From bc2c9907308a1419b35cf9114bd954264edc23e2 Mon Sep 17 00:00:00 2001
From: Piotr Wolski <piotr.wolski@datadoghq.com>
Date: Tue, 7 Apr 2026 14:24:06 -0600
Subject: [PATCH 1/7] Add minimum Kafka ACL permissions for Kafka Monitoring
 and Messages

Document the minimum Kafka ACL permissions required for the Datadog Agent
when connecting to ACL-enabled Kafka clusters.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 content/en/data_streams/kafka/_index.md   | 12 ++++++++++++
 content/en/data_streams/kafka/messages.md | 11 +++++++++++
 2 files changed, 23 insertions(+)

diff --git a/content/en/data_streams/kafka/_index.md b/content/en/data_streams/kafka/_index.md
index f8ac972610a..002dc9a1319 100644
--- a/content/en/data_streams/kafka/_index.md
+++ b/content/en/data_streams/kafka/_index.md
@@ -14,6 +14,18 @@ With Data Streams Monitoring's Kafka Monitoring, a Datadog Agent check connects
 
 Go to the [Kafka Monitoring setup page][1] and click {{< ui >}}Get Started{{< / ui >}}. Then choose your environment and follow the instructions. To request assistance, choose {{< ui >}}Request a pairing session{{< /ui >}}.
 
+### Kafka ACL permissions
+
+If your Kafka cluster uses ACLs, the Datadog Agent user requires the following minimum permissions:
+
+| Resource Name | Resource Type | Operation        |
+|---------------|---------------|------------------|
+| `kafka-cluster` | `CLUSTER`   | `Describe`       |
+| `kafka-cluster` | `CLUSTER`   | `DescribeConfigs` |
+| `*`           | `TOPIC`       | `Describe`       |
+| `*`           | `TOPIC`       | `DescribeConfigs` |
+| `*`           | `GROUP`       | `Describe`       |
+
 {{< img src="data_streams/kafka_setup-2.png" alt="The Kafka Monitoring setup dialog showing environment selection, security protocol, schema registry options, and Kubernetes configuration instructions" >}}
 
 The setup page provides environment-specific configuration instructions. You can copy the instructions directly to an AI agent with **Copy for AI**.
diff --git a/content/en/data_streams/kafka/messages.md b/content/en/data_streams/kafka/messages.md
index 613db7f1cf8..b7b9a684f57 100644
--- a/content/en/data_streams/kafka/messages.md
+++ b/content/en/data_streams/kafka/messages.md
@@ -45,6 +45,16 @@ Ensure [remote configuration][3] is set up for the agent running the Kafka Consu
 1. In Datadog, under [Remote Configuration][13], check that remote configuration is enabled at the organization level.
 2. In Datadog, under [Remote Configuration][13], check that the agent running the Kafka Consumer integration has remote configuration enabled, and is using an API key with remote configuration enabled.
 
+## Kafka ACL permissions
+
+If your Kafka cluster uses ACLs, the Datadog Agent user requires the following minimum permissions to read messages:
+
+| Resource Name | Resource Type | Operation |
+|---------------|---------------|-----------|
+| `*`           | `TOPIC`       | `Read`    |
+
+These permissions are in addition to the [Kafka Monitoring permissions][14].
+
 ## Required permissions
 
 You must have the `Data Streams Monitoring Capture Messages` permission, and these logs permissions that are part of the Datadog Standard role:
@@ -94,3 +104,4 @@ To enable permissions, edit an existing role or create a new one on the [Roles p
 [11]: /integrations/kafka-consumer/?tab=host#validation
 [12]: https://app.datadoghq.com/fleet
 [13]: https://app.datadoghq.com/organization-settings/remote-config
+[14]: /data_streams/kafka/#kafka-acl-permissions

From 91b837c258ab76d171492aeaa940e207bc01f211 Mon Sep 17 00:00:00 2001
From: Piotr Wolski <piotr.wolski@datadoghq.com>
Date: Wed, 8 Apr 2026 08:50:55 -0600
Subject: [PATCH 2/7] Address PR review comments

- Move ACL permissions section after the setup image and paragraph in _index.md
- Nest Kafka ACL permissions under Prerequisites (as H3) in messages.md

