin`, `Folder Mover` |
-| `Cluster` | Applies to a specific cluster | `Cluster Operator`, `Cluster Admin`, `Cluster Developer` |
+| `Organization` | Applies to the entire CockroachDB {{ site.data.products.cloud }} organization, including all clusters and folders | `Cluster Operator`, `Cluster Admin`, `Cluster Creator`, `Cluster Developer`, `Cluster Monitor`, `Metrics Viewer`, `Billing Coordinator`, `Organization Admin`, `Folder Admin`, `Folder Mover` |
+| `Folder` | Applies to clusters within a specific [folder]({% link cockroachcloud/folders.md %}). Only available as a selectable scope if folders have been created within the organization by a user with the `Folder Admin` role | `Cluster Operator`, `Cluster Admin`, `Cluster Creator`, `Cluster Developer`, `Cluster Monitor`, `Metrics Viewer`, `Folder Admin`, `Folder Mover` |
+| `Cluster` | Applies to a specific cluster | `Cluster Operator`, `Cluster Admin`, `Cluster Developer`, `Cluster Monitor`, `Metrics Viewer` |
 
-{% if page.name != 'authorization.md' %}For more information on these roles and the specific permissions given, see [Organization user roles]({% link cockroachcloud/authorization.md %}#organization-member).{% endif %}
\ No newline at end of file
+{% if page.name != 'authorization.md' %}For more information on these roles and the specific permissions given, see [Organization user roles]({% link cockroachcloud/authorization.md %}#organization-member).{% endif %}

From bfc946aa4448fc4b244cef601fef6b1c1d4921f5 Mon Sep 17 00:00:00 2001
From: Florence Morris <florence@cockroachlabs.com>
Date: Fri, 12 Sep 2025 13:00:30 -0400
Subject: [PATCH 3/5] In cloud-roles-table.md, added row for View sql activity
 and links in column headers.

---
 .../_includes/cockroachcloud/org-roles/cloud-roles-table.md    | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/current/_includes/cockroachcloud/org-roles/cloud-roles-table.md b/src/current/_includes/cockroachcloud/org-roles/cloud-roles-table.md
index ebc1144d5f6..b453ddbedc7 100644
--- a/src/current/_includes/cockroachcloud/org-roles/cloud-roles-table.md
+++ b/src/current/_includes/cockroachcloud/org-roles/cloud-roles-table.md
@@ -2,7 +2,7 @@ The following table describes the high level permissions given by each Cockroach
 
 <div class="roles-table" markdown="1">
 
-|  | Org. Member | Org. Admin | Billing Coord. | Cluster Creator | Cluster Operator | Cluster Admin | Cluster Developer | Cluster Monitor | Metrics Viewer | Folder Admin | Folder Mover |
+|  | [Org. Member](#organization-member) | [Org. Admin](#organization-admin) | [Billing Coord.](#billing-coordinator) | [Cluster Creator](#cluster-creator) | [Cluster Operator](#cluster-operator) | [Cluster Admin](#cluster-admin) | [Cluster Developer](#cluster-developer) | [Cluster Monitor](#cluster-monitor) | [Metrics Viewer](#metrics-viewer) | [Folder Admin](#folder-admin) | [Folder Mover](#folder-mover) |
 |---|-------------|-------------|------------------|------------------|-------------------|----------------|--------------------|------------------|----------------|----------------|----------------|
 | **User/Access Management** |  |  |  |  |  |  |  |  |  |
 | Assign and revoke roles | — | ✓ | — | — | — | ✓ | — | — | — | — | — |
@@ -25,6 +25,7 @@ The following table describes the high level permissions given by each Cockroach
 | View [audit logs]({% link cockroachcloud/cloud-org-audit-logs.md %}) | — | — | — | — | ✓ | ✓ | — | — | — | — | — |
 | View [insights]({% link cockroachcloud/insights-page.md %}) | — | — | — | — | ✓ | ✓ | — | ✓ | — | — | — |
 | View [jobs]({% link cockroachcloud/jobs-page.md %}) | — | — | — | — | ✓ | ✓ | — | ✓ | — | — | — |
+| View [sql activity]({% link cockroachcloud/statements-page.md %}) | — | — | — | — | ✓ | ✓ | — | ✓ | — | — | — |
 | View [metrics]({% link cockroachcloud/metrics.md %}) | — | — | — | — | ✓ | ✓ | — | — | ✓ | — | — |
 | Send [test alerts]({% link cockroachcloud/alerts-page.md %}#send-a-test-alert) | — | — | — | — | ✓ | ✓ | — | — | — | — | — |
 | Access [DB console]({% link cockroachcloud/network-authorization.md %}#db-console) | — | — | — | — | ✓ | ✓ | ✓ | — | — | — | — |

From 5a1cc531b44f303fff257258be588a668b121980 Mon Sep 17 00:00:00 2001
From: Florence Morris <florence@cockroachlabs.com>
Date: Fri, 12 Sep 2025 14:37:19 -0400
Subject: [PATCH 4/5] In cloud-roles-table.md, qualified links in column
 headers for manage-access.md.

---
 .../_includes/cockroachcloud/org-roles/cloud-roles-table.md     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/current/_includes/cockroachcloud/org-roles/cloud-roles-table.md b/src/current/_includes/cockroachcloud/org-roles/cloud-roles-table.md
index b453ddbedc7..1299f3eb4ff 100644
--- a/src/current/_includes/cockroachcloud/org-roles/cloud-roles-table.md
+++ b/src/current/_includes/cockroachcloud/org-roles/cloud-roles-table.md
@@ -2,7 +2,7 @@ The following table describes the high level permissions given by each Cockroach
 
 <div class="roles-table" markdown="1">
 
-|  | [Org. Member](#organization-member) | [Org. Admin](#organization-admin) | [Billing Coord.](#billing-coordinator) | [Cluster Creator](#cluster-creator) | [Cluster Operator](#cluster-operator) | [Cluster Admin](#cluster-admin) | [Cluster Developer](#cluster-developer) | [Cluster Monitor](#cluster-monitor) | [Metrics Viewer](#metrics-viewer) | [Folder Admin](#folder-admin) | [Folder Mover](#folder-mover) |
+|  | [Org. Member]({% link cockroachcloud/authorization.md %}#organization-member) | [Org. Admin]({% link cockroachcloud/authorization.md %}#organization-admin) | [Billing Coord.]({% link cockroachcloud/authorization.md %}#billing-coordinator) | [Cluster Creator]({% link cockroachcloud/authorization.md %}#cluster-creator) | [Cluster Operator]({% link cockroachcloud/authorization.md %}#cluster-operator) | [Cluster Admin]({% link cockroachcloud/authorization.md %}#cluster-admin) | [Cluster Developer]({% link cockroachcloud/authorization.md %}#cluster-developer) | [Cluster Monitor]({% link cockroachcloud/authorization.md %}#cluster-monitor) | [Metrics Viewer]({% link cockroachcloud/authorization.md %}#metrics-viewer) | [Folder Admin]({% link cockroachcloud/authorization.md %}#folder-admin) | [Folder Mover]({% link cockroachcloud/authorization.md %}#folder-mover) |
 |---|-------------|-------------|------------------|------------------|-------------------|----------------|--------------------|------------------|----------------|----------------|----------------|
 | **User/Access Management** |  |  |  |  |  |  |  |  |  |
 | Assign and revoke roles | — | ✓ | — | — | — | ✓ | — | — | — | — | — |

From eceab60045ad1417f34f6522fa3f7f71a6165e47 Mon Sep 17 00:00:00 2001
From: Florence Morris <florence@cockroachlabs.com>
Date: Mon, 15 Sep 2025 13:16:14 -0400
Subject: [PATCH 5/5] =?UTF-8?q?In=20cloud-roles-table.md=20and=20authoriza?=
 =?UTF-8?q?tion.md,=20incorporated=20Biplav=20and=20Joe=E2=80=99s=20feedba?=
 =?UTF-8?q?ck=20to=20add=20note=20about=20limited=20access.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

