diff --git a/content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise.md b/content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise.md
index c2b8fc0310..885099a0fd 100644
--- a/content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise.md
+++ b/content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise.md
@@ -39,6 +39,8 @@ You can enforce policies to manage the use of code security and analysis feature
 
 Across all organizations owned by your enterprise, you can allow members with admin permissions for repositories to enable or disable {% data variables.product.prodname_dependabot_alerts %} and change {% data variables.product.prodname_dependabot_alerts %} settings.
 
+{% data reusables.enterprise.role-permission-hierarchy %}
+
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.policies-tab %}
 {% data reusables.enterprise-accounts.code-security-and-analysis-policies %}
@@ -52,6 +54,8 @@ Across all organizations owned by your enterprise, you can allow members with ad
 
 {% data reusables.advanced-security.about-ghas-organization-policy %}
 
+{% data reusables.enterprise.role-permission-hierarchy %}
+
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.policies-tab %}{% ifversion security-feature-enablement-policies %}
 {% data reusables.enterprise-accounts.code-security-and-analysis-policies %}{% else %}
@@ -79,6 +83,8 @@ Across all of your enterprise's organizations, you can allow or disallow people
 
 Across all of your enterprise's organizations, you can allow or disallow people with admin access to repositories to manage and configure {% data variables.product.prodname_secret_scanning %} for the repositories. {% data reusables.advanced-security.ghas-must-be-enabled %}
 
+{% data reusables.enterprise.role-permission-hierarchy %}
+
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.policies-tab %}
 {% data reusables.enterprise-accounts.code-security-and-analysis-policies %}
diff --git a/content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise.md b/content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise.md
index be51205717..96c06c6da7 100644
--- a/content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise.md
+++ b/content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise.md
@@ -80,6 +80,8 @@ You can use a SSH certificate authorities (CA) to allow members of any organizat
 
 If you require SSH certificates for your enterprise, enterprise members should use a special URL for Git operations over SSH. For more information, see "[AUTOTITLE](/organizations/managing-git-access-to-your-organizations-repositories/about-ssh-certificate-authorities#about-ssh-urls-with-ssh-certificates)."
 
+ {% data reusables.enterprise.certificate-authority-usage %}
+
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.settings-tab %}
 {% data reusables.enterprise-accounts.security-tab %}
diff --git a/content/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities.md b/content/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities.md
index 1e8196a69e..467f697836 100644
--- a/content/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities.md
+++ b/content/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities.md
@@ -25,6 +25,8 @@ You can allow members to access your organization's repositories using SSH certi
 
 If you require SSH certificates for your enterprise, enterprise members should use a special URL for Git operations over SSH. For more information, see "[AUTOTITLE](/organizations/managing-git-access-to-your-organizations-repositories/about-ssh-certificate-authorities#about-ssh-urls-with-ssh-certificates)."
 
+{% data reusables.enterprise.certificate-authority-usage %}
+
 {% data reusables.profile.access_org %}
 {% data reusables.profile.org_settings %}
 {% data reusables.organizations.security %}
diff --git a/data/reusables/enterprise/certificate-authority-usage.md b/data/reusables/enterprise/certificate-authority-usage.md
new file mode 100644
index 0000000000..cfa16d3192
--- /dev/null
+++ b/data/reusables/enterprise/certificate-authority-usage.md
@@ -0,0 +1 @@
+Each certificate authority can only be uploaded to one account on {% data variables.product.prodname_dotcom_the_website %}. If an SSH certificate authority has been added to an organization or enterprise account, you cannot add the same certificate authority to another organization or enterprise account on {% data variables.product.prodname_dotcom_the_website %}.
\ No newline at end of file
diff --git a/data/reusables/enterprise/role-permission-hierarchy.md b/data/reusables/enterprise/role-permission-hierarchy.md
new file mode 100644
index 0000000000..a60f960827
--- /dev/null
+++ b/data/reusables/enterprise/role-permission-hierarchy.md
@@ -0,0 +1,5 @@
+{% note %}
+
+**Note:** This policy only impacts repository administrators, specifically. Organization owners and security managers can always enable security features, regardless of how you set this policy. For more information, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization)."
+
+{% endnote %}
\ No newline at end of file