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 content/en/data_streams/kafka/_index.md   | 8 ++++----
 content/en/data_streams/kafka/messages.md | 6 ++----
 2 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/content/en/data_streams/kafka/_index.md b/content/en/data_streams/kafka/_index.md
index 002dc9a1319..99c069e8326 100644
--- a/content/en/data_streams/kafka/_index.md
+++ b/content/en/data_streams/kafka/_index.md
@@ -14,6 +14,10 @@ With Data Streams Monitoring's Kafka Monitoring, a Datadog Agent check connects
 
 Go to the [Kafka Monitoring setup page][1] and click {{< ui >}}Get Started{{< / ui >}}. Then choose your environment and follow the instructions. To request assistance, choose {{< ui >}}Request a pairing session{{< /ui >}}.
 
+{{< img src="data_streams/kafka_setup-2.png" alt="The Kafka Monitoring setup dialog showing environment selection, security protocol, schema registry options, and Kubernetes configuration instructions" >}}
+
+The setup page provides environment-specific configuration instructions. You can copy the instructions directly to an AI agent with **Copy for AI**.
+
 ### Kafka ACL permissions
 
 If your Kafka cluster uses ACLs, the Datadog Agent user requires the following minimum permissions:
@@ -26,10 +30,6 @@ If your Kafka cluster uses ACLs, the Datadog Agent user requires the following m
 | `*`           | `TOPIC`       | `DescribeConfigs` |
 | `*`           | `GROUP`       | `Describe`       |
 
-{{< img src="data_streams/kafka_setup-2.png" alt="The Kafka Monitoring setup dialog showing environment selection, security protocol, schema registry options, and Kubernetes configuration instructions" >}}
-
-The setup page provides environment-specific configuration instructions. You can copy the instructions directly to an AI agent with **Copy for AI**.
-
 ## Workflows
 
 ### Monitor cluster health and performance
diff --git a/content/en/data_streams/kafka/messages.md b/content/en/data_streams/kafka/messages.md
index b7b9a684f57..d1d7b2bd91a 100644
--- a/content/en/data_streams/kafka/messages.md
+++ b/content/en/data_streams/kafka/messages.md
@@ -45,16 +45,14 @@ Ensure [remote configuration][3] is set up for the agent running the Kafka Consu
 1. In Datadog, under [Remote Configuration][13], check that remote configuration is enabled at the organization level.
 2. In Datadog, under [Remote Configuration][13], check that the agent running the Kafka Consumer integration has remote configuration enabled, and is using an API key with remote configuration enabled.
 
-## Kafka ACL permissions
+### Kafka ACL permissions
 
-If your Kafka cluster uses ACLs, the Datadog Agent user requires the following minimum permissions to read messages:
+If your Kafka cluster uses ACLs, the Datadog Agent user requires the following minimum permissions to read messages, in addition to the [Kafka Monitoring permissions][14]:
 
 | Resource Name | Resource Type | Operation |
 |---------------|---------------|-----------|
 | `*`           | `TOPIC`       | `Read`    |
 
-These permissions are in addition to the [Kafka Monitoring permissions][14].
-
 ## Required permissions
 
 You must have the `Data Streams Monitoring Capture Messages` permission, and these logs permissions that are part of the Datadog Standard role:

From 57b559df52fceb689582fd8816bfc7fab41310f5 Mon Sep 17 00:00:00 2001
From: Piotr Wolski <piotr.wolski@datadoghq.com>
Date: Wed, 8 Apr 2026 09:10:26 -0600
Subject: [PATCH 3/7] Move message reading permissions to _index.md, revert
 messages.md

Add a second table for Read on TOPIC (message viewing) below the
monitoring permissions table. Revert all changes to messages.md.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 content/en/data_streams/kafka/_index.md   | 6 ++++++
 content/en/data_streams/kafka/messages.md | 9 ---------
 2 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/content/en/data_streams/kafka/_index.md b/content/en/data_streams/kafka/_index.md
index 99c069e8326..ee310728bdb 100644
--- a/content/en/data_streams/kafka/_index.md
+++ b/content/en/data_streams/kafka/_index.md
@@ -30,6 +30,12 @@ If your Kafka cluster uses ACLs, the Datadog Agent user requires the following m
 | `*`           | `TOPIC`       | `DescribeConfigs` |
 | `*`           | `GROUP`       | `Describe`       |
 