In cockroachdb-feature-availability, added section under limited access for Metrics Viewer and Cluster Monitor roles.
---
 .../cockroachcloud/org-roles/cloud-roles-table.md         | 3 ++-
 src/current/cockroachcloud/authorization.md               | 8 ++++++++
 src/current/v25.3/cockroachdb-feature-availability.md     | 4 ++++
 src/current/v25.4/cockroachdb-feature-availability.md     | 4 ++++
 4 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/src/current/_includes/cockroachcloud/org-roles/cloud-roles-table.md b/src/current/_includes/cockroachcloud/org-roles/cloud-roles-table.md
index 1299f3eb4ff..6a81e219f22 100644
--- a/src/current/_includes/cockroachcloud/org-roles/cloud-roles-table.md
+++ b/src/current/_includes/cockroachcloud/org-roles/cloud-roles-table.md
@@ -2,7 +2,7 @@ The following table describes the high level permissions given by each Cockroach
 
 <div class="roles-table" markdown="1">
 
-|  | [Org. Member]({% link cockroachcloud/authorization.md %}#organization-member) | [Org. Admin]({% link cockroachcloud/authorization.md %}#organization-admin) | [Billing Coord.]({% link cockroachcloud/authorization.md %}#billing-coordinator) | [Cluster Creator]({% link cockroachcloud/authorization.md %}#cluster-creator) | [Cluster Operator]({% link cockroachcloud/authorization.md %}#cluster-operator) | [Cluster Admin]({% link cockroachcloud/authorization.md %}#cluster-admin) | [Cluster Developer]({% link cockroachcloud/authorization.md %}#cluster-developer) | [Cluster Monitor]({% link cockroachcloud/authorization.md %}#cluster-monitor) | [Metrics Viewer]({% link cockroachcloud/authorization.md %}#metrics-viewer) | [Folder Admin]({% link cockroachcloud/authorization.md %}#folder-admin) | [Folder Mover]({% link cockroachcloud/authorization.md %}#folder-mover) |
+|  | [Org. Member]({% link cockroachcloud/authorization.md %}#organization-member) | [Org. Admin]({% link cockroachcloud/authorization.md %}#organization-admin) | [Billing Coord.]({% link cockroachcloud/authorization.md %}#billing-coordinator) | [Cluster Creator]({% link cockroachcloud/authorization.md %}#cluster-creator) | [Cluster Operator]({% link cockroachcloud/authorization.md %}#cluster-operator) | [Cluster Admin]({% link cockroachcloud/authorization.md %}#cluster-admin) | [Cluster Developer]({% link cockroachcloud/authorization.md %}#cluster-developer) | [Cluster Monitor]({% link cockroachcloud/authorization.md %}#cluster-monitor)<sup id="fnref1"><a href="#fn1">1</a></sup> | [Metrics Viewer]({% link cockroachcloud/authorization.md %}#metrics-viewer)<sup id="fnref1"><a href="#fn1">1</a></sup> | [Folder Admin]({% link cockroachcloud/authorization.md %}#folder-admin) | [Folder Mover]({% link cockroachcloud/authorization.md %}#folder-mover) |
 |---|-------------|-------------|------------------|------------------|-------------------|----------------|--------------------|------------------|----------------|----------------|----------------|
 | **User/Access Management** |  |  |  |  |  |  |  |  |  |
 | Assign and revoke roles | — | ✓ | — | — | — | ✓ | — | — | — | — | — |
@@ -43,6 +43,7 @@ The following table describes the high level permissions given by each Cockroach
 | Manage CockroachDB [Self-Hosted cluster licenses]({% link {{ site.current_cloud_version }}/licensing-faqs.md %}#obtain-a-license) | — | ✓ | — | — | — | — | — | — | — | — | — |
 
 </div>
+<a id="fn1"><sup>1</sup></a>**This feature is in [limited access]({% link {{ site.current_cloud_version }}/cockroachdb-feature-availability.md %})** and is only available to enrolled organizations. To enroll your organization, contact your Cockroach Labs account team. This feature is subject to change.
 
 Some roles can be assigned to users at specific levels of scope to provide more granular permission control:
 
diff --git a/src/current/cockroachcloud/authorization.md b/src/current/cockroachcloud/authorization.md
index befe7c2b2ec..8f6c4534c1a 100644
--- a/src/current/cockroachcloud/authorization.md
+++ b/src/current/cockroachcloud/authorization.md
@@ -138,12 +138,20 @@ This role can be assigned at the scope of the organization, on an individual clu
 
 ### Cluster Monitor
 
+{{site.data.alerts.callout_info}}
+{% include feature-phases/limited-access.md %}
+{{site.data.alerts.end}}
+
 The **Cluster Monitor** role provides read‑only visibility into SQL activity and workload health without broader administrative privileges. Users with this role can view the SQL Activity pages ([Sessions]({% link cockroachcloud/sessions-page.md %}), [Statements]({% link cockroachcloud/statements-page.md %}), and [Transactions]({% link cockroachcloud/transactions-page.md %})), the [Jobs page]({% link cockroachcloud/jobs-page.md %}), and the [Insights page]({% link cockroachcloud/insights-page.md %}).
 
