diff --git a/config/_default/menus/main.en.yaml b/config/_default/menus/main.en.yaml
index 7b8f1907fac..e40d6d0cd0a 100644
--- a/config/_default/menus/main.en.yaml
+++ b/config/_default/menus/main.en.yaml
@@ -6310,6 +6310,16 @@ menu:
       parent: feature_flags_concepts
       identifier: feature_flags_history
       weight: 306
+    - name: Permissions and Access Control
+      url: feature_flags/concepts/permissions
+      parent: feature_flags_concepts
+      identifier: feature_flags_concepts_permissions
+      weight: 320
+    - name: Approvals
+      url: feature_flags/concepts/approvals
+      parent: feature_flags_concepts
+      identifier: feature_flags_concepts_approvals
+      weight: 321
     - name: MCP Server
       url: feature_flags/feature_flag_mcp_server
       parent: feature_flags
diff --git a/content/en/feature_flags/concepts/approvals.md b/content/en/feature_flags/concepts/approvals.md
new file mode 100644
index 00000000000..80b9ca59dbd
--- /dev/null
+++ b/content/en/feature_flags/concepts/approvals.md
@@ -0,0 +1,66 @@
+---
+title: Approvals
+description: Require approvals before feature flag changes apply in production environments.
+further_reading:
+- link: "/feature_flags/concepts/permissions"
+  tag: "Documentation"
+  text: "Permissions and Access Control"
+- link: "/feature_flags/concepts/environments"
+  tag: "Documentation"
+  text: "Environments"
+---
+
+## Overview
+
+Approvals help you control what changes are made to feature flags and by whom. In addition to [granular access control](/feature_flags/concepts/permissions/), you can require approvals for changes to certain flags or production environments before those changes take effect.
+
+## Require approvals on an environment
+
+1. Mark the environment as a [production environment](/feature_flags/concepts/environments/#production-environments).
+2. Navigate to **Feature Flags > Settings > Environments**.
+3. Select the environment and enable the option to require approvals.
+
+After you enable approvals, subsequent changes that impact application behavior in that environment require approval from a user with edit access to the flag. Examples include:
+
+- Enabling or disabling the flag
+- Modifying targeting rules
+- Archiving the flag
+
+## Require approvals on a feature flag
+
+### New flag
+
+When creating a flag, toggle **Require approval on changes to this flag for all production environments** to enable approvals for that flag in every production environment.
+
+### Existing flag
+
+1. Navigate to your flag's details page.
+2. Open **Settings > Approvals**.
+3. Toggle **Require approval on changes to this flag for all production environments**.
+
+## Approval workflow
+
+### Submit changes for review
+
+When you make a change that requires approval, a **Submit Changes For Review** modal appears. The modal prompts you to:
+
+- Enter a description of the change
+- Select a notification channel (for example Slack or Microsoft Teams) for the approval request
+
+You can delete a pending change after creating it if you need to modify the submission.
+
+### Approve or reject
+
+Approvers see a diff, a description of the change, and the affected environment. They can approve or reject the change.
+
+<div class="alert alert-warning">
+Approving a change <strong>applies the change automatically</strong>.
+</div>
+
+## Find flags with pending approvals
+
+On the Feature Flags search page, toggle the **Pending Approvals** filter to view flags with changes awaiting approval.
+
+## Further reading
+
+{{< partial name="whats-next/whats-next.html" >}}
diff --git a/content/en/feature_flags/concepts/permissions.md b/content/en/feature_flags/concepts/permissions.md
new file mode 100644
index 00000000000..a6eeeb8e9a6
--- /dev/null
+++ b/content/en/feature_flags/concepts/permissions.md
@@ -0,0 +1,47 @@
+---
+title: Permissions and Access Control
+description: Control who can read and write feature flags and environments in Datadog.
+further_reading:
+- link: "/feature_flags/concepts/approvals"
+  tag: "Documentation"
+  text: "Approvals"
+- link: "/account_management/rbac/"
+  tag: "Documentation"
+  text: "Role Based Access Control"
+---
+
+## Overview
+
+Datadog Feature Flags supports organization-level permissions and granular access controls on individual flags. Use these controls to limit who can view or change flag configuration and environments.
+
+## Organization-level permissions
+
+Control access at the organization level with the following permissions:
+
+| Permission | Description |
+|------------|-------------|
+| **Feature Flag Config Read** | View feature flag configuration |
+| **Feature Flag Config Write** | Create and modify feature flag configuration |
+| **Feature Flag Environment Config Read** | View environment configuration |
+| **Feature Flag Environment Config Write** | Create and modify environments |
+
+Assign these permissions through [Datadog roles](/account_management/rbac/).
+
+## Granular access on individual flags
+
+Restrict edit access on a specific flag by selecting **Settings > Permissions** on the flag details page:
+
+{{< img src="getting_started/feature_flags/flag-grace-modal.png" alt="Flag Grace modal on the feature flag settings page for choosing who can edit the flag." style="width:100%;" >}}
+
+You can limit edit access to:
+
+- Individual users
+- Service accounts
+- Roles
+- Teams
+
+Users without edit access can still view the flag if they have read permissions at the organization level.
+
+## Further reading
+
+{{< partial name="whats-next/whats-next.html" >}}
diff --git a/static/images/getting_started/feature_flags/flag-grace-modal.png b/static/images/getting_started/feature_flags/flag-grace-modal.png
new file mode 100644
index 00000000000..1b2bb858f67
Binary files /dev/null and b/static/images/getting_started/feature_flags/flag-grace-modal.png differ