+To [view messages][2], the Agent user also requires:
+
+| Resource Name | Resource Type | Operation |
+|---------------|---------------|-----------|
+| `*`           | `TOPIC`       | `Read`    |
+
 ## Workflows
 
 ### Monitor cluster health and performance
diff --git a/content/en/data_streams/kafka/messages.md b/content/en/data_streams/kafka/messages.md
index d1d7b2bd91a..613db7f1cf8 100644
--- a/content/en/data_streams/kafka/messages.md
+++ b/content/en/data_streams/kafka/messages.md
@@ -45,14 +45,6 @@ Ensure [remote configuration][3] is set up for the agent running the Kafka Consu
 1. In Datadog, under [Remote Configuration][13], check that remote configuration is enabled at the organization level.
 2. In Datadog, under [Remote Configuration][13], check that the agent running the Kafka Consumer integration has remote configuration enabled, and is using an API key with remote configuration enabled.
 
-### Kafka ACL permissions
-
-If your Kafka cluster uses ACLs, the Datadog Agent user requires the following minimum permissions to read messages, in addition to the [Kafka Monitoring permissions][14]:
-
-| Resource Name | Resource Type | Operation |
-|---------------|---------------|-----------|
-| `*`           | `TOPIC`       | `Read`    |
-
 ## Required permissions
 
 You must have the `Data Streams Monitoring Capture Messages` permission, and these logs permissions that are part of the Datadog Standard role:
@@ -102,4 +94,3 @@ To enable permissions, edit an existing role or create a new one on the [Roles p
 [11]: /integrations/kafka-consumer/?tab=host#validation
 [12]: https://app.datadoghq.com/fleet
 [13]: https://app.datadoghq.com/organization-settings/remote-config
-[14]: /data_streams/kafka/#kafka-acl-permissions

From bb7c6afe63eae718596cae3b629a40fd6333beee Mon Sep 17 00:00:00 2001
From: Piotr Wolski <piotr.wolski@datadoghq.com>
Date: Wed, 8 Apr 2026 09:13:23 -0600
Subject: [PATCH 4/7] Remove messages.md, consolidate into Kafka Monitoring
 page

Delete the separate messages.md page and add aliases for redirects.
Remove the Messages nav menu entry. Update _index.md to remove the
dead link to messages.md.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 config/_default/menus/main.en.yaml        |  5 --
 content/en/data_streams/kafka/_index.md   | 11 ++-
 content/en/data_streams/kafka/messages.md | 96 -----------------------
 3 files changed, 7 insertions(+), 105 deletions(-)
 delete mode 100644 content/en/data_streams/kafka/messages.md

diff --git a/config/_default/menus/main.en.yaml b/config/_default/menus/main.en.yaml
index 1f3a159b936..b5e10a85347 100644
--- a/config/_default/menus/main.en.yaml
+++ b/config/_default/menus/main.en.yaml
@@ -4963,11 +4963,6 @@ menu:
       identifier: data_streams_kafka
       parent: data_streams
       weight: 2
-    - name: Messages 
-      url: data_streams/kafka/messages 
-      identifier: data_streams_kafka_messages
-      parent: data_streams_kafka 
-      weight: 201
     - name: Schema Tracking
       url: data_streams/schema_tracking
       identifier: data_streams_schema_tracking
diff --git a/content/en/data_streams/kafka/_index.md b/content/en/data_streams/kafka/_index.md
index ee310728bdb..af010aeac47 100644
--- a/content/en/data_streams/kafka/_index.md
+++ b/content/en/data_streams/kafka/_index.md
@@ -1,6 +1,10 @@
 ---
 title: Kafka Monitoring
 description: Monitor Kafka cluster health, connect services to topics, and inspect schemas and messages with Data Streams Monitoring's Kafka Monitoring.
+aliases:
+  - data_streams/live_messages
+  - data_streams/messages
+  - data_streams/kafka/messages
 ---
 
 With Data Streams Monitoring's Kafka Monitoring, a Datadog Agent check connects to your Kafka cluster and starts collecting health and performance metrics. Kafka Monitoring allows you to:
@@ -30,7 +34,7 @@ If your Kafka cluster uses ACLs, the Datadog Agent user requires the following m
 | `*`           | `TOPIC`       | `DescribeConfigs` |
 | `*`           | `GROUP`       | `Describe`       |
 
