From 0c0d5992e0755afe3efcbfd11bcdc4ad40289be6 Mon Sep 17 00:00:00 2001
From: Billy Tat <btat@suse.com>
Date: Wed, 22 Apr 2026 14:22:17 -0700
Subject: [PATCH] Sync Product PR #744 (Add security warning for Cluster
 Members on Cluster and Project Roles page)

---
 .../cluster-and-project-roles.md                       | 10 ++++++++--
 .../cluster-and-project-roles.md                       | 10 ++++++++--
 .../cluster-and-project-roles.md                       | 10 ++++++++--
 .../cluster-and-project-roles.md                       | 10 ++++++++--
 .../cluster-and-project-roles.md                       | 10 ++++++++--
 .../cluster-and-project-roles.md                       | 10 ++++++++--
 6 files changed, 48 insertions(+), 12 deletions(-)

diff --git a/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md
index 8d4c6dd8ad9..47321abc2f3 100644
--- a/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md
+++ b/docs/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md
@@ -31,11 +31,17 @@ _Cluster roles_ are roles that you can assign to users, granting them access to
 
 - **Cluster Owner:**
 
-    These users have full control over the cluster and all resources in it.
+  These users have full control over the cluster and all resources in it.
 
 - **Cluster Member:**
 
-    These users can view most cluster level resources and create new projects.
+  These users can view most cluster level resources and create new projects.
+
+  :::warning
+  
+  When a Cluster Member creates a project, the user is automatically assigned [Project Owner privileges](#project-roles). This grants them comprehensive control over the project and its associated resources, including permissions to deploy workloads. Without enforced [Pod Security Standards (PSS) and Pod Security Admission (PSA)](../pod-security-standards.md), a Cluster Member is able to execute privileged containers in the cluster.
+  
+  :::
 
 #### Custom Cluster Roles
 
diff --git a/versioned_docs/version-2.10/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md b/versioned_docs/version-2.10/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md
index 22aab5d5cac..314082c771e 100644
--- a/versioned_docs/version-2.10/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md
+++ b/versioned_docs/version-2.10/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md
@@ -31,11 +31,17 @@ _Cluster roles_ are roles that you can assign to users, granting them access to
 
 - **Cluster Owner:**
 
-    These users have full control over the cluster and all resources in it.
+  These users have full control over the cluster and all resources in it.
 
 - **Cluster Member:**
 
-    These users can view most cluster level resources and create new projects.
+  These users can view most cluster level resources and create new projects.
+
+  :::warning
+  
+  When a Cluster Member creates a project, the user is automatically assigned [Project Owner privileges](#project-roles). This grants them comprehensive control over the project and its associated resources, including permissions to deploy workloads. Without enforced [Pod Security Standards (PSS) and Pod Security Admission (PSA)](../pod-security-standards.md), a Cluster Member is able to execute privileged containers in the cluster.
+  
+  :::
 
 #### Custom Cluster Roles
 
diff --git a/versioned_docs/version-2.11/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md b/versioned_docs/version-2.11/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md
index 22aab5d5cac..314082c771e 100644
--- a/versioned_docs/version-2.11/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md
+++ b/versioned_docs/version-2.11/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md
@@ -31,11 +31,17 @@ _Cluster roles_ are roles that you can assign to users, granting them access to
 
 - **Cluster Owner:**
 
-    These users have full control over the cluster and all resources in it.
+  These users have full control over the cluster and all resources in it.
 
 - **Cluster Member:**
 
-    These users can view most cluster level resources and create new projects.
+  These users can view most cluster level resources and create new projects.
+
+  :::warning
+  
+  When a Cluster Member creates a project, the user is automatically assigned [Project Owner privileges](#project-roles). This grants them comprehensive control over the project and its associated resources, including permissions to deploy workloads. Without enforced [Pod Security Standards (PSS) and Pod Security Admission (PSA)](../pod-security-standards.md), a Cluster Member is able to execute privileged containers in the cluster.
+  
+  :::
 
 #### Custom Cluster Roles
 
diff --git a/versioned_docs/version-2.12/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md b/versioned_docs/version-2.12/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md
index c896b2ebf16..8136db0fd84 100644
--- a/versioned_docs/version-2.12/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md
+++ b/versioned_docs/version-2.12/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md
@@ -31,11 +31,17 @@ _Cluster roles_ are roles that you can assign to users, granting them access to
 
 - **Cluster Owner:**
 
-    These users have full control over the cluster and all resources in it.
+  These users have full control over the cluster and all resources in it.
 
 - **Cluster Member:**
 
-    These users can view most cluster level resources and create new projects.
+  These users can view most cluster level resources and create new projects.
+
+  :::warning
+  
+  When a Cluster Member creates a project, the user is automatically assigned [Project Owner privileges](#project-roles). This grants them comprehensive control over the project and its associated resources, including permissions to deploy workloads. Without enforced [Pod Security Standards (PSS) and Pod Security Admission (PSA)](../pod-security-standards.md), a Cluster Member is able to execute privileged containers in the cluster.
+  
+  :::
 
 #### Custom Cluster Roles
 
diff --git a/versioned_docs/version-2.13/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md b/versioned_docs/version-2.13/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md
index 8d4c6dd8ad9..47321abc2f3 100644
--- a/versioned_docs/version-2.13/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md
+++ b/versioned_docs/version-2.13/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md
@@ -31,11 +31,17 @@ _Cluster roles_ are roles that you can assign to users, granting them access to
 
 - **Cluster Owner:**
 
-    These users have full control over the cluster and all resources in it.
+  These users have full control over the cluster and all resources in it.
 
 - **Cluster Member:**
 
-    These users can view most cluster level resources and create new projects.
+  These users can view most cluster level resources and create new projects.
+
+  :::warning
+  
+  When a Cluster Member creates a project, the user is automatically assigned [Project Owner privileges](#project-roles). This grants them comprehensive control over the project and its associated resources, including permissions to deploy workloads. Without enforced [Pod Security Standards (PSS) and Pod Security Admission (PSA)](../pod-security-standards.md), a Cluster Member is able to execute privileged containers in the cluster.
+  
+  :::
 
 #### Custom Cluster Roles
 
diff --git a/versioned_docs/version-2.14/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md b/versioned_docs/version-2.14/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md
index 8d4c6dd8ad9..47321abc2f3 100644
--- a/versioned_docs/version-2.14/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md
+++ b/versioned_docs/version-2.14/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md
@@ -31,11 +31,17 @@ _Cluster roles_ are roles that you can assign to users, granting them access to
 
 - **Cluster Owner:**
 
-    These users have full control over the cluster and all resources in it.
+  These users have full control over the cluster and all resources in it.
 
 - **Cluster Member:**
 
-    These users can view most cluster level resources and create new projects.
+  These users can view most cluster level resources and create new projects.
+
+  :::warning
+  
+  When a Cluster Member creates a project, the user is automatically assigned [Project Owner privileges](#project-roles). This grants them comprehensive control over the project and its associated resources, including permissions to deploy workloads. Without enforced [Pod Security Standards (PSS) and Pod Security Admission (PSA)](../pod-security-standards.md), a Cluster Member is able to execute privileged containers in the cluster.
+  
+  :::
 
 #### Custom Cluster Roles