diff --git a/deploy-manage/api-keys/serverless-project-api-keys.md b/deploy-manage/api-keys/serverless-project-api-keys.md
index 8dffcada24..9cced38437 100644
--- a/deploy-manage/api-keys/serverless-project-api-keys.md
+++ b/deploy-manage/api-keys/serverless-project-api-keys.md
@@ -79,7 +79,7 @@ For the `role_descriptors` object schema, check out the [`/_security/api_key` en
 
 ## Update an API key [api-keys-update-an-api-key]
 
-In **API keys**, click on the name of the key. You can update only **Restrict privileges** and **Include metadata**.
+In **API keys**, click on the name of the key. You can update only **Control security privileges** and **Include metadata**.
 
 ## View and delete API keys [api-keys-view-and-delete-api-keys]
 
diff --git a/solutions/observability/apm/grant-access-using-api-keys.md b/solutions/observability/apm/grant-access-using-api-keys.md
index 45fb8a11ee..207a99a1df 100644
--- a/solutions/observability/apm/grant-access-using-api-keys.md
+++ b/solutions/observability/apm/grant-access-using-api-keys.md
@@ -30,7 +30,7 @@ To create an API key:
     :screenshot:
     :::
 
-3. Enter a name for your API key and select **Restrict privileges**. In the role descriptors box, assign the appropriate privileges to the new API key. For example:
+3. Enter a name for your API key and enable **Control security privileges**. In the role descriptors box, assign the appropriate privileges to the new API key. For example:
 
     ```json
     {
@@ -101,7 +101,7 @@ To open the **API keys** management page, find it in the navigation menu or use
 :screenshot:
 :::
 