-To [view messages][2], the Agent user also requires:
+To view messages, the Agent user also requires:
 
 | Resource Name | Resource Type | Operation |
 |---------------|---------------|-----------|
@@ -76,7 +80,6 @@ The **Messages** section lets you retrieve messages by partition and offset to i
 
 {{< img src="data_streams/kafka_schema_messages.png" alt="Topic schema and messages view showing a Protobuf schema definition and a table of recent messages with date, partition, offset, and message value" >}}
 
-**Note**: [Message viewing][2] is not enabled by default and requires additional setup. Access is controlled by per-user permissions, so you can roll out Kafka Monitoring without exposing message content. Configure message viewing separately after completing the initial setup.
+**Note**: Message viewing is not enabled by default and requires additional setup. Access is controlled by per-user permissions, so you can roll out Kafka Monitoring without exposing message content. Configure message viewing separately after completing the initial setup.
 
-[1]: https://app.datadoghq.com/data-streams/kafka/setup
-[2]: /data_streams/kafka/messages
\ No newline at end of file
+[1]: https://app.datadoghq.com/data-streams/kafka/setup
\ No newline at end of file
diff --git a/content/en/data_streams/kafka/messages.md b/content/en/data_streams/kafka/messages.md
deleted file mode 100644
index 613db7f1cf8..00000000000
--- a/content/en/data_streams/kafka/messages.md
+++ /dev/null
@@ -1,96 +0,0 @@
----
-title: Kafka Messages
-aliases:
-  - data_streams/live_messages
-  - data_streams/messages
----
-
-In Data Streams Monitoring, Kafka Messages allows you to identify the root cause of poison pill messages and to better understand data streams by inspecting message content.
-With Kafka Messages, you can view your Kafka messages at specific partitions and offsets.
-
-<div class="alert alert-info">
-   Kafka Messages is in Preview. Contact your Customer Success Manager for access.
-</div>
-
-## Supported data formats
-
-Avro, Protobuf, and JSON are supported.
-
-## Prerequisites
-
-### Kafka Consumer integration
-
-[Kafka Consumer][6] integration needs to be set up on any consumer consuming from the topic you want to retrieve messages from.
-If a topic has more than one consumer group, setting up the integration on one of these consumer groups is enough to use the feature.
-
-#### Validation
-
-Ensure that the Kafka Consumer check is running correctly by following [these instructions][11]
-
-### Datadog Agent version
-
-Ensure the Datadog Agent version you are running is 7.70 or later.
-
-#### Validation
-
-1. [Run the Agent's status subcommand][10] and check the agent version.
-2. In Datadog, under [integrations, View agents][12], find the agent running the Kafka Consumer integration, and check its version.
-
-### Remote configuration
-
-Ensure [remote configuration][3] is set up for the agent running the Kafka Consumer integration.
-
-#### Validation
-
-1. In Datadog, under [Remote Configuration][13], check that remote configuration is enabled at the organization level.
-2. In Datadog, under [Remote Configuration][13], check that the agent running the Kafka Consumer integration has remote configuration enabled, and is using an API key with remote configuration enabled.
-
-## Required permissions
-
-You must have the `Data Streams Monitoring Capture Messages` permission, and these logs permissions that are part of the Datadog Standard role:
-* `Logs Read Index Data`
-* `Logs Read Data`
-* `Logs Live Tail`
-
-You can verify your current permissions on your [Profile page][7].
-To enable permissions, edit an existing role or create a new one on the [Roles page][8]. If you do not have permission to modify roles, contact your organization's administrator.
-
-### 1. Create a new role
-
-1. Navigate to the [Roles page][8] in Datadog.
-2. Click **+ New Role** in the top-right corner.
-   <div class="alert alert-info">
-   If you see "Read Only" instead of the "+ New Role button", you don't have permission to create roles. Contact your Datadog administrator for assistance.
-   </div>
-3. Enter a descriptive name for your new role (for example, "Data Streams Messages Access").
-4. In the **Search Permissions** field, type `Data Streams Monitoring Capture Messages`.
-5. Select the permission from the search results to enable it for this role.
-6. Click **Save**.
-7. Confirm your role was created successfully by searching for it in the roles list.
-
-### 2. Assign the role to users
-
-1. Go to the [Users page][9] in Datadog.
-2. Find and click on the user you want to assign the role to.
-3. In the user details panel, click **Edit** next to their name.
-   <div class="alert alert-info">
-   If you don't see an "Edit" button, you need administrator privileges to modify user roles. Contact your Datadog administrator.
-   </div>
-4. In the modal that opens, locate the **Roles** section.
-5. Add your newly created role to the user.
-6. Click **Save**.
-7. Look for a "User updated" confirmation message to verify the change was successful.
-
-[1]: #agent-setup
-[2]: #required-permissions
-[3]: /agent/remote_config
-[4]: https://app.datadoghq.com/fleet
-[5]: https://app.datadoghq.com/organization-settings/remote-config
-[6]: /integrations/kafka-consumer
-[7]: https://app.datadoghq.com/personal-settings/profile
-[8]: https://app.datadoghq.com/organization-settings/roles
-[9]: https://app.datadoghq.com/organization-settings/users
-[10]: /agent/configuration/agent-commands/#agent-information
-[11]: /integrations/kafka-consumer/?tab=host#validation
-[12]: https://app.datadoghq.com/fleet
-[13]: https://app.datadoghq.com/organization-settings/remote-config

