diff --git a/modules/security/partials/iam-policies.adoc b/modules/security/partials/iam-policies.adoc
index fafb8f8e1..3f2f4c92c 100644
--- a/modules/security/partials/iam-policies.adoc
+++ b/modules/security/partials/iam-policies.adoc
@@ -529,7 +529,7 @@ When you run `rpk cloud byoc gcp apply` to create a BYOC cluster, you grant IAM
 
 [NOTE]
 ====
-* This page lists the IAM permissions Redpanda requires to create xref:get-started:cluster-types/byoc/gcp/create-byoc-cluster-gcp.adoc[BYOC clusters]. This does _not_ pertain to permissions for  xref:get-started:cluster-types/byoc/gcp/vpc-byo-gcp.adoc[BYOVPC clusters]. 
+* This page lists the IAM permissions the Redpanda agent service account uses to manage xref:get-started:cluster-types/byoc/gcp/create-byoc-cluster-gcp.adoc[BYOC cluster] resources. These are not the permissions your GCP account needs to run the initial Terraform bootstrap. This does _not_ pertain to permissions for xref:get-started:cluster-types/byoc/gcp/vpc-byo-gcp.adoc[BYOVPC clusters].
 * No IAM permissions are required for Redpanda Cloud users. IAM policies do not grant user access to a cluster; rather, they grant the deployed Redpanda agent access, so that brokers can communicate with the BYOC clusters. 
 ====