Adding callout for permissions requirements

docs/cloud/guides/security/01_cloud_access_management/03_manage-custom-roles.md

@@ -57,6 +57,10 @@
 Ensure users who will log into the console have a minimum of Organization > Access organization permissions.
 :::
 
+:::note[Data Sources tab access]
+To access the **Data Sources** tab, the role currently requires the `Manage and Delete Selected Services` permission.
+:::
+
 <Image img={step_5} size="md"/>
 
 ### Review your new role {#review-role}

docs/cloud/guides/security/05_audit_logging/03_byoc-security-playbook.md

@@ -27,7 +27,7 @@ FROM clusterAllReplicas('default',system.crash_log)
 
 ClickHouse utilizes pre-created roles to enable system functions. This section assumes the customer is using AWS with CloudTrail and has access to the CloudTrail logs.
 
-If an incident may be the result of a compromised role, review activities in CloudTrail and CloudWatch related to the ClickHouse IAM roles and actions. Refer to the [CloudFormation](/cloud/reference/byoc/reference/privilege#cloudformation-iam-roles) stack or Terraform module provided as part of setup for a list of IAM roles.
+If an incident may be the result of a compromised role, review activities in CloudTrail and CloudWatch related to the ClickHouse IAM roles and actions. Refer to the [CloudFormation](/cloud/reference/byoc/reference/privilege#aws-iam-roles) stack or Terraform module provided as part of setup for a list of IAM roles.
 
 ## Unauthorized access to EKS cluster {#unauthorized-access-eks-cluster}
 

docs/cloud/reference/09_security/01_console-roles.md

@@ -76,7 +76,7 @@
 | control-plane:service:view-private-endpoints | View private endpoint configuration for a service. |
 | control-plane:service:manage-private-endpoints | Create and manage private endpoints and private networking. |
 | **ClickPipes** ([more info](/integrations/clickpipes)) | ClickPipes integration |
-| control-plane:service:manage-clickpipes | Manage ClickPipes integration and related settings. |
+| control-plane:service:manage-clickpipes | Manage ClickPipes integration and related settings. Accessing the **Data Sources** tab currently requires `control-plane:service:manage` ("Manage and Delete Selected Services"). |
 | **Scaling** ([more info](/manage/scaling)) | Scaling and autoscaling configuration |
 | control-plane:service:view-scaling-config | View scaling configuration and autoscaling settings for a service. |
 | control-plane:service:manage-scaling-config | Modify scaling configuration and trigger scaling operations. |