diff --git a/src/content/docs/cloudflare-one/roles-permissions.mdx b/src/content/docs/cloudflare-one/roles-permissions.mdx
index df346f7d7afb124..f21e28baea73f20 100644
--- a/src/content/docs/cloudflare-one/roles-permissions.mdx
+++ b/src/content/docs/cloudflare-one/roles-permissions.mdx
@@ -46,10 +46,11 @@ For more information on Email Security roles, refer to [Account-scoped roles](/f
 
 - **Cloudflare Zero Trust**: Super Admin access for all Zero Trust products, Email Security included.
 - **Cloudflare Zero Trust PII**: Can read PII in Zero Trust. This includes Email Security.
-- **Email Security Analyst** and **Email Security Config Admin**: Has full access to all admin features in Email Security.
+- **Email Security Analyst**: Has access to all Email Security features, except for SaaS Integrations (in Settings, the gear icon), Directories, and Outbound DLP.
+- **Email Security Config Admin**: Has full access to all features in Email Security, except for SaaS Integrations (in Settings, the gear icon), Reclassifications and Investigation.
 - **Email Security Integration Admin**: Can read and set up integrations only.
 - **Email Security Config Admin**: Has administrator access. Cannot take actions on emails, or read emails.
 - **Email Security Analyst**: Has analyst access. Can take action on emails and read emails.
 - **Email Security Reporting**: Can read metrics.
 - **Email Security Read Only**: Can read all information, but cannot take action on anything.
-- **Email Security Policy Admin**: Can read all settings, but only write allow policies, trusted domains, and blocked senders.
+- **Email Security Policy Admin**: Can read all settings, but only write allow policies, trusted domains, and blocked senders.
\ No newline at end of file