diff --git a/_monitoring-plugins/alerting/security.md b/_monitoring-plugins/alerting/security.md
index 24242055..659b1e52 100644
--- a/_monitoring-plugins/alerting/security.md
+++ b/_monitoring-plugins/alerting/security.md
@@ -31,9 +31,9 @@ Later, the user `psantos` wants to edit the monitor to run every two hours, but
 
 After making the change, the monitor now runs with the same permissions as `psantos`, including any [document-level security]({{site.url}}{{site.baseurl}}/security-plugin/access-control/document-level-security/) queries, [excluded fields]({{site.url}}{{site.baseurl}}/security-plugin/access-control/field-level-security/), and [masked fields]({{site.url}}{{site.baseurl}}/security-plugin/access-control/field-masking/). If you use an extraction query to define your monitor, use the **Run** button to ensure that the response includes the fields you need.
 
-Once a monitor is created, the Alerting plugin will continue executing the monitor, even if the user who created the monitor has write access permissions removed. To stop a monitor, a user with at least `alerting_write_access` permissions must manually disable or delete the monitor. This rule applies to all types of monitors, regardless of destination or any other setting.
+Once a monitor is created, the Alerting plugin will continue executing the monitor, even if the user who created the monitor has permissions removed. To stop a monitor, a user with the correct cluster permissions must manually disable or delete the monitor. To disable a monitor, the user must have `cluster:admin/opendistro/alerting/monitor/write`, and to delete a monitor, the user must have `cluster:admin/opendistro/alerting/monitor/delete`. This rule applies to all types of monitors.
 
-If your monitor's trigger has alerts configured, the Alerting plugin continues to send out alerts regardless of destination type. To stop alerts, the trigger's action must be manually deleted or disabled.
+If your monitor's trigger has notifications configured, the Alerting plugin continues to send out notifications regardless of destination type. To stop notifications, a user must manually delete them in the trigger's actions.
 
 ## (Advanced) Limit access by backend role