diff --git a/docs/platform/concepts/permissions.md b/docs/platform/concepts/permissions.md
index 7b3d81f5..8eb57606 100644
--- a/docs/platform/concepts/permissions.md
+++ b/docs/platform/concepts/permissions.md
@@ -30,6 +30,8 @@ You can grant the following roles for projects to principals.
| Developer | `developer` | - Create databases.
- View service connection information.
- Remove Aiven for OpenSearch® indexes.
- Create and change Aiven for Apache Kafka® topics.
- Create and change Aiven for PostgreSQL® connection pools.
- Create and change service database users.
|
| Operator | `operator` | - View project audit log.
- View project permissions.
- Full access to all services in the project and their configuration.
|
| Read only | `read_only` | - View all services and their configuration.
|
+| Maintain services | `role:services:maintenance` | - Perform service maintenance updates.
- Change maintenance windows.
- Upgrade service versions.
|
+| Recover services | `role:services:recover` | - Add and remove dynamic disk sizing and tiered storage.
- Change service plans.
- Fork services.
- Promote read replicas.
|
Project admin do not have access to organization settings such as billing unless
they are also a [super admin](/docs/platform/howto/make-super-admin).
@@ -53,5 +55,9 @@ permission apply to the project and all services within it.
| Manage project networking | `project:networking:write` | - Add, edit, and remove project VPCs.
|
| View project permissions | `project:permissions:read` | - View all users granted permissions to a project.
|
| View services | `project:services:read` | - View all details for services in a project, except the service logs.
|
+| Manage services | `project:services:write` | - Create and delete services.
- Power on and off services.
- Add and remove dynamic disk sizing and tiered storage.
- Change service plans.
- Change cloud regions.
- Fork services.
|
| Manage service configuration | `service:configuration:write` | - Change clouds and regions.
- Change deployment models.
- Update IP allowlists.
- Change the network configuration options.
- Add and remove service tags.
- Enable and disable termination protection.
- Configure backup settings.
- Add and remove service contacts.
|
+| Access data | `service:data:write` | - Perform service queries through the API and Console.
- View query statistics and current queries.
- Manage service-specific features like Kafka Topics and Schemas, PostgreSQL and AlloyDB Omni connection pools, and OpenSearch indexes.
|
| View service logs | `service:logs:read` | - View logs for all services in the project.
**Service logs may contain sensitive information.** |
+| View configuration secrets | `service:secrets:read` | - Read service configuration secrets such as keys.
|
+| Manage service users | `service:users:write` | - Create and delete service users.
- View and update connection information for services.
|
diff --git a/docs/platform/reference/project-member-privileges.md b/docs/platform/reference/project-member-privileges.md
deleted file mode 100644
index 009292a6..00000000
--- a/docs/platform/reference/project-member-privileges.md
+++ /dev/null
@@ -1,36 +0,0 @@
----
-title: Project roles and permissions
-sidebar_label: Project member roles
----
-
-When you add users to a project individually or as part of a [group](/docs/platform/howto/manage-groups) you also assign them a role for that project.
-
-| Role | View services | Create services | Manage services | Connect | Power services on/off | Edit permissions |
-| ----------------- | ------------- | --------------- | --------------- | ------- | --------------------- | ---------------------- |
-| **Administrator** | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
-| **Operator** | ✅ | ✅ | ✅ | ✅ | ✅ | |
-| **Developer** | ✅ | | ✅ | ✅ | | |
-| **Read Only** | ✅ | | | | | |
-
-- **Admin**: Full access to the project and its services.
- - Every project has at least one admin user. This role is automatically granted to
- users who create a project.
- - Does not have access to organization settings such as billing unless they are also
- a [super admin](/docs/platform/howto/make-super-admin).
- - Can add users and groups to the project.
- - Can remove users and groups from the project.
-
-- **Operator**: Full access to all services in the project.
- - Can create new services.
- - Cannot make changes to the users, groups, or permissions for a project.
-- **Developer**: Allowed to manage services in this project.
- - Can make changes to services and databases, for example:
- creating databases, connecting to databases, removing Aiven for
- OpenSearch® indexes, creating and modifying Aiven for Apache
- Kafka® topics, and creating and modifying Aiven for PostgreSQL®
- connection pools.
- - Can create and change service database users.
- - Cannot make changes to the project users, groups, or permissions.
- - Cannot make changes that affect billing, such as powering services on or off.
-- **Read-only**: Only allowed to view services.
- - Cannot make any changes to the project or its services.
diff --git a/static/_redirects b/static/_redirects
index bee695cd..6e22ddd8 100644
--- a/static/_redirects
+++ b/static/_redirects
@@ -77,6 +77,7 @@
/platform/howto/update-tax-status https://aiven.io/docs/platform/concepts/tax-information
/platform/ip-addresses https://aiven.io/docs/platform/reference/service-ip-address
/platform/privatelink https://aiven.io/docs/platform/howto/use-aws-privatelinks
+/platform/reference/project-member-privileges https://aiven.io/docs/platform/concepts/permissions
/platform/vpc https://aiven.io/docs/platform/howto/manage-vpc-peering
/products/caching/concepts https://aiven.io/docs/docs/products/caching/concepts/high-availability-redis
/products/caching/concepts/overview https://aiven.io/docs/products/caching