-Enter a name for your API key and select **Restrict privileges**. In the role descriptors box, assign the appropriate privileges to the new API key. For example:
+Enter a name for your API key and enable **Control security privileges**. In the role descriptors box, assign the appropriate privileges to the new API key. For example:
 
 ```json
 {
diff --git a/solutions/observability/cloud/monitor-amazon-web-services-aws-with-amazon-data-firehose.md b/solutions/observability/cloud/monitor-amazon-web-services-aws-with-amazon-data-firehose.md
index e5f08b3f27..040a0fda81 100644
--- a/solutions/observability/cloud/monitor-amazon-web-services-aws-with-amazon-data-firehose.md
+++ b/solutions/observability/cloud/monitor-amazon-web-services-aws-with-amazon-data-firehose.md
@@ -56,7 +56,7 @@ For advanced use cases, source records can be transformed by invoking a custom L
 From the **Destination settings** panel, specify the following settings:
 
 * **Elastic endpoint URL**: Enter the Elastic endpoint URL of your Elasticsearch cluster. To find the Elasticsearch endpoint, go to the {{ecloud}} Console and select **Connection details**. Make sure the endpoint is in the following format: `https://<deployment_name>.es.<region>.<csp>.elastic-cloud.com`.
-* **API key**: Enter the encoded Elastic API key. This can be created in Kibana by following the instructions under [API Keys](/deploy-manage/api-keys.md). If you are using an API key with **Restrict privileges**, make sure to review the Indices privileges to provide at least "auto_configure" & "write" permissions for the indices you will be using with this delivery stream.
+* **API key**: Enter the encoded Elastic API key. This can be created in Kibana by following the instructions under [API Keys](/deploy-manage/api-keys.md). If you are using an API key with **Control security privileges** enabled, make sure to review the Indices privileges to provide at least "auto_configure" & "write" permissions for the indices you will be using with this delivery stream.
 * **Content encoding**: To reduce the data transfer costs, use GZIP encoding.
 * **Retry duration**: Determines how long Firehose continues retrying the request in the event of an error. A duration between 60 and 300 seconds should be suitable for most use cases.
 * **Parameters**:
diff --git a/solutions/observability/cloud/monitor-aws-network-firewall-logs.md b/solutions/observability/cloud/monitor-aws-network-firewall-logs.md
index 8d65cbe0ed..87f3d6eafb 100644
--- a/solutions/observability/cloud/monitor-aws-network-firewall-logs.md
+++ b/solutions/observability/cloud/monitor-aws-network-firewall-logs.md
@@ -76,7 +76,7 @@ Creating a Network Firewall is not trivial and is beyond the scope of this guide
 
         1. Go to the [Elastic Cloud](https://cloud.elastic.co/) console
         2. Select **Open Kibana**.
-        3. Open the **API keys** management page in the navigation menu or using the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md), then click **Create API key**. If you are using an API key with **Restrict privileges**, make sure to review the Indices privileges to provide at least `auto_configure` and `write` permissions for the indices you will be using with this delivery stream.
+        3. Open the **API keys** management page in the navigation menu or using the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md), then click **Create API key**. If you are using an API key with **Control security privileges** enabled, make sure to review the Indices privileges to provide at least `auto_configure` and `write` permissions for the indices you will be using with this delivery stream.
 
 4. Set up the delivery stream by specifying the following data:
 
diff --git a/solutions/observability/cloud/monitor-cloudtrail-logs.md b/solutions/observability/cloud/monitor-cloudtrail-logs.md
index 22c4944817..c977e6b41c 100644
--- a/solutions/observability/cloud/monitor-cloudtrail-logs.md
+++ b/solutions/observability/cloud/monitor-cloudtrail-logs.md
@@ -102,7 +102,7 @@ You now have a CloudWatch log group with events coming from CloudTrail. For more
 
         1. Go to the [Elastic Cloud](https://cloud.elastic.co/) console
         2. Select **Open Kibana**.
-        3. Open the **API keys** management page in the navigation menu or using the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md), then click **Create API key**. If you are using an API key with **Restrict privileges**, make sure to review the Indices privileges to provide at least `auto_configure` and `write` permissions for the indices you will be using with this delivery stream.
+        3. Open the **API keys** management page in the navigation menu or using the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md), then click **Create API key**. If you are using an API key with **Control security privileges** enabled, make sure to review the Indices privileges to provide at least `auto_configure` and `write` permissions for the indices you will be using with this delivery stream.
 
 2. Set up the delivery stream by specifying the following data:
 
diff --git a/solutions/observability/cloud/monitor-cloudwatch-logs.md b/solutions/observability/cloud/monitor-cloudwatch-logs.md
index 41366aa2cf..b2d8c46875 100644
--- a/solutions/observability/cloud/monitor-cloudwatch-logs.md
+++ b/solutions/observability/cloud/monitor-cloudwatch-logs.md
@@ -125,7 +125,7 @@ Take note of the log group name for this Lambda function, as you will need it in
 
         1. Go to the [Elastic Cloud](https://cloud.elastic.co/) console
         2. Select **Open Kibana**.
-        3. Open the **API keys** management page in the navigation menu or using the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md), then click **Create API key**.If you are using an API key with **Restrict privileges**, make sure to review the Indices privileges to provide at least `auto_configure` and `write` permissions for the indices you will be using with this delivery stream.
+        3. Open the **API keys** management page in the navigation menu or using the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md), then click **Create API key**. If you are using an API key with **Control security privileges** enabled, make sure to review the Indices privileges to provide at least `auto_configure` and `write` permissions for the indices you will be using with this delivery stream.
 
     * **Content encoding**: To reduce the data transfer costs, use GZIP encoding.
     * **Retry duration**: Determines how long Firehose continues retrying the request in the event of an error. A duration between 60 and 300 seconds should be suitable for most use cases.
diff --git a/solutions/observability/cloud/monitor-web-application-firewall-waf-logs.md b/solutions/observability/cloud/monitor-web-application-firewall-waf-logs.md
index 05f17ceea3..cfca850834 100644
--- a/solutions/observability/cloud/monitor-web-application-firewall-waf-logs.md
+++ b/solutions/observability/cloud/monitor-web-application-firewall-waf-logs.md
@@ -71,7 +71,7 @@ For advanced use cases, source records can be transformed by invoking a custom L
 
         1. Go to the [Elastic Cloud](https://cloud.elastic.co/) console
         2. Select **Open Kibana**.
-        3. Open the **API keys** management page in the navigation menu or using the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md), then click **Create API key**. If you are using an API key with **Restrict privileges**, make sure to review the Indices privileges to provide at least `auto_configure` and `write` permissions for the indices you will be using with this delivery stream.
+        3. Open the **API keys** management page in the navigation menu or using the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md), then click **Create API key**. If you are using an API key with **Control security privileges** enabled, make sure to review the Indices privileges to provide at least `auto_configure` and `write` permissions for the indices you will be using with this delivery stream.
 
     * **Content encoding**: For a better network efficiency, leave content encoding set to GZIP.
     * **Retry duration**: Determines how long Firehose continues retrying the request in the event of an error. A duration of 60-300s should be suitable for most use cases.