diff --git a/docs/source/_includes/available_permission_types.rst b/docs/source/_includes/available_permission_types.rst
index 051ad9b12..db662374a 100644
--- a/docs/source/_includes/available_permission_types.rst
+++ b/docs/source/_includes/available_permission_types.rst
@@ -56,6 +56,8 @@ Global
 +----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+
 | **execution_views_filters_list** | Ability view all the distinct execution filters.                                                                                                          |
 +----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+
+| **key_value_pair_list**          | Ability to list (view all) Key-Value Pairs.                                                                                                               |
++----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+
 | **webhook_list**                 | Ability to list (view all) webhooks.                                                                                                                      |
 +----------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------+
 | **timer_list**                   | Ability to list (view all) timers.                                                                                                                        |
@@ -223,15 +225,19 @@ Api Key
 Key Value Pair
 ~~~~~~~~~~~~~~
 
-+---------------------------+-----------------------------------------------+
-| Permission name           | Description                                   |
-+===========================+===============================================+
-| **key_value_pair_view**   | Ability to view Key-Value Pairs.              |
-+---------------------------+-----------------------------------------------+
-| **key_value_pair_set**    | Ability to set a Key-Value Pair.              |
-+---------------------------+-----------------------------------------------+
-| **key_value_pair_delete** | Ability to delete an existing Key-Value Pair. |
-+---------------------------+-----------------------------------------------+
++---------------------------+----------------------------------------------------------------------+
+| Permission name           | Description                                                          |
++===========================+======================================================================+
+| **key_value_pair_list**   | Ability to list (view all) Key-Value Pairs.                          |
++---------------------------+----------------------------------------------------------------------+
+| **key_value_pair_view**   | Ability to view Key-Value Pairs.                                     |
++---------------------------+----------------------------------------------------------------------+
+| **key_value_pair_set**    | Ability to set a Key-Value Pair.                                     |
++---------------------------+----------------------------------------------------------------------+
+| **key_value_pair_delete** | Ability to delete an existing Key-Value Pair.                        |
++---------------------------+----------------------------------------------------------------------+
+| **key_value_pair_all**    | Ability to perform all the supported operations on a Key-Value Pair. |
++---------------------------+----------------------------------------------------------------------+
 
 Rule
 ~~~~
diff --git a/docs/source/_includes/runner_parameters/quick_reference.rst b/docs/source/_includes/runner_parameters/quick_reference.rst
index 1950f5e23..b224a491d 100644
--- a/docs/source/_includes/runner_parameters/quick_reference.rst
+++ b/docs/source/_includes/runner_parameters/quick_reference.rst
@@ -1,4 +1,4 @@
-.. table:: 
+.. table::
 
     +--------------+-------------------+---------------------+-------------------+---------------------+---------------------+---------------------+---------------------+
     |    Runner    |  local-shell-cmd  | local-shell-script  | remote-shell-cmd  | remote-shell-script |      winrm-cmd      |    winrm-ps-cmd     |   winrm-ps-script   |
diff --git a/docs/source/rbac.rst b/docs/source/rbac.rst
index 530754f98..c0a5ee618 100644
--- a/docs/source/rbac.rst
+++ b/docs/source/rbac.rst
@@ -138,11 +138,15 @@ Permission grants can be applied to the following resource types:
 * executions
 * webhooks
 * inquiries
+* key value pairs
+
+.. note::
+    The support of key value pairs is only available in |st2| v3.7.0 and above.
 
 A resource is identified by a ``uid``, and referenced as such in permission grants. UID is an
 identifier which is unique for each resource in the |st2| installation. UIDs follow this format:
 ``<resource type>:<resource specific identifier value>`` (e.g. ``pack:libcloud``,
-``action:libcloud:list_vms``, etc.).
+``action:libcloud:list_vms``, ``key_value_pair:st2kv.system:key1``, ``key_value_pair:st2kv.user:key2`` etc.).
 
 You can retrieve the UID of a particular resource by listing all the resources of a particular
 type or by retrieving details of a single resource using either API or CLI.
@@ -227,7 +231,6 @@ There are some exceptions, described below:
 ``/aliasexecutions/``) using hubot is the |st2| user that is configured in hubot
 (``ST2_AUTH_USERNAME`` - by default that is ``chatops_bot``).
 
-
 Enabling RBAC
 -------------
 
@@ -310,6 +313,37 @@ In the example above we assign two roles to the user named ``user4``:
 * ``role_one`` (a custom role which needs to be defined as described above) and
 * ``observer`` (system role).
 
+Key Value Pairs
+~~~~~~~~~~~~~~~
+
+.. note::
+    This functionality is only available in |st2| v3.7.0 and above.
+
+Users with admin and system_admin roles have all access to system scoped KVPs. In v3.6.0
+and before, users with admin role have full access to other users' KVPs. This behavior is
+unchanged.
+
+By default, a user has access to his/her own user scoped KVPs without requiring specific
+permission grants. A non-admin user by default cannot access system scoped KVPs or other
+users' KVPs. A non-admin user can be explicitly granted permission to one or more system
+scoped KVPs similar to how access to other resources are granted to users. Currently, 
+there is no option or plan to grant non-admin user access to another user's set of KVPs. 
+
+The following is an example to assign a ``system scoped`` KVP to a role. 
+Create ``/opt/stackstorm/rbac/roles/key1_write_role.yaml`` with the
+following content. Assign this role to a user and then apply the RBAC definitions.
+
+.. sourcecode:: yaml
+
+    ---
+    name: key1_write_role
+    description: Role that allow users to set system key1
+    enabled: true
+    permission_grants:
+        - resource_uid: "key_value_pair:st2kv.system:key1"
+          permission_types:
+            - "key_value_pair_set"
+
 Applying RBAC Definitions
 -------------------------