diff --git a/docs/README.md b/docs/README.md
index 4f1a29b96d51ace0ae25ee5ef438f3345400529c..ab396cb760a422167dc3e96605f4b3e5fe6046d1 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -83,6 +83,7 @@
 - [Permissions overview](./administration-guide/05-setting-permissions.md)
 - [Data permissions](./administration-guide/data-permissions.md)
 - [Collection permissions](./administration-guide/06-collections.md)
+- [General permissions](./administration-guide/general-permissions.md)
 - [Sandboxing data based on user attributes](./enterprise-guide/data-sandboxes.md)
 - [SQL snippets folder permissions](./enterprise-guide/sql-snippets.md)
 
diff --git a/docs/administration-guide/05-setting-permissions.md b/docs/administration-guide/05-setting-permissions.md
index d74532232112c4e14a06c23a1b91278acb265c1c..216ec9dd623a9d53fa2c2f20ac421e77934acd5e 100644
--- a/docs/administration-guide/05-setting-permissions.md
+++ b/docs/administration-guide/05-setting-permissions.md
@@ -12,6 +12,7 @@ You can set permissions on:
 - [Tables and schemas in those databases][table-permissions]
 - [Rows and columns of a table][data-sandboxing] (only on some plans)
 - [Collections of questions, dashboards, and models][collections]
+- [General settings](general-permissions.md) (only on some plans)
 
 For plans that include [SQL Snippet Folders][sql-snippet-folders], you can also set permissions on those folders.
 
diff --git a/docs/administration-guide/data-permissions.md b/docs/administration-guide/data-permissions.md
index 2f845f9e3fc684de08490758001f7e36a3b4e705..80b0c74d203e5fe9408711aff48a415692a4bfa4 100644
--- a/docs/administration-guide/data-permissions.md
+++ b/docs/administration-guide/data-permissions.md
@@ -6,9 +6,9 @@ This page covers permissions for databases and tables. If you haven't already, c
 
 Now that you have some groups, youâ€™ll want to control their data access by going to the **Permissions** section of the Admin Panel. Youâ€™ll see an interactive table that displays all of your databases and all of your groups, and the level of access your groups have for each database.
 
-![Permissions view](images/permissions.png)
+## Data access
 
-You can click on any cell in the table to change a groupâ€™s access level. When youâ€™re done making your changes, just click the `save changes` button in the top-right, and youâ€™ll see a confirmation dialog summarizing the changes.
+You can click on any cell in the permissions table to change a groupâ€™s access level. When youâ€™re done making your changes, just click the **Save changes** button in the top-right, and youâ€™ll see a confirmation dialog summarizing the changes.
 
 ### Unrestricted access
 
@@ -16,28 +16,54 @@ Members of the group can access data from all tables (within all namespaces/sche
 
 ### Granular access
 
-__Granular access__ allows administrators to explicitly set access to tables or schemas within a database. In practice, this means that:
+**Granular access** allows administrators to explicitly set access to tables or schemas within a database. In practice, this means that:
 
-- Admins can set the groups access to individual tables to either __Unrestricted__, __No self-service__, or __Sandboxed__ access.
+- Admins can set the groups access to individual tables to either **Unrestricted**, **No self-service**, or **Sandboxed** access.
 - If a new table gets added to this database in the future, the group won't get access to that new table. An administrator would need to explicitly grant access to that table.
 
 ### No self-service access
 
-__No self-service__ prevents people in a group from creating new ad hoc queries or questions based on this data, or from seeing this data in the Browse Data screen. Groups with this level of access can still see saved questions and charts based on this data in Collections they have access to.
+**No self-service** prevents people in a group from creating new ad hoc queries or questions based on this data, or from seeing this data in the Browse Data screen. Groups with this level of access can still see saved questions and charts based on this data in Collections they have access to.
 
 ### Block access
 
 {% include plans-blockquote.html feature="Block access" %}
 
-__Block__ ensures people canâ€™t ever see the data from this database, regardless of their permissions at the Collection level. So if they want to see a question in a collection that have access to, but that question uses data from a database that's been blocked for that person's group, then they won't be able to see that question.
+**Block** ensures people canâ€™t ever see the data from this database, regardless of their permissions at the Collection level. So if they want to see a question in a collection that have access to, but that question uses data from a database that's been blocked for that person's group, then they won't be able to see that question.
 
 Keep in mind people can be in multiple groups. If a person belongs to _another_ group that _does_ have access to that database, that more privileged access will take precedence (overruling the block), and they'll be able to view that question.
 
-### Native query editing
+## Native query editing
 
 Members of a group with native query editing set to Yes can write new SQL/native queries using the native query editor. This access level requires the group to additionally have Unrestricted data access for the database in question, since SQL queries can circumvent table-level permissions.
 Members in groups without native query editing access can't view, write, or edit SQL/native queries. People who are not in groups with native query editing permissions will still be able to view the results of questions created from SQL/native queries, but not the code itself. They also won't see the "View the SQL" button when composing custom questions in the notebook editor.
 