From 18d63843d7a0d80bbf19e5d0009acf457a14e0c3 Mon Sep 17 00:00:00 2001
From: Piotr Wolski <piotr.wolski@datadoghq.com>
Date: Wed, 8 Apr 2026 09:14:32 -0600
Subject: [PATCH 5/7] Revert messages.md deletion, keep ACL permissions in
 _index.md only

Restore messages.md and nav menu to original state. ACL permissions
for both monitoring and message reading are in the Kafka Monitoring
page only.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 config/_default/menus/main.en.yaml        |  5 ++
 content/en/data_streams/kafka/_index.md   |  9 +--
 content/en/data_streams/kafka/messages.md | 96 +++++++++++++++++++++++
 3 files changed, 104 insertions(+), 6 deletions(-)
 create mode 100644 content/en/data_streams/kafka/messages.md

diff --git a/config/_default/menus/main.en.yaml b/config/_default/menus/main.en.yaml
index b5e10a85347..1f3a159b936 100644
--- a/config/_default/menus/main.en.yaml
+++ b/config/_default/menus/main.en.yaml
@@ -4963,6 +4963,11 @@ menu:
       identifier: data_streams_kafka
       parent: data_streams
       weight: 2
+    - name: Messages 
+      url: data_streams/kafka/messages 
+      identifier: data_streams_kafka_messages
+      parent: data_streams_kafka 
+      weight: 201
     - name: Schema Tracking
       url: data_streams/schema_tracking
       identifier: data_streams_schema_tracking
diff --git a/content/en/data_streams/kafka/_index.md b/content/en/data_streams/kafka/_index.md
index af010aeac47..61173ff998e 100644
--- a/content/en/data_streams/kafka/_index.md
+++ b/content/en/data_streams/kafka/_index.md
@@ -1,10 +1,6 @@
 ---
 title: Kafka Monitoring
 description: Monitor Kafka cluster health, connect services to topics, and inspect schemas and messages with Data Streams Monitoring's Kafka Monitoring.
-aliases:
-  - data_streams/live_messages
-  - data_streams/messages
-  - data_streams/kafka/messages
 ---
 
 With Data Streams Monitoring's Kafka Monitoring, a Datadog Agent check connects to your Kafka cluster and starts collecting health and performance metrics. Kafka Monitoring allows you to:
@@ -80,6 +76,7 @@ The **Messages** section lets you retrieve messages by partition and offset to i
 
 {{< img src="data_streams/kafka_schema_messages.png" alt="Topic schema and messages view showing a Protobuf schema definition and a table of recent messages with date, partition, offset, and message value" >}}
 
-**Note**: Message viewing is not enabled by default and requires additional setup. Access is controlled by per-user permissions, so you can roll out Kafka Monitoring without exposing message content. Configure message viewing separately after completing the initial setup.
+**Note**: [Message viewing][2] is not enabled by default and requires additional setup. Access is controlled by per-user permissions, so you can roll out Kafka Monitoring without exposing message content. Configure message viewing separately after completing the initial setup.
 
