diff --git a/changelog/seqera-cloud/v26.2.0_cycle61.md b/changelog/seqera-cloud/v26.2.0_cycle61.md
new file mode 100644
index 000000000..5e5332619
--- /dev/null
+++ b/changelog/seqera-cloud/v26.2.0_cycle61.md
@@ -0,0 +1,11 @@
+---
+title: Seqera Cloud v26.2.0_cycle61
+date: 2026-06-30
+tags: [seqera cloud]
+---
+
+## Feature updates and improvements
+
+### Data explorer
+
+- Separated Data Explorer data-link record permissions from file object permissions with the new `data_link_object` grant. Workspace members with **View**, **Connect**, or **Launch** roles can now download files and generate download URLs from data-links. Upload and delete file operations remain restricted to **Maintain** and above.
diff --git a/platform-cloud/docs/orgs-and-teams/custom-roles.md b/platform-cloud/docs/orgs-and-teams/custom-roles.md
index f14df2ba0..225b413ee 100644
--- a/platform-cloud/docs/orgs-and-teams/custom-roles.md
+++ b/platform-cloud/docs/orgs-and-teams/custom-roles.md
@@ -65,26 +65,26 @@ Individual permissions grant read, write, execute, admin, or delete access for e
 | Permission | Description | API endpoint |
 |------------|-------------|--------------|
 | **data_link:read** | List all data-links (cloud buckets) | `GET /data-links` |
-|  | Browse data-link contents | `GET /data-links/{dataLinkId}/browse` |
-|  | Browse data-link contents at the given path | `GET /data-links/{dataLinkId}/browse/{path}` |
 |  | View data-link details | `GET /data-links/{dataLinkId}` |
 |  | Resolve data-link cloud-scheme URLs | _(Used by Platform)_ |
 | **data_link:write** | Refresh data-link cache | `GET /data-links/cache/refresh` |
+|  | Create a custom data-link | `POST /data-links` |
+|  | Edit data-link metadata | `PUT /data-links/{dataLinkId}` |
+| **data_link:delete** | Remove a data-link from workspace | `DELETE /data-links/{dataLinkId}` |
+| **data_link:admin** | Hide data-links | _(Used by Platform)_ |
+|  | Show data-links | _(Used by Platform)_ |
+| **data_link_object:read** | Browse data-link contents | `GET /data-links/{dataLinkId}/browse` |
+|  | Browse data-link contents at the given path | `GET /data-links/{dataLinkId}/browse/{path}` |
 |  | Browse data-link directory tree | `GET /data-links/{dataLinkId}/browse-tree` |
 |  | Download files from data-link | `GET /data-links/{dataLinkId}/download/{filePath}` |
 |  | Generate download URL for data-link files | `GET /data-links/{dataLinkId}/generate-download-url` |
 |  | Generate download script | `GET /data-links/{dataLinkId}/script/download` |
-|  | Upload files to data-link | `POST /data-links/{dataLinkId}/upload` |
+|  | Sign data-link URLs for batch access | _(Used by Platform)_ |
+| **data_link_object:write** | Upload files to data-link | `POST /data-links/{dataLinkId}/upload` |
 |  | Upload files to data-link at the given path | `POST /data-links/{dataLinkId}/upload/{dirPath}` |
 |  | Complete file upload to data-link | `POST /data-links/{dataLinkId}/upload/finish` |
 |  | Complete file upload to data-link at the given path | `POST /data-links/{dataLinkId}/upload/finish/{dirPath}` |
-|  | Create a custom data-link | `POST /data-links` |
-|  | Edit data-link metadata | `PUT /data-links/{dataLinkId}` |
-|  | Sign data-link URLs for batch access | _(Used by Platform)_ |
-| **data_link:delete** | Delete files from data-link | `DELETE /data-links/{dataLinkId}/content` |
-|  | Remove a data-link from workspace | `DELETE /data-links/{dataLinkId}` |
-| **data_link:admin** | Hide data-links | _(Used by Platform)_ |
-|  | Show data-links | _(Used by Platform)_ |
+| **data_link_object:delete** | Delete files from data-link | `DELETE /data-links/{dataLinkId}/content` |
 | **dataset:read** | List datasets (legacy endpoint) | `GET /workspaces/{workspaceId}/datasets` |
 |  | List workspace dataset versions (legacy endpoint) | `GET /workspaces/{workspaceId}/datasets/versions` |
 |  | List dataset versions (legacy endpoint) | `GET /workspaces/{workspaceId}/datasets/{datasetId}/versions` |
diff --git a/platform-cloud/docs/orgs-and-teams/roles.md b/platform-cloud/docs/orgs-and-teams/roles.md
index 68e35980c..8e9a67787 100644
--- a/platform-cloud/docs/orgs-and-teams/roles.md
+++ b/platform-cloud/docs/orgs-and-teams/roles.md
@@ -71,6 +71,9 @@ The following table shows which operations are available to the default workspac
 | **data_link:write**            | ✅     | ✅     | ✅        | ❌      | ❌       | ❌      |
 | **data_link:delete**           | ✅     | ✅     | ✅        | ❌      | ❌       | ❌      |
 | **data_link:admin**            | ✅     | ✅     | ✅        | ❌      | ❌       | ❌      |
+| **data_link_object:read**      | ✅     | ✅     | ✅        | ✅      | ✅       | ✅      |
+| **data_link_object:write**     | ✅     | ✅     | ✅        | ❌      | ❌       | ❌      |
+| **data_link_object:delete**    | ✅     | ✅     | ✅        | ❌      | ❌       | ❌      |
 | **dataset:read**               | ✅     | ✅     | ✅        | ✅      | ✅       | ✅      |
 | **dataset:write**              | ✅     | ✅     | ✅        | ✅      | ❌       | ❌      |
 | **dataset:delete**             | ✅     | ✅     | ✅        | ❌      | ❌       | ❌      |