+## Download results
+
+{% include plans-blockquote.html feature="Download permissions" %}
+
+You can set permissions on whether people in a group can download results (and how many rows) for a data source. Options are:
+
+- No (they can't download results)
+- Granular (set access for individual tables)
+- 10 thousand rows
+- 1 million rows
+
+## Manage data model
+
+{% include plans-blockquote.html feature="Data model permissions" %}
+
+You can define whether a group can [edit metadata](03-metadata-editing.md). Options are:
+
+- Granular (to set permissions specific to each table).
+- Edit (meaning, they can edit metadata for that data source).
+
+## Manage database
+
+{% include plans-blockquote.html feature="Database management permissions" %}
+
+This setting defines whether a person can edit the connection settings for the data source, as well as to sync and scan the database.
+
 ## Table permissions
 
 When you select [Granular access](#granular-access) for a database, you'll be prompted to set permissions on the tables (or schemas) within that database. Here you'll have two or three options, depending on your Metabase plan.
@@ -54,15 +80,6 @@ Groups with no self-service access to a table canâ€™t access the table at all. T
 
 Only available in paid plans, Sandboxed access to a table can restrict access to columns and rows of a table. Check out [data sandboxing][data-sandboxing].
 
-## Permissions and dashboard subscriptions
-
-You don't explicitly set permissions on [dashboards subscriptions][dashboard-subscriptions], as the subscriptions are a feature of a dashboard. If a person is in a group that has __Curate access__ to the collection containing the dashboard, they can view and edit all subscriptions for the dashboard, including subscriptions created by other people.
-
-If a group has __read-only access__ to a dashboard (based on its collection permissions), they can view all subscriptions for that dashboard. They can also create subscriptions and edit ones that theyâ€™ve created, but they canâ€™t edit ones that other users created. (That last point is enforced by the BE only, the FE still needs to be updated to show the subscriptions as read-only.)
-If a group has no access to a dashboard, they canâ€™t view any of its subscriptions, including ones that they may have created in the past, prior to having access revoked.
-
-If you have read-only access to a dashboard, you can also unsubscribe yourself from a subscription that somebody else created via the new page in account settings.
-
 ## Further reading
 
 - [Guide to data permissions](https://www.metabase.com/learn/organization/organization/data-permissions.html)
diff --git a/docs/administration-guide/general-permissions.md b/docs/administration-guide/general-permissions.md
new file mode 100644
index 0000000000000000000000000000000000000000..beef9b4c4b3691a83f78ddaf78978ed4895b3506
--- /dev/null
+++ b/docs/administration-guide/general-permissions.md
@@ -0,0 +1,26 @@
+# General permissions
+
+{% include plans-blockquote.html feature="General permissions" %}
+
+- [General settings access](#general-settings-access)
+- [Monitoring access](#monitoring-access)
+- [Subscriptions and alerts](#subscriptions-and-alerts)
+
+## General settings access
+
+General settings access defines which groups can set permissions on all of the settings under General settings.
+
+## Monitoring access
+
+Monitoring access sets permissions on the following Admin tabs:
+
+- [Tools](../enterprise-guide/tools.md)
+- [Auditing](../enterprise-guide/audit.md)
+- [Troubleshooting](../troubleshooting-guide/index.md)
+
+## Subscriptions and alerts
+
+This setting determines who can set up:
+
+- [Dashboard subscriptions](../users-guide/dashboard-subscriptions.md)
+- [Alerts](../users-guide/15-alerts.md)
diff --git a/docs/administration-guide/images/permissions.png b/docs/administration-guide/images/permissions.png
deleted file mode 100644
index 344b3fc13764435fe7b0f55648a41b07f3e29c17..0000000000000000000000000000000000000000
Binary files a/docs/administration-guide/images/permissions.png and /dev/null differ
diff --git a/docs/administration-guide/start.md b/docs/administration-guide/start.md
index dc4520445eee5c7ed57b70c42522f87c160246ec..98659a4a40e43c5665ed1d0fe6d9c2a4eda62340 100644
--- a/docs/administration-guide/start.md
+++ b/docs/administration-guide/start.md
@@ -35,8 +35,10 @@ See [how to install Metabase](../operations-guide/installing-metabase.md).
 
 ## Setting permissions and access
 
-- [Setting data permissions](05-setting-permissions.md)
+- [Permissions overview](05-setting-permissions.md)
+- [Setting data permissions](data-permissions.md)
 - [Creating and managing collections](06-collections.md)
+- [General permissions](general-permissions.md)
 
 ## Embedding and sharing with public links