-[1]: https://app.datadoghq.com/data-streams/kafka/setup
\ No newline at end of file
+[1]: https://app.datadoghq.com/data-streams/kafka/setup
+[2]: /data_streams/kafka/messages
\ No newline at end of file
diff --git a/content/en/data_streams/kafka/messages.md b/content/en/data_streams/kafka/messages.md
new file mode 100644
index 00000000000..613db7f1cf8
--- /dev/null
+++ b/content/en/data_streams/kafka/messages.md
@@ -0,0 +1,96 @@
+---
+title: Kafka Messages
+aliases:
+  - data_streams/live_messages
+  - data_streams/messages
+---
+
+In Data Streams Monitoring, Kafka Messages allows you to identify the root cause of poison pill messages and to better understand data streams by inspecting message content.
+With Kafka Messages, you can view your Kafka messages at specific partitions and offsets.
+
+<div class="alert alert-info">
+   Kafka Messages is in Preview. Contact your Customer Success Manager for access.
+</div>
+
+## Supported data formats
+
+Avro, Protobuf, and JSON are supported.
+
+## Prerequisites
+
+### Kafka Consumer integration
+
+[Kafka Consumer][6] integration needs to be set up on any consumer consuming from the topic you want to retrieve messages from.
+If a topic has more than one consumer group, setting up the integration on one of these consumer groups is enough to use the feature.
+
+#### Validation
+
+Ensure that the Kafka Consumer check is running correctly by following [these instructions][11]
+
+### Datadog Agent version
+
+Ensure the Datadog Agent version you are running is 7.70 or later.
+
+#### Validation
+
+1. [Run the Agent's status subcommand][10] and check the agent version.
+2. In Datadog, under [integrations, View agents][12], find the agent running the Kafka Consumer integration, and check its version.
+
+### Remote configuration
+
+Ensure [remote configuration][3] is set up for the agent running the Kafka Consumer integration.
+
+#### Validation
+
+1. In Datadog, under [Remote Configuration][13], check that remote configuration is enabled at the organization level.
+2. In Datadog, under [Remote Configuration][13], check that the agent running the Kafka Consumer integration has remote configuration enabled, and is using an API key with remote configuration enabled.
+
+## Required permissions
+
+You must have the `Data Streams Monitoring Capture Messages` permission, and these logs permissions that are part of the Datadog Standard role:
+* `Logs Read Index Data`
+* `Logs Read Data`
+* `Logs Live Tail`
+
+You can verify your current permissions on your [Profile page][7].
+To enable permissions, edit an existing role or create a new one on the [Roles page][8]. If you do not have permission to modify roles, contact your organization's administrator.
+
+### 1. Create a new role
+
+1. Navigate to the [Roles page][8] in Datadog.
+2. Click **+ New Role** in the top-right corner.
+   <div class="alert alert-info">
+   If you see "Read Only" instead of the "+ New Role button", you don't have permission to create roles. Contact your Datadog administrator for assistance.
+   </div>
+3. Enter a descriptive name for your new role (for example, "Data Streams Messages Access").
+4. In the **Search Permissions** field, type `Data Streams Monitoring Capture Messages`.
+5. Select the permission from the search results to enable it for this role.
+6. Click **Save**.
+7. Confirm your role was created successfully by searching for it in the roles list.
+
+### 2. Assign the role to users
+
+1. Go to the [Users page][9] in Datadog.
+2. Find and click on the user you want to assign the role to.
+3. In the user details panel, click **Edit** next to their name.
+   <div class="alert alert-info">
+   If you don't see an "Edit" button, you need administrator privileges to modify user roles. Contact your Datadog administrator.
+   </div>
+4. In the modal that opens, locate the **Roles** section.
+5. Add your newly created role to the user.
+6. Click **Save**.
+7. Look for a "User updated" confirmation message to verify the change was successful.
+
+[1]: #agent-setup
+[2]: #required-permissions
+[3]: /agent/remote_config
+[4]: https://app.datadoghq.com/fleet
+[5]: https://app.datadoghq.com/organization-settings/remote-config
+[6]: /integrations/kafka-consumer
+[7]: https://app.datadoghq.com/personal-settings/profile
+[8]: https://app.datadoghq.com/organization-settings/roles
+[9]: https://app.datadoghq.com/organization-settings/users
+[10]: /agent/configuration/agent-commands/#agent-information
+[11]: /integrations/kafka-consumer/?tab=host#validation
+[12]: https://app.datadoghq.com/fleet
+[13]: https://app.datadoghq.com/organization-settings/remote-config

