elastic · jrodewig · Mar 15, 2021 · Mar 3, 2021 · Mar 10, 2021 · Mar 10, 2021
diff --git a/docs/reference/autoscaling/apis/delete-autoscaling-policy.asciidoc b/docs/reference/autoscaling/apis/delete-autoscaling-policy.asciidoc
@@ -37,9 +37,12 @@ DELETE /_autoscaling/policy/<name>
 [[autoscaling-delete-autoscaling-policy-prereqs]]
 ==== {api-prereq-title}
 
-* If the {es} {security-features} are enabled, you must have
-`manage_autoscaling` cluster privileges. For more information, see
-<<security-privileges>>.
+* If the {es} {security-features} are enabled, you must have the
+`manage_autoscaling` <<privileges-list-cluster,cluster privilege>> to use this
+API.
+
+* If the <<operator-privileges,{operator-feature}>> is enabled, only operator
+users can use this API.
 
 [[autoscaling-delete-autoscaling-policy-desc]]
 ==== {api-description-title}

diff --git a/docs/reference/autoscaling/apis/put-autoscaling-policy.asciidoc b/docs/reference/autoscaling/apis/put-autoscaling-policy.asciidoc
@@ -39,9 +39,12 @@ DELETE /_autoscaling/policy/name
 [[autoscaling-put-autoscaling-policy-prereqs]]
 ==== {api-prereq-title}
 
-* If the {es} {security-features} are enabled, you must have
-`manage_autoscaling` cluster privileges. For more information, see
-<<security-privileges>>.
+* If the {es} {security-features} are enabled, you must have the
+`manage_autoscaling` <<privileges-list-cluster,cluster privilege>> to use this
+API.
+
+* If the <<operator-privileges,{operator-feature}>> is enabled, only operator
+users can use this API.
 
 [[autoscaling-put-autoscaling-policy-desc]]
 ==== {api-description-title}

diff --git a/docs/reference/cluster/voting-exclusions.asciidoc b/docs/reference/cluster/voting-exclusions.asciidoc
@@ -23,6 +23,9 @@ Adds or removes master-eligible nodes from the
 * If the {es} {security-features} are enabled, you must have the `manage`
 <<privileges-list-cluster,cluster privilege>> to use this API.
 
+* If the <<operator-privileges,{operator-feature}>> is enabled, only operator
+users can use this API.
+
 [[voting-config-exclusions-api-desc]]
 ==== {api-description-title}
 

diff --git a/docs/reference/licensing/delete-license.asciidoc b/docs/reference/licensing/delete-license.asciidoc
@@ -20,12 +20,14 @@ When your license expires, {xpack} operates in a degraded mode.  For more
 information, see
 {kibana-ref}/managing-licenses.html#license-expiration[License expiration].
 
-[discrete]
-==== Authorization
+[[delete-license-api-prereqs]]
+==== {api-prereq-title}
+
+* If the {es} {security-features} are enabled, you must have the `manage`
+<<privileges-list-cluster,cluster privilege>> to use this API.
 
-You must have `manage` cluster privileges to use this API.
-For more information, see
-<<security-privileges>>.
+* If the <<operator-privileges,{operator-feature}>> is enabled, only operator
+users can use this API.
 
 [discrete]
 ==== Examples

diff --git a/docs/reference/licensing/update-license.asciidoc b/docs/reference/licensing/update-license.asciidoc
@@ -18,13 +18,16 @@ Updates the license for your {es} cluster.
 [[update-license-api-prereqs]]
 ==== {api-prereq-title}
 
-If {es} {security-features} are enabled, you need `manage` cluster privileges to
-install the license.
+* If {es} {security-features} are enabled, you need `manage`
+<<privileges-list-cluster,cluster privilege>> to install the license.
 
-If {es} {security-features} are enabled and you are installing a gold or higher
+* If {es} {security-features} are enabled and you are installing a gold or higher
 license, you must enable TLS on the transport networking layer before you
 install the license. See <<configuring-tls>>.
 
+* If the <<operator-privileges,{operator-feature}>> is enabled, only operator
+users can use this API.
+
 [[update-license-api-desc]]
 ==== {api-description-title}
 

diff --git a/docs/reference/snapshot-restore/apis/repo-analysis-api.asciidoc b/docs/reference/snapshot-restore/apis/repo-analysis-api.asciidoc
@@ -32,6 +32,16 @@ POST /_snapshot/my_repository/_analyze?blob_count=10&max_blob_size=1mb&timeout=1
 
 `POST /_snapshot/<repository>/_analyze`
 
+[[repo-analysis-api-prereqs]]
+==== {api-prereq-title}
+
+* If the {es} {security-features} are enabled, you must have the `manage`
+<<privileges-list-cluster,cluster privilege>> to use this API. For more
+information, see <<security-privileges>>.
+
+* If the <<operator-privileges,{operator-feature}>> is enabled, only operator
+users can use this API.
+
 [[repo-analysis-api-desc]]
 ==== {api-description-title}
 

diff --git a/x-pack/docs/en/security/using-ip-filtering.asciidoc b/x-pack/docs/en/security/using-ip-filtering.asciidoc
@@ -17,7 +17,9 @@ NOTE: Elasticsearch installations are not designed to be publicly accessible
 === Enabling IP filtering
 
 The {es} {security-features} contain an access control feature that allows or
-rejects hosts, domains, or subnets.
+rejects hosts, domains, or subnets. If the
+<<operator-privileges,{operator-feature}>> is enabled, only operator users can
+update these settings.
 
 You configure IP filtering by specifying the `xpack.security.transport.filter.allow` and
 `xpack.security.transport.filter.deny` settings in `elasticsearch.yml`. Allow rules