diff --git a/docs/roles-and-permissions-architecture.md b/docs/roles-and-permissions-architecture.md
index 5b930a7..dbf2353 100644
--- a/docs/roles-and-permissions-architecture.md
+++ b/docs/roles-and-permissions-architecture.md
@@ -2002,6 +2002,8 @@ Users and Members are separate entities that can be linked. Special rules:
 - A user cannot link themselves to an existing member
 - A user CAN create a new member and be directly linked to it (self-service)
 
+**Enforcement:** The User resource restricts the `update_user` action (which accepts the `member` argument for link/unlink) to admins only via `Mv.Authorization.Checks.ActorIsAdmin`. The UserLive.Form shows the Member-Linking UI and runs member link/unlink on save only when the current user is admin; non-admins use the `:update` action (email only) for profile edit.
+
 ### Approach: Separate Ash Actions
 
 We use **different Ash actions** to enforce different policies: