diff --git a/docs/reference/transform/setup.asciidoc b/docs/reference/transform/setup.asciidoc
index 1d54af930824..7b81de5db3d6 100644
--- a/docs/reference/transform/setup.asciidoc
+++ b/docs/reference/transform/setup.asciidoc
@@ -5,39 +5,97 @@
Setup
++++
-To use the {transforms}, you must have the
-{subscriptions}[appropriate license] and at least one
-<> in your {es} cluster. If {stack}
-{security-features} are enabled, you must also ensure your users have the
-<>.
-
[discrete]
-[[transform-setup-nodes]]
-== {transform-cap} nodes
+[[requirements-overview]]
+== Requirements overview
-To use {transforms}, there must be at least one {transform} node in your cluster.
-If you want to control which nodes run {transforms}, add or remove `transform`
-from the `node.roles` setting on some nodes. For more information, see
-<> and <>.
+To use {transforms}, you must have:
+
+* at least one <>,
+* management features visible in the {kib} space, and
+* security privileges that:
++
+--
+* grant use of {transforms}, and
+* grant access to source and destination indices
+--
[discrete]
[[transform-privileges]]
== Security privileges
-The {es} {security-features} provide <>
-and <> that make it easier to control
-which users can manage or view {transforms}.
+Assigning security privileges affects how users access {transforms}. Consider
+the two main categories:
-To _view_ the configuration and status of {transforms}, you must have:
+* *<>*: uses an {es} client, cURL, or {kib}
+**{dev-tools-app}** to access {transforms} via {es} APIs. This scenario requires
+{es} security privileges.
+* *<>*: uses {transforms} in {kib}. This
+scenario requires {kib} feature privileges _and_ {es} security privileges.
-* `transform_user` built-in role or `monitor_transform`
-cluster privileges
+[discrete]
+[[transform-es-security-privileges]]
+=== {es} API user
-To _manage_ {transforms}, you must have:
+To _manage_ {transforms}, you must meet all of the following requirements:
-* `transform_admin` built-in role or `manage_transform`
-cluster privileges
-* `read` and `view_index_metadata` index privileges on source indices
-* `read`, `create_index`, and `index` index privileges on destination indices
+* `transform_admin` built-in role or `manage_transform` cluster privileges,
+* `read` and `view_index_metadata` index privileges on source indices, and
+* `create_index`, `index`, `manage`, and `read` index privileges on destination
+indices
-For more information, see <> and <>.
+To view only the configuration and status of {transforms}, you must have:
+
+* `transform_user` built-in role or `monitor_transform` cluster privileges
+
+For more information about {es} roles and privileges, refer to
+<> and <>.
+
+[discrete]
+[[transform-kib-security-privileges]]
+=== {kib} user
+
+Within a {kib} space, for full access to {transforms}, you must meet all of the
+following requirements:
+
+* Management features visible in the {kib} space, including
+`Data View Management` and `Stack Monitoring`,
+* `monitoring_user` built-in role,
+* `transform_admin` built-in role or `manage_transform` cluster privileges,
+* `kibana_admin` built-in role or a custom role with `read` or `all` {kib}
+privileges for the `Data View Management` feature (dependent on whether data
+views already exist for your destination indices),
+* data views for your source indices,
+* `read` and `view_index_metadata` index privileges on source indices, and
+* `create_index`, `index`, `manage`, and `read` index privileges on destination
+indices
+
+Within a {kib} space, for read-only access to {transforms}, you must meet all of
+the following requirements:
+
+* Management features visible in the {kib} space, including `Stack Monitoring`,
+* `monitoring_user` built-in role,
+* `transform_user` built-in role or `monitor_transform` cluster privileges,
+* `kibana_admin` built-in role or a custom role with `read` {kib} privileges
+for at least one feature in the space,
+* data views for your source and destination indices, and
+* `read`, and `view_index_metadata` index privileges on source indices and
+destination indices
+
+For more information and {kib} security features, see
+{kibana-ref}/kibana-role-management.html[{kib} role management] and
+{kibana-ref}/kibana-privileges.html[{kib} privileges].
+
+
+[discrete]
+[[transform-kib-spaces]]
+== {kib} spaces
+
+{kibana-ref}/xpack-spaces.html[Spaces] enable you to organize your source and
+destination indices and other saved objects in {kib} and to see only the objects
+that belong to your space. However, this limited scope does not apply to
+{transforms}; they are visible in all spaces.
+
+To successfully create {transforms} in {kib}, you must be logged into a space
+where the source indices are visible and the `Data View Management` and
+`Stack Monitoring` features are visible.
\ No newline at end of file
diff --git a/x-pack/docs/en/security/authorization/built-in-roles.asciidoc b/x-pack/docs/en/security/authorization/built-in-roles.asciidoc
index 415b6bdd00f4..4f589d50bafb 100644
--- a/x-pack/docs/en/security/authorization/built-in-roles.asciidoc
+++ b/x-pack/docs/en/security/authorization/built-in-roles.asciidoc
@@ -184,8 +184,8 @@ Grants `manage_transform` cluster privileges, which enable you to manage
{kibana-ref}/kibana-privileges.html[Kibana privileges] for the {ml-features}.
[[built-in-roles-transform-user]] `transform_user`::
-Grants `monitor_transform` cluster privileges, which enable you to use
-{transforms}. This role also includes all
+Grants `monitor_transform` cluster privileges, which enable you to perform
+read-only operations related to {transforms}. This role also includes all
{kibana-ref}/kibana-privileges.html[Kibana privileges] for the {ml-features}.
[[built-in-roles-transport-client]] `transport_client`::