Merge branch 'jrandazzo-master-patch-1781' into 'master'

Add a warning to consider permissions when added to lower base roles See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/143457 Merged-by: Jon Glassman <jglassman@gitlab.com> Approved-by: Jon Glassman <jglassman@gitlab.com> Approved-by: Rohit Shambhuni <rshambhuni@gitlab.com> Co-authored-by: Joe Randazzo <jrandazzo@gitlab.com>

Merge branch 'jrandazzo-master-patch-1781' into 'master'
6bd85d1f · Jon Glassman · GitLab · 48abfb6b · 87b42e8b · 6bd85d1f
--- a/doc/user/custom_roles.md
+++ b/doc/user/custom_roles.md
@@ -30,6 +30,9 @@ Most custom roles are considered [billable users that use a seat](#billing-and-s

 For more information on available permissions, see [custom permissions](custom_roles/abilities.md).

+WARNING:
+Depending on the permissions added to a lower base role such as Guest, a user with a custom role might be able to perform actions that are usually restricted to the Maintainer role or higher. For example, if a custom role is Guest plus managing CI/CD variables, a user with this role can manage CI/CD variables added by other Maintainers or Owners for that group or project.
+
 ## Create a custom role

 You create a custom role by adding [permissions](#available-permissions) to a base role.