 This role can be assigned at the scope of the organization, on an individual cluster, or on a folder. If assigned to a folder, it is inherited on the folder's clusters, descendent folders, and their descendants.
 
 ### Metrics Viewer
 
+{{site.data.alerts.callout_info}}
+{% include feature-phases/limited-access.md %}
+{{site.data.alerts.end}}
+
 The **Metrics Viewer** role grants read‑only access to observability metrics for a cluster without any administrative or data‑manipulation privileges.
 
 - Users with this role can view a cluster's Metrics from the [Metrics page]({% link cockroachcloud/metrics.md %}#cockroachdb-cloud-console-metrics-page).
diff --git a/src/current/v25.3/cockroachdb-feature-availability.md b/src/current/v25.3/cockroachdb-feature-availability.md
index bb7ff32d30b..ac6d7bea6b4 100644
--- a/src/current/v25.3/cockroachdb-feature-availability.md
+++ b/src/current/v25.3/cockroachdb-feature-availability.md
@@ -31,6 +31,10 @@ Any feature made available in a phase prior to GA is provided without any warran
 **The following features are in limited access** and are subject to change. To begin validating a limited access feature and share feedback and/or issues, contact [Support](https://support.cockroachlabs.com/hc).
 {{site.data.alerts.end}}
 
+### Metrics Viewer and Cluster Monitor CockroachDB Cloud user roles
+
+The [Metrics Viewer]({% link cockroachcloud/authorization.md %}#metrics-viewer) role grants read‑only access to observability metrics for a cluster without any administrative or data‑manipulation privileges. The [Cluster Monitor]({% link cockroachcloud/authorization.md %}#cluster-monitor) role provides read‑only visibility into SQL activity and workload health without broader administrative privileges. 
+
 ### Export logs to Azure Monitor
 
 [Exporting logs to Azure Monitor]({% link cockroachcloud/export-logs-advanced.md %}?filters=azure-monitor-log-export) from your CockroachDB {{ site.data.products.advanced }} cluster hosted on Azure is in limited access. Once the export is configured, logs will flow from all nodes in all regions of your CockroachDB {{ site.data.products.advanced }} cluster to Azure Monitor. To express interest and try it out, contact [Support](https://support.cockroachlabs.com/hc).
diff --git a/src/current/v25.4/cockroachdb-feature-availability.md b/src/current/v25.4/cockroachdb-feature-availability.md
index bb7ff32d30b..ac6d7bea6b4 100644
--- a/src/current/v25.4/cockroachdb-feature-availability.md
+++ b/src/current/v25.4/cockroachdb-feature-availability.md
@@ -31,6 +31,10 @@ Any feature made available in a phase prior to GA is provided without any warran
 **The following features are in limited access** and are subject to change. To begin validating a limited access feature and share feedback and/or issues, contact [Support](https://support.cockroachlabs.com/hc).
 {{site.data.alerts.end}}
 
+### Metrics Viewer and Cluster Monitor CockroachDB Cloud user roles
+
+The [Metrics Viewer]({% link cockroachcloud/authorization.md %}#metrics-viewer) role grants read‑only access to observability metrics for a cluster without any administrative or data‑manipulation privileges. The [Cluster Monitor]({% link cockroachcloud/authorization.md %}#cluster-monitor) role provides read‑only visibility into SQL activity and workload health without broader administrative privileges. 
+
 ### Export logs to Azure Monitor
 
 [Exporting logs to Azure Monitor]({% link cockroachcloud/export-logs-advanced.md %}?filters=azure-monitor-log-export) from your CockroachDB {{ site.data.products.advanced }} cluster hosted on Azure is in limited access. Once the export is configured, logs will flow from all nodes in all regions of your CockroachDB {{ site.data.products.advanced }} cluster to Azure Monitor. To express interest and try it out, contact [Support](https://support.cockroachlabs.com/hc).