From fa8e6914984f206fd0301c7c01e92beded9e6018 Mon Sep 17 00:00:00 2001
From: Piotr WOLSKI <piotr.wolski42@gmail.com>
Date: Wed, 8 Apr 2026 12:19:21 -0600
Subject: [PATCH 6/7] Update content/en/data_streams/kafka/_index.md

Co-authored-by: domalessi <111786334+domalessi@users.noreply.github.com>
---
 content/en/data_streams/kafka/_index.md | 17 -----------------
 1 file changed, 17 deletions(-)

diff --git a/content/en/data_streams/kafka/_index.md b/content/en/data_streams/kafka/_index.md
index 61173ff998e..bcc729c0f0b 100644
--- a/content/en/data_streams/kafka/_index.md
+++ b/content/en/data_streams/kafka/_index.md
@@ -18,23 +18,6 @@ Go to the [Kafka Monitoring setup page][1] and click {{< ui >}}Get Started{{< /
 
 The setup page provides environment-specific configuration instructions. You can copy the instructions directly to an AI agent with **Copy for AI**.
 
-### Kafka ACL permissions
-
-If your Kafka cluster uses ACLs, the Datadog Agent user requires the following minimum permissions:
-
-| Resource Name | Resource Type | Operation        |
-|---------------|---------------|------------------|
-| `kafka-cluster` | `CLUSTER`   | `Describe`       |
-| `kafka-cluster` | `CLUSTER`   | `DescribeConfigs` |
-| `*`           | `TOPIC`       | `Describe`       |
-| `*`           | `TOPIC`       | `DescribeConfigs` |
-| `*`           | `GROUP`       | `Describe`       |
-
-To view messages, the Agent user also requires:
-
-| Resource Name | Resource Type | Operation |
-|---------------|---------------|-----------|
-| `*`           | `TOPIC`       | `Read`    |
 
 ## Workflows
 

From 12045468309b13825dbaf2027b3ce9816ab2ea94 Mon Sep 17 00:00:00 2001
From: Piotr WOLSKI <piotr.wolski42@gmail.com>
Date: Wed, 8 Apr 2026 12:19:28 -0600
Subject: [PATCH 7/7] Update content/en/data_streams/kafka/_index.md

Co-authored-by: domalessi <111786334+domalessi@users.noreply.github.com>
---
 content/en/data_streams/kafka/_index.md | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/content/en/data_streams/kafka/_index.md b/content/en/data_streams/kafka/_index.md
index bcc729c0f0b..995f98fbc4c 100644
--- a/content/en/data_streams/kafka/_index.md
+++ b/content/en/data_streams/kafka/_index.md
@@ -10,6 +10,24 @@ With Data Streams Monitoring's Kafka Monitoring, a Datadog Agent check connects
 - **Connect services to topics**: See which producers and consumers interact with each topic, with linked owners, repos, on-call rotations, traces, and error logs
 - **Inspect topic schemas and messages**: View schemas, compare versions, and access messages to debug poison payloads or explore the topic
 
+## Prerequisites
+
+If your Kafka cluster uses ACLs, the Datadog Agent user requires the following minimum permissions:
+
+| Resource Name | Resource Type | Operation        |
+|---------------|---------------|------------------|
+| `kafka-cluster` | `CLUSTER`   | `Describe`       |
+| `kafka-cluster` | `CLUSTER`   | `DescribeConfigs` |
+| `*`           | `TOPIC`       | `Describe`       |
+| `*`           | `TOPIC`       | `DescribeConfigs` |
+| `*`           | `GROUP`       | `Describe`       |
+
+To retrieve messages in the **Messages** section, the Agent user also requires:
+
+| Resource Name | Resource Type | Operation |
+|---------------|---------------|-----------|
+| `*`           | `TOPIC`       | `Read`    |
+
 ## Setup
 
 Go to the [Kafka Monitoring setup page][1] and click {{< ui >}}Get Started{{< / ui >}}. Then choose your environment and follow the instructions. To request assistance, choose {{< ui >}}Request a pairing session{{< /ui >}}.