add note for UA role change

Author: markwahl-msft

articles/active-directory/governance/entitlement-management-catalog-create.md

@@ -29,6 +29,9 @@ A catalog is a container of resources and access packages. You create a catalog
 
 **Prerequisite role:** Global administrator, Identity Governance administrator, User administrator, or Catalog creator
 
+> [!NOTE]
+> The ability for a user in the user administrator to create catalogs or manage access packages in a catalog they do not own will be removed. If users in your organization have been using membership of this role for configuring catalogs, access packages or policies in entitlement management, please assign the **Identity Governance administrator** role to those users.
+
 1. In the Azure portal, click **Azure Active Directory** and then click **Identity Governance**.
 
 1. In the left menu, click **Catalogs**.

articles/active-directory/governance/entitlement-management-delegate.md

@@ -115,7 +115,10 @@ The following table lists the tasks that the entitlement management roles can do
 
 ## Required roles to add resources to a catalog
 
-A Global administrator can add or remove any group (cloud-created security groups or cloud-created Microsoft 365 Groups), application, or SharePoint Online site in a catalog. A User administrator can add or remove any group or application in a catalog, except for a group configured as assignable to a directory role. Note that a user administrator can manage access packages in a catalog that includes groups configured as assignable to a directory role.  For more information on role-assignable groups, reference [Create a role-assignable group in Azure Active Directory](../roles/groups-create-eligible.md).
+A Global administrator can add or remove any group (cloud-created security groups or cloud-created Microsoft 365 Groups), application, or SharePoint Online site in a catalog. A User administrator can add or remove any group or application in a catalog, except for a group configured as assignable to a directory role.  For more information on role-assignable groups, reference [Create a role-assignable group in Azure Active Directory](../roles/groups-create-eligible.md).
+
+> [!NOTE]
+> The ability for a user in the user administrator to create catalogs or manage access packages in a catalog they do not own will be removed. If users in your organization have been using membership of this role for configuring catalogs, access packages or policies in entitlement management, please assign the **Identity Governance administrator** role to those users.
 
 For a user who isn't a global administrator, to add groups, applications, or SharePoint Online sites to a catalog, that user must have *both* an Azure AD directory role or ownership of the resource, and a and catalog owner entitlement management role for the catalog. The following table lists the role combinations that are required to add resources to a catalog. To remove resources from a catalog, you must have the same roles.