diff --git a/guides/common/modules/proc_assigning-a-host-to-a-specific-location.adoc b/guides/common/modules/proc_assigning-a-host-to-a-specific-location.adoc
index bae42dd2dc2..85594aaad64 100644
--- a/guides/common/modules/proc_assigning-a-host-to-a-specific-location.adoc
+++ b/guides/common/modules/proc_assigning-a-host-to-a-specific-location.adoc
@@ -6,6 +6,10 @@
 [role="_abstract"]
 Use this procedure to assign a host to a specific location.
 
+.Prerequisites
+* Your user account has the `assign_locations` permission.
+* You belong to the location that you want to assign to the host.
+
 .Procedure
 . In the {ProjectWebUI}, navigate to *Hosts* > *All Hosts*.
 . Select the checkbox of the host you want to change.
diff --git a/guides/common/modules/proc_assigning-a-host-to-a-specific-organization.adoc b/guides/common/modules/proc_assigning-a-host-to-a-specific-organization.adoc
index 6e8da224b51..97591811a9a 100644
--- a/guides/common/modules/proc_assigning-a-host-to-a-specific-organization.adoc
+++ b/guides/common/modules/proc_assigning-a-host-to-a-specific-organization.adoc
@@ -13,6 +13,10 @@ To unregister the host, run `subscription-manager unregister` on the host.
 After you assign the host to a new organization, you can re-register the host.
 ====
 
+.Prerequisites
+* Your user account has the `assign_organizations` permission.
+* You belong to the organization that you want to assign to the host.
+
 .Procedure
 . In the {ProjectWebUI}, navigate to *Hosts* > *All Hosts*.
 . Select the checkbox of the host you want to change.
diff --git a/guides/common/modules/proc_creating-a-user.adoc b/guides/common/modules/proc_creating-a-user.adoc
index 2b8a4487157..0c93cdd5a66 100644
--- a/guides/common/modules/proc_creating-a-user.adoc
+++ b/guides/common/modules/proc_creating-a-user.adoc
@@ -7,6 +7,9 @@ Use this procedure to create a user.
 ifndef::rest-api[]
 To use the CLI instead of the {ProjectWebUI}, see the xref:cli-creating-a-user_{context}[].
 
+Users are strictly confined to their assigned organizations and locations.
+Users can only access and assign resources within the organizations and locations they belong to.
+
 .Procedure
 . In the {ProjectWebUI}, navigate to *Administer* > *Users*.
 . Click *Create User*.
@@ -19,13 +22,10 @@ The user account details that you can specify include the following:
 ** *INTERNAL*: to manage the user inside {ProjectServer}.
 ** *EXTERNAL*: to manage the user with external authentication.
 For more information, see {ConfiguringUserAuthenticationDocURL}[_{ConfiguringUserAuthenticationDocTitle}_].
-* On the *Organizations* tab, select an organization for the user.
+* On the *Organizations* tab, select organizations for the user.
 Specify the default organization {Project} selects for the user after login from the *Default on login* list.
-+
-[IMPORTANT]
-====
-If a user is not assigned to an organization, their access is limited.
-====
+* On the *Locations* tab, select locations for the user.
+Specify the default location {Project} selects for the user after login from the *Default on login* list.
 
 [id="cli-creating-a-user_{context}"]
 .CLI procedure
@@ -38,12 +38,13 @@ $ hammer user create \
 --login _My_User_Name_ \
 --mail _My_User_Mail_ \
 --organization-ids _My_Organization_ID_1_,_My_Organization_ID_2_ \
+--location-ids _My_Location_ID_1_,_My_Location_ID_2_ \
 --password _My_User_Password_
 ----
 +
 The `--auth-source-id 1` setting means that the user is authenticated internally, you can specify an external authentication source as an alternative.
 Add the `--admin` option to grant administrator privileges to the user.
-Specifying organization IDs is not required.
+Specifying organization IDs and location IDs is not required.
 +
 You can modify the user details later by using the `hammer user update` command.
 
diff --git a/guides/common/modules/proc_enabling-capsule-in-UI.adoc b/guides/common/modules/proc_enabling-capsule-in-UI.adoc
index 6caa3947b9a..0b6c41bca8f 100644
--- a/guides/common/modules/proc_enabling-capsule-in-UI.adoc
+++ b/guides/common/modules/proc_enabling-capsule-in-UI.adoc
@@ -13,6 +13,10 @@ To enable the inventory upload, synchronize SSH keys for both {SmartProxies}.
 ====
 endif::[]
 
+.Prerequisites
+* Your user account has the `assign_organizations` and `assign_locations` permissions.
+* You belong to the organization and location that you want to assign to the {SmartProxy}.
+
 .Procedure
 
 . Log into the {ProjectWebUI}.
diff --git a/guides/common/modules/ref_permissions-required-to-provision-hosts.adoc b/guides/common/modules/ref_permissions-required-to-provision-hosts.adoc
index 106defc8c04..f545bfbc8d2 100644
--- a/guides/common/modules/ref_permissions-required-to-provision-hosts.adoc
+++ b/guides/common/modules/ref_permissions-required-to-provision-hosts.adoc
@@ -67,9 +67,12 @@ ifdef::katello,orcharhino,satellite[]
 |
 endif::[]
 
-|Location
+.2+|Location
 |view_locations
 |
+|assign_locations
+|Required to assign locations to hosts or other resources.
+You can only assign locations that you belong to.
 
 |Medium
 |view_media
@@ -79,9 +82,12 @@ endif::[]
 |view_operatingsystems
 |
 
-|Organization
+.2+|Organization
 |view_organizations
 |
+|assign_organizations
+|Required to assign organizations to hosts or other resources.
+You can only assign organizations that you belong to.
 
 |Parameter
 |view_params, create_params, edit_